authzSyntax
Used to represent authorization rules, e.g. for authzTo, authzFrom attributeTypes, and for the idassert-authzFrom configuration parameter of slapd-ldap(5) and slapd-meta(5).
Legal values are:
-
*: any user, excluding anonymous
-
<DN>: a valid DN
-
dn[.{exact|children|subtree|onelevel}]:{*|<DN>}:
a valid DN with optional tree scope specification
-
dn.regex:<pattern>:
a regex(7) pattern on the DN
-
u[.mech[/realm]]:<ID>:
a SASL identity, with optional mechanism and realm
-
group[/<groupClass>[/<memberAttr>]]:<DN>:
group membership
-
<URL>:
an internal search described by a valid LDAP URL; the scheme must be
ldap://;
the host[:port],
attrs
and exts
portions must be absent.
|
OpenLDAP Faq-O-Matic : 
.7