The what part of an access specification determines the entries and attributes to which the access control applies. Entries can be selected by a regular expression matching the entry's distinguished name, as follows:
dn=regular expressionNote that the DN pattern specified should be ``normalized'', meaning that there should be no extra spaces, and commas should be used to separate components. An example normalized DN is ``cn=Liam Q Antbear,o=Antbear, Lucid & Popp,c=US''. An example of a non-normalized DN is ``cn =Liam Q Antbear; o=Antbear, Lucid & Popp, c=US''.
Attributes within an entry are selected by including a comma-separated list of attribute names in the what selector:
attrs=attribute listAccess to the entry itself must be granted or denied using the special attribute name entry. Note that giving access to an attribute is not enough; access to the entry itself through the entry attribute is also required. The complete examples given in ``Access control examples'' will clarify matters.