A target expression specifies the set of entries and/or attributes to which an access control rule applies. The keyword specifies the type of target element. The expression specifies the items that is targeted by the access control rule. The operator is either the equal ("=") or not-equal ("!="). Note that the "!=" operator cannot be used with targattrfilters and targetscope keywords. For specific examples on each target keyword, see the section Working with Targets.

            (keyword [=||!=]expression)
         

The following keywords are supported for use in the target portion of ACIs:

Target Keyword Description Wildcards
extop Specifies the OIDs for any extended operations to which the access control rule should apply. No
target Specifies the set of entries, identified using LDAP URLs, to which the access control rule applies. Yes
targattrfilters Identifies specific attribute values based on filters that may be added to or removed from entries to which the access control rule applies. Yes
targetattr Specifies the set of attributes to which the access control rule should apply. Yes
targetcontrol Specifies the OIDs for any request controls to which the access control rule should apply. No
targetfilter Specifies one or more search filters that may be used to indicate the set of entries to which the access control should apply. Yes
targetscope Specifies the scope of entries, relative to the defined target entries or the entry containing the ACI fi there is no target, to which the access control rule should apply. No