Table of Contents
Advertisement
Bind Rules
This example is based on DN matching. However, you can match any attribute of
the entry used in the bind with the targeted entry. For example, you could create an
ACI that allowed any user whose
entries of other users that have the same value for
Using the userattr Keyword
The
userattr
between the entry used to bind and the targeted entry. You can specify:
•
A user DN
•
A group DN
•
A role DN
•
An LDAP filter, in an LDAP URL
•
Any attribute type
The LDIF syntax of the
userattr = "attrName#bindType"
or, if you are using an attribute type that requires a value other than a user DN,
group DN, role DN, or an LDAP filter:
userattr = "attrName#attrValue"
where:
•
attrName
•
bindType
•
attrValue
The following sections provide examples of the
various possible bind types.
Example with USERDN Bind Type
The following is an example of the
based on the user DN:
userattr = "manager#USERDN"
The bind rule is evaluated to be true if the bind DN matches the value of the
manager
to modify employees' attributes. This mechanism only works if the
attribute in the targeted entry is expressed as a full DN.
214
Netscape Directory Server Administrator's Guide • May 2002
keyword can be used to specify which attribute values must match
userattr
is the name of the attribute used for value matching
is one of
USERDN,GROUPDN,LDAPURL
is any string representing an attribute value
attribute in the targeted entry. You can use this to allow a user's manager
attribute is "beer" to read all the
favoriteDrink
favoriteDrink
keyword is as follows:
userattr
keyword associated with a bind
userattr
.
keyword with the
manager
Advertisement
Table of Contents
Need help?
Do you have a question about the NETSCAPE DIRECTORY SERVER 6.02 - ADMINISTRATOR and is the answer not in the manual?
Questions and answers