Creating Acis From The Console - Netscape DIRECTORY SERVER 6.02 - ADMINISTRATOR Administrator's Manual

Creating ACIs From the Console

(groupdn = "ldap:///cn=administrators,dc=example,dc=com" or groupdn
= "ldap:///cn=mail administrators,dc=example,dc=com" and dns =
"*.example.com";)
The trailing semicolon (;) is a required delimiter that must appear after the final
bind rule.
Boolean expressions are evaluated in the following order:
• Innermost to outermost parenthetical expressions first
• All expressions from left to right
• NOT before AND or OR operators
The Boolean
Consider the following Boolean bind rules:
(bind_rule_A) OR (bind_rule_B)
(bind_rule_B) OR (bind_rule_A)
Because Boolean expressions are evaluated from left to right, in the first case, bind
rule A is evaluated before bind rule B, and in the second case, bind rule B is
evaluated before bind rule A.
However, the Boolean
Thus, in the following example:
(bind_rule_A) AND NOT (bind_rule_B)
bind rule B is evaluated before bind rule A despite the left-to-right rule.
Creating ACIs From the Console
You can use the Directory Server Console to view, create, edit, and delete access
control instructions for your directory. This section provides general instructions
for:
• Displaying the Access Control Editor
• Viewing Current ACIs
• Creating a New ACI
• Editing an ACI
• Deleting an ACI
224 Netscape Directory Server Administrator's Guide • May 2002
and Boolean operators have no order of precedence.
OR AND
is evaluated before the Boolean
NOT
and Boolean .
OR AND