Bind rules can be complex expressions that use the Boolean expressions AND, OR, and NOT to set precise access rules. Boolean bind rules use this syntax:
(bindRuleA and (bindRuleB or (bindRuleC and bindRuleD));)
Parentheses defines the order in which rules are evaluated, and a trailing semicolon must appear after the final rule.
The bind rule is true if both of the following conditions are met:
The bind DN client is accessed from within the example.com domain
The bind DN client is a member of either the administrators group or the bind DN client a member of both the mail administrators and calendar administrators groups
(dns = "*.example.com" and (groupdn = "ldap:///cn=administrators, dc=example,dc=com" or (groupdn = "ldap:///cn=mail administrators, dc=example,dc=com" and groupdn = "ldap:///cn=calendar administrators, dc=example,dc=com"));)