Appendix D. OpenLDAP Access Control

<What> Element

The <what> element uses a DN string or one of the common authorization groups

You can form the <what> element in two ways. First, the asterisk * by itself indicates all the entries in the directory. Second, you can use a DN string. By default, the DN string is evaluated with regex pattern matching. For example, dn=".*,ou=People, dc=Mycompany,dc=com" would match all entries subordinate to the People OU in the Mycompany directory. Instead of using regex to evaluate the DN string, you can choose several other evaluation options (which OpenLDAP calls target styles) that closely correspond to the basic LDAP search scopes. These evaluation options include base, one, subtree, and children. Each of these ...

Get LDAP Directories Explained: An Introduction and Analysis now with the O’Reilly learning platform.

O’Reilly members experience books, live events, courses curated by job role, and more from O’Reilly and nearly 200 top publishers.