Use the extop
keyword to indicate whether a given extended request
operation can be used.
You can provide multiple OIDs by separating them with two pipe characters, optionally surrounded by spaces. When specifying extended request OIDs, wildcards are not allowed.
The following ACI example allows the uid=user-mgr
to use the password
modify request, OID=1.3.6.1.4.1.4203.1.11.1
, and the StartTLS,
OID=1.3.6.1.4.1.1466.20037
, which are extended request OIDs.
aci:(extop="1.3.6.1.4.1.4203.1.11.1 || 1.3.6.1.4.1.1466.20037")
(version 3.0; acl "Allows the mgr to use the Password Modify Request and StartTLS;
allow(read) userdn="ldap:///uid=user-mgr,ou=people,dc=example,dc=com";)