Table of Contents
Advertisement
You cannot set up authentication-based bind rules through the Access Control
Editor.
The LDIF syntax for setting a bind rule based on an authentication method is as
follows:
authmethod = "authentication_method"
where
authentication_method
Examples
The following are examples of the
authmethod = "none";
Authentication is not checked during bind rule evaluation.
authmethod = "simple";
The bind rule is evaluated to be true if the client is accessing the directory using
a username and password.
authmethod = "ssl";
The bind rule is evaluated to be true if the client authenticates to the directory
using a certificate over LDAPS. This is not evaluated to be true if the client
authenticates using simple authentication (bind DN and password) over ldaps.
authmethod = "sasl DIGEST-MD5";
The bind rule is evaluated to be true if the client is accessing the directory using
the SASL DIGEST-MD5 mechanism. The other supported SASL mechanism is
EXTERNAL.
Using Boolean Bind Rules
Bind rules can be complex expressions that use the Boolean expressions
and
to set very precise access rules. You cannot use the Server Console to
NOT
create Boolean bind rules. You must create an LDIF statement.
The LDIF syntax for a Boolean bind rule is as follows:
bind_rule [boolean][bind_rule][boolean][bind_rule]...;)
For example, the following bind rule will be evaluated to be true if the bind DN is a
member of either the administrator's group or the mail administrator's group, and
if the client is running from within the
is
,
,
, or
none
simple
ssl
authmethod
example.com
"sasl sasl_mechanism"
keyword:
domain:
Chapter 6
Managing Access Control
Bind Rules
.
,
,
AND
OR
223
Advertisement
Table of Contents
