Regular Expressions in Distinguished Names

You can specify a DN that contains a regular expression to indicate a set of entries. This is useful when configuring access control, for example, but not when specifying a naming context. The Admin Console does not prevent you from entering a regular expression in any DN, but you should use wildcards only where it is appropriate. See the regex(1F) man page for information about regular expressions.

You can specify a regular expression for the distinguished name of an entry. For example, the regular expression dn="cn=Joe Smith, ou=.*, o=XYZ, c=US" specifies the set of entries for people called Joe Smith in the whole of the XYZ Corporation.

You can also use a DN-based regular expression to specify a set of values for an attribute whose values are DNs. For example, you can grant write access to a distribution list entry to any person whose DN is a value of the member attribute, using the regular expression member="dn=.*".