Self Access (Self Keyword); Parent Access (Parent Keyword); Ldap Urls; Wildcards - Netscape DIRECTORY SERVER 6.2 - ADMINISTRATOR Administrator's Manual

Bind Rules

Self Access (self Keyword)

Specifies that users are granted or denied access to their own entries. In this case,
access is granted or denied if the bind DN matches the DN of the targeted entry.
From the Server Console, you set up self access on the Access Control Editor.
For more information, see "Creating ACIs From the Console," on page 231.

Parent Access (parent Keyword)

Specifies that users are granted or denied access to the entry only if their bind DN
is the parent of the targeted entry.
You cannot set up parent access control using the Server Console.

LDAP URLs

You can dynamically target users in ACIs using a URL with a filter as follows:
userdn = "ldap:///<suffix>??sub?(filter)"
For example, all users in the accounting and engineering branches of the
example.com
dynamically based on the following URL:
userdn = "ldap:///dc=example,dc=com??sub?(|(ou=engineering)
(ou=accounting))"
NOTE
For more information about LDAP URLs, see Appendix C, "LDAP URLs."

Wildcards

You can also specify a set of users by using the wildcard character (*). For example,
specifying a user DN of
with a bind DN beginning with the letter
based on the permissions you set.
From the Server Console, you set user access from the Access Control Editor.
For more information, see "Creating ACIs From the Console," on page 231.

Examples

This section contains examples of the
216 Netscape Directory Server Administrator's Guide • December 2003
tree would be granted or denied access to the targeted resource
Do not specify a hostname or port number within the LDAP URL.
LDAP URLs always apply to the local server.
uid=u*,dc=example,dc=com
indicates that only users
will be allowed or denied access
u
syntax.
userdn