Table of Contents
Advertisement
Bind Rules
authmethod = "ssl";
The bind rule is evaluated to be true if the client authenticates to the directory
using a certificate over LDAPS. This is not evaluated to be true if the client
authenticates using simple authentication (bind DN and password) over ldaps.
authmethod = "sasl DIGEST-MD5";
The bind rule is evaluated to be true if the client is accessing the directory using
the SASL DIGEST-MD5 mechanism. The other supported SASL mechanism is
EXTERNAL.
Using Boolean Bind Rules
Bind rules can be complex expressions that use the Boolean expressions
and
NOT
create Boolean bind rules. You must create an LDIF statement.
The LDIF syntax for a Boolean bind rule is as follows:
bind_rule [boolean][bind_rule][boolean][bind_rule]...;)
For example, the following bind rule will be evaluated to be true if the bind DN is a
member of either the administrator's group or the mail administrator's group, and
if the client is running from within the
(groupdn = "ldap:///cn=administrators,dc=example,dc=com" or groupdn
= "ldap:///cn=mail administrators,dc=example,dc=com" and dns =
"*.example.com";)
The trailing semicolon (;) is a required delimiter that must appear after the final
bind rule.
Boolean expressions are evaluated in the following order:
•
Innermost to outermost parenthetical expressions first
•
All expressions from left to right
•
NOT before AND or OR operators
The Boolean
Consider the following Boolean bind rules:
(bind_rule_A) OR (bind_rule_B)
(bind_rule_B) OR (bind_rule_A)
228
Netscape Directory Server Administrator's Guide • August 2002
to set very precise access rules. You cannot use the Server Console to
and Boolean
OR
AND
domain:
example.com
operators have no order of precedence.
,
,
AND
OR
Advertisement
Table of Contents
Troubleshooting
Need help?
Do you have a question about the NETSCAPE DIRECTORY SERVER 6.1 - ADMINISTRATOR and is the answer not in the manual?
Questions and answers