Appendix D. OpenLDAP Access Control

<What> Element

The <what> element uses a DN string or one of the common authorization groups

You can form the <what> element in two ways. First, the asterisk * by itself indicates all the entries in the directory. Second, you can use a DN string. By default, the DN string is evaluated with regex pattern matching. For example, dn=".*,ou=People, dc=Mycompany,dc=com" would match all entries subordinate to the People OU in the Mycompany directory. Instead of using regex to evaluate the DN string, you can choose several other evaluation options (which OpenLDAP calls target styles) that closely correspond to the basic LDAP search scopes. These evaluation options include base, one, subtree, and children. Each of these ...

Get LDAP Directories Explained: An Introduction and Analysis now with O’Reilly online learning.

O’Reilly members experience live online training, plus books, videos, and digital content from 200+ publishers.