userattr Keyword
The userattr keyword specifies which attribute values in the entry that was used to bind must match those in the targeted entry. The userattr keyword can be used for the following attributes:
-
User DN
-
Group DN
-
Role DN
-
LDAP filter, in an LDAP URL
-
Any attribute type
An attribute generated by a Class of Service (CoS) definition cannot be used with the userattr keyword. ACIs that contain bind rules that depend on attribute values generated by CoS will not work.
The userattr keyword uses this syntax:
userattr = "attrName#bindType"
Alternatively, if you are using an attribute type that requires a value other than a user DN, group DN, role DN, or an LDAP filter, the userattr keyword uses this syntax:
userattr = "attrName#attrValue"
The userattr keyword can have one of the following values:
- attrName
-
The name of the attribute used for value matching
- bindType
-
One of the following types of bind: USERDN,GROUPDN,ROLEDN,LDAPURL
- attrValue
-
Any string that represents an attribute value
- © 2010, Oracle Corporation and/or its affiliates