O'Reilly logo

LDAP Directories Explained: An Introduction and Analysis by Brian Arkills

Stay ahead with the world's most comprehensive technology and business learning platform.

With Safari, you learn the way you learn best. Get unlimited access to videos, live online training, learning paths, books, tutorials, and more.

Start Free Trial

No credit card required

Appendix D. OpenLDAP Access Control

<What> Element

The <what> element uses a DN string or one of the common authorization groups

You can form the <what> element in two ways. First, the asterisk * by itself indicates all the entries in the directory. Second, you can use a DN string. By default, the DN string is evaluated with regex pattern matching. For example, dn=".*,ou=People, dc=Mycompany,dc=com" would match all entries subordinate to the People OU in the Mycompany directory. Instead of using regex to evaluate the DN string, you can choose several other evaluation options (which OpenLDAP calls target styles) that closely correspond to the basic LDAP search scopes. These evaluation options include base, one, subtree, and children. Each of these ...

With Safari, you learn the way you learn best. Get unlimited access to videos, live online training, learning paths, books, interactive tutorials, and more.

Start Free Trial

No credit card required