''
identifier, matching any entry, the keyword self matching the
entry protected by the access, or by a regular expression matching an
entry's distinguished name:
The who part identifies the entity or entities being granted
access. Note that access is granted to entities not
entries. Entities can be specified by the special ``''
identifier, matching any entry, the keyword self matching the
entry protected by the access, or by a regular expression matching an
entry's distinguished name:
dn=regular expressionNote that the DN pattern specified should be ``normalized'', meaning that there should be no extra spaces, and commas should be used to separate components.
Otherwise, entities can be specified by a regular expression matching the client's IP address or domain name:
addr=regular expression domain=regular expressionor by an entry listed in a DN-valued attribute in the entry to which the access applies:
dnattr=dn-valued attribute nameThe dnattr specification is used to give access to an entry whose DN is listed in an attribute of the entry (for example, give access to a group entry to whoever is listed as the owner of the group entry).