(Answer) (Category) OpenLDAP Faq-O-Matic : (Category) OpenLDAP Developer's FAQ : (Category) OpenLDAP OID Registry : (Category) .666 : (Category) .2 : (Answer) .7


Used to represent authorization rules, e.g. for authzTo, authzFrom attributeTypes, and for the idassert-authzFrom configuration parameter of slapd-ldap(5) and slapd-meta(5).

Legal values are:

  • *: any user, excluding anonymous
  • <DN>: a valid DN
  • dn[.{exact|children|subtree|onelevel}]:{*|<DN>}: a valid DN with optional tree scope specification
  • dn.regex:<pattern>: a regex(7) pattern on the DN
  • u[.mech[/realm]]:<ID>: a SASL identity, with optional mechanism and realm
  • group[/<groupClass>[/<memberAttr>]]:<DN>: group membership
  • <URL>: an internal search described by a valid LDAP URL; the scheme must be ldap://; the host[:port], attrs and exts portions must be absent.

[Append to This Answer]
Previous: (Answer) .6
This document is: http://www.openldap.org/faq/index.cgi?file=1254
[Search] [Appearance]
This is a Faq-O-Matic 2.721.test.
© Copyright 1998-2013, OpenLDAP Foundation, info@OpenLDAP.org