Table of Contents
Advertisement
Using Boolean Bind Rules
Bind rules can be complex expressions that use the Boolean expressions
and
to set very precise access rules. You cannot use the Server Console to
NOT
create Boolean bind rules. You must create an LDIF statement.
The LDIF syntax for a Boolean bind rule is as follows:
bind_rule [boolean][bind_rule][boolean][bind_rule]...;)
For example, the following bind rule will be evaluated to be true if the bind DN is a
member of either the administrator's group or the mail administrator's group, and
if the client is running from within the
(groupdn = "ldap:///cn=administrators,dc=example,dc=com" or groupdn
= "ldap:///cn=mail administrators,dc=example,dc=com" and dns =
"*.example.com";)
The trailing semicolon (;) is a required delimiter that must appear after the final
bind rule.
Boolean expressions are evaluated in the following order:
•
Innermost to outermost parenthetical expressions first
•
All expressions from left to right
•
NOT before AND or OR operators
The Boolean
and Boolean
OR
Consider the following Boolean bind rules:
(bind_rule_A) OR (bind_rule_B)
(bind_rule_B) OR (bind_rule_A)
Because Boolean expressions are evaluated from left to right, in the first case, bind
rule A is evaluated before bind rule B, and in the second case, bind rule B is
evaluated before bind rule A.
However, the Boolean
Thus, in the following example:
(bind_rule_A) AND NOT (bind_rule_B)
bind rule B is evaluated before bind rule A despite the left-to-right rule.
example.com
operators have no order of precedence.
AND
is evaluated before the Boolean
NOT
domain:
and Boolean
OR
Chapter 6
Managing Access Control
Bind Rules
,
,
AND
OR
.
AND
221
Advertisement
Table of Contents
Need help?
Do you have a question about the NETSCAPE DIRECTORY SERVER 6.01 - ADMINISTRATOR and is the answer not in the manual?
Questions and answers