SAS® Integration Technologies: Administrator's Guide (LDAP Version)
SAS® Integration Technologies: Administrator's Guide (LDAP Version)
SAS® Integration Technologies: Administrator's Guide (LDAP Version)
Create successful ePaper yourself
Turn your PDF publications into a flip-book with our unique Google optimized e-Paper software.
Specifying Bind Rules<br />
The bind rule lets you specify a bind condition under which the access control information (ACI) rule is applied. For<br />
example, you could specify that the ACI rule is applied only when a user binds to the directory using their<br />
distinguished name (DN).<br />
Note: ACI rules are supported only for the iPlanet (previously Netscape) <strong>LDAP</strong> server.<br />
Enter the bind rule in the Bind Rule field on the Specify ACI Rule window, using one of the following forms:<br />
keyword = expression<br />
The keyword and expression must match for the statement to be true.<br />
keyword != expression<br />
The keyword and expression must not match for the statement to be true.<br />
The possible keywords and expressions follow. For detailed information on specifying bind rules, see the iPlanet<br />
Directory Server <strong>Administrator's</strong> <strong>Guide</strong>.<br />
Note: Although bind rules are usually specified as ending with a semicolon, do not put a semicolon on the bind rules<br />
in this field. The Administrator application adds the semicolon automatically.<br />
userdn<br />
The expressions that you can use with this keyword are as follows:<br />
userdn = "ldap:///dn"<br />
Specify a distinguished name or a distinguished name pattern for dn. You may use an asterisk as a wildcard.<br />
The rule is true if the user binds using the specified distinguished name or pattern. For example, if you<br />
specified userdn = "ldap:///uid=*, o=Alphalite Airways" the expression is true if the user binds using<br />
uid=jrush, o=Alphalite Airways, but not if the user binds using uid=jrush, ou=sales, o=Alphalite Airways.<br />
userdn = "ldap:///self"<br />
The rule is true if the user is accessing the entry for the distinguished name that is used when binding to the<br />
directory. For example, a user that binds as uid=jrush, o=Alphalite Airways could access the uid=jrush object.<br />
userdn = "ldap:///all"<br />
The rule is true for any valid distinguished name that has successfully bound to the directory.<br />
userdn = "ldap:///anyone"<br />
The rule is true for anyone. This rule permits anonymous access to the directory.<br />
userdn = "ldap:///uid=dn || ldap:///uid=dn2"<br />
The rule is valid if the user binds using either of the specified distinguished names. Wildcards are not allowed.<br />
userdn = "ldap:///o=Alphalite Airways???(ou=sales)(ou=accounting)"<br />
The rule is valid if the user's distinguished name is under either ou=sales o=Alphalite Airways or<br />
ou=accounting o=Alphalite Airways.<br />
groupdn<br />
This keyword uses the following expression:<br />
groupdn = "ldap:///dn"<br />
Specifying Bind Rules 235