The roledn keyword specifies that access to a targeted entry is granted or denied if the user binds using a DN that belongs to a specific role. The roledn keyword requires one or more valid distinguished names, in this format:
roledn = "ldap:///dn [|| ldap:///dn]... [|| ldap:///dn]"
The bind rule is evaluated to be true if the bind DN belongs to the specified role.
Characters that are syntactically significant for a DN, such as commas, must be escaped with a single backslash (\).
The roledn keyword has the same syntax and is used in the same way as the groupdn keyword.