Examples; Defining Role Access - Roledn Keyword - Netscape DIRECTORY SERVER 6.2 - ADMINISTRATOR Administrator's Manual

The keyword requires one or more valid distinguished names in the
groupdn
following format :
groupdn="ldap:///dn [|| ldap:///dn]...[|| ldap:///dn]"
The bind rule is evaluated to be true if the bind DN belongs to the named group.
If a DN contains a comma, the comma must be escaped by a
NOTE
backslash (\).
From the Server Console, you can define specific groups using the Access
Control Editor. For more information, see "Creating ACIs From the Console," on
page 231.

Examples

This section contains examples of the
Groupdn keyword containing an LDAP URL:
groupdn = "ldap:///cn=Administrators,dc=example,dc=com";
The bind rule is evaluated to be true if the bind DN belongs to the Administrators
group. If you wanted to grant the Administrators group permission to write to
the entire directory tree, you would create the following ACI on the
dc=example,dc=com
aci: (version 3.0; acl "Administrators-write"; allow (write)
groupdn="ldap:///cn=Administrators,dc=example,dc=com";)
Groupdn keyword containing logical OR of LDAP URLs:
groupdn = "ldap:///cn=Administrators,dc=example,dc=com" ||
"ldap:///cn=Mail Administrators,dc=example,dc=com";
The bind rule is evaluated to be true if the bind DN belongs to either the
Administrators or the Mail Administrators group.

Defining Role Access - roledn Keyword

Members of a specific role can access a targeted resource. This is known as role
access. Role access is defined using the
targeted entry will be granted or denied if the user binds using a DN that belongs
to a specific role.
groupdn
node:
roledn
syntax.
keyword to specify that access to a
Chapter 6 Managing Access Control
Bind Rules
219