Netscape DIRECTORY SERVER 6.02 - ADMINISTRATOR Administrator's Manual page 197

This identifies the distinguished name of the entry to which the access control rule
applies. For example:
(target = "ldap:///uid=bjensen,dc=example,dc=com")
NOTE If the DN of the entry to which the access control rule applies
contains a comma, you must escape the comma with a single
backslash (\). For example:
(target="ldap:///uid=lfuentes,dc=example.com
Bolivia\,S.A.")
You can also use a wildcard when targeting a distinguished name using the
keyword. The wildcard indicates that any character or string or substring is a
match for the wildcard. Pattern matching is based on any other strings that have
been specified with the wildcard.
The following are legal examples of wildcard usage:
• (target="ldap:///uid=*,dc=example,dc=com")
Matches every entry in the entire
the entry's RDN.
• (target="ldap:///uid=*Anderson,dc=example,dc=com")
Matches every entry directly under the
in Anderson.
• (target="ldap:///uid=C*A,dc=example,dc=com")
Matches every entry directly under the
beginning with C and ending with A.
Depending on the position of the wildcard, it can apply to the full DN, not only to
attribute values. Therefore, the wildcard can be used as a substitute for portions of
the DN. For example,
entries in the entire
example.com
the entries that are immediately below the
words, this target matches with longer expressions such as
uid=andy,ou=eng,dc=example,dc=com
uid=andy,ou=marketing,dc=example,dc=com
example.com
uid=andy*,dc=example,dc=com
tree with a matching uid attribute, and not just
dc=example,dc=com
, or
tree that has the
node with a
example.com
node with a
example.com
targets all the directory
node. In other
.
Chapter 6 Managing Access Control
Creating ACIs Manually
target
attribute in
uid
ending
uid
uid
197