Table of Contents
Advertisement
Bind Rules
Wildcards
You can also specify a set of users by using the wildcard character (*). For example,
specifying a user DN of
with a bind DN beginning with the letter
on the permissions you set.
From the Server Console, you set user access from the Access Control Editor. For
more information, see "Creating ACIs From the Console," on page 224.
Examples
This section contains examples of the
Userdn keyword containing an LDAP URL:
userdn = "ldap:///uid=*,dc=example,dc=com";
The bind rule is evaluated to be true if the user binds to the directory using any
distinguished name of the specified pattern. For example, both of the following
bind DNs would be evaluated to be true:
uid=ssarette,dc=example,dc=com
uid=tjaz,ou=Accounting,dc=example,dc=com
whereas the following bind DN would be evaluated to be false:
cn=Babs Jensen,dc=example,dc=com
Userdn keyword containing logical OR of LDAP URLs:
userdn="ldap:///uid=bj,c=example.com ||
ldap:///uid=kc,dc=example,dc=com";
The bind rule is evaluated to be true if the client binds as either of the two supplied
distinguished names.
Userdn keyword excluding a specific LDAP URL:
userdn != "ldap:///uid=*,ou=Accounting,dc=example,dc=com";
The bind rule is evaluated to be true if the client is not binding as a UID-based
distinguished name in the accounting subtree. This bind rule only makes sense if
the targeted entry is not under the accounting branch of the directory tree.
Userdn keyword containing self keyword:
userdn = "ldap:///self";
210
Netscape Directory Server Administrator's Guide • May 2002
uid=u*,dc=example,dc=com
will be allowed or denied access based
u
userdn
indicates that only users
syntax.
Advertisement
Table of Contents
