HP UX Red Hat Direry Server Software manual Targeting Attributes

Chapter 6. Managing Access Control

(target="ldap:///uid=lfuentes,dc=example.com Bolivia\,S.A.").

Wildcards can be used when targeting a distinguished name using the target keyword. The wildcard indicates that any character or string or substring is a match for the wildcard. Pattern matching is based on any other strings that have been specified with the wildcard.

The following are legal examples of wildcard usage:

•(target="ldap:///uid=*,dc=example,dc=com") — Matches every entry in the entire example.com tree that has the uid attribute in the entry's RDN.

•(target="ldap:///uid=*Anderson,dc=example,dc=com") — Matches every entry directly under the example.com node with a uid ending in Anderson.

•(target="ldap:///uid=C*A,dc=example,dc=com") — Matches every entry directly under the example.com node with a uid beginning with C and ending with A.

•(target="ldap:///uid=*,dc=example,dc=com") — Matches every entry in the entire example.com tree that has the uid attribute in the entry's RDN.

•(target="ldap:///uid=*,ou=*,dc=example,dc=com") — Matches every entry in the example.com tree whose distinguished name contains the uid and ou attributes. Thus, uid=fchen,ou=Engineering,dc=example,dc=com or uid=claire,ou=Engineering,ou=people,dc=example,dc=com would match, but uid=bjensen,dc=example,dc=com ou=Engineering,dc=example,dc=com would not.

Depending on the position of the wildcard, it can apply to the full DN, not only to attribute values. Therefore, the wildcard can be used as a substitute for portions of the DN. For example, uid=andy*,dc=example,dc=com targets all the directory entries in the entire example.com tree with a matching uid attribute and not just the entries that are immediately below the dc=example,dc=com node. In other words, this target matches with longer expressions such as uid=andy,ou=eng,dc=example,dc=com or uid=andy,ou=marketing,dc=example,dc=com.

NOTE

You cannot use wildcards in the suffix part of a distinguished name. That is, if your directory uses the suffixes c=US and c=GB, then you cannot use (target="ldap:///dc=example,c=*") as a target to reference both suffixes. Neither can you use a target such as uid=bjensen,dc=*.com.

3.2.2. Targeting Attributes

In addition to targeting directory entries, you can also target one or more attributes included in

176