A target expression specifies the set of entries and attributes to which an access control rule applies.
A target expression has three components:
- Keyword
- The keyword specifies the type of target element.
- Expression
- The expression specifies the items that are targeted by the access control rule.
- Operator
- The operator is either equal,
=
, or not-equal,!=
.
You cannot use the !=
operator with the
targattrfilters
and targetscope
keywords.
For specific examples of each target keyword, see Working with Targets.
(keyword [=||!=]expression)
You can use the following keywords in the target portion of ACIs:
Target Keyword | Description | Wildcards |
---|---|---|
extop
|
Specifies the OIDs for any extended operations to which the access control rule should apply. |
No |
target
|
Specifies the set of entries, identified using LDAP URLs, to which the access control rule applies. |
Yes |
targattrfilters
|
Identifies specific attribute values based on filters that can be added to or removed from entries to which the access control rule applies. |
Yes |
targetattr
|
Specifies the set of attributes to which the access control rule should apply. |
Yes |
targetcontrol
|
Specifies the OIDs for any request controls to which the access control rule should apply. |
No |
targetfilter
|
Specifies one or more search filters that can be used to indicate the set of entries to which the access control should apply. |
Yes |
targetscope
|
Specifies the scope of entries, relative to the defined target entries or the entry containing the ACI if there is no target, to which the access control rule should apply. |
No |