HP-UX Directory Server Administrator Guide HP-UX Directory Server Version 8.1 (5900-3098, May 2013)

ManualsBrandsHP ManualsSoftwareHP-UX Directory Server

251

252

253

254

255

256

257

258

259

260

Instead, use a fully qualified name:

dns = "legend.eng.example.com";

The dns keyword allows wildcards. For example:

dns = "*.example.com";

The bind rule is evaluated to be true if the client accessing the directory is located in the named

domain. This can be useful for allowing access only from a specific domain. Wildcards will not

work if your system uses a naming service other than DNS. In such a case, if you want to restrict

access to a particular domain, use the ip keyword, as described in “Defining access from a specific

IP address” (page 251).

6.4.8 Defining access at a specific time of day or day of week

You can use bind rules to specify that binding can only occur at a certain time of day or on a

certain day of the week. For example, you can set a rule that allows access only if it is between

the hours of 8 a.m. and 5 p.m. Monday through Friday. The time used to evaluate access rights

is the time on the Directory Server, not the time on the client.

The LDIF syntax for setting a bind rule based on the time of day is as follows:

timeofday operator time

Where operator can be one of the following symbols:

= Equal to

!= Not equal to

> Greater than

>= Greater than or equal to

< Less than

<= Less than or equal to

The timeofday keyword requires a time of day expressed in hours and minutes in the 24 hour

clock (0 to 2359).

NOTE:

The time on the Directory Server is used for the evaluation, not the time on the client.

The LDIF syntax for setting a bind rule based on the day in the week is as follows:

dayofweek = "day1, day2 ...

The possible values for the dayofweek keyword are the English three-letter abbreviations for the

days of the week: sun, mon, tue, wed, thu, fri, sat.

6.4.8.1 Examples

The following are examples of the timeofday and dayofweek syntax:

• The bind rule is evaluated to be true if the client is accessing the directory at noon.

timeofday = "1200";

• The bind rule is evaluated to be true if the client is accessing the directory at any time other

than 1 a.m.

timeofday != "0100";

• The bind rule is evaluated to be true if the client is accessing the directory at any time after 8

a.m.

timeofday > "0800";

• The bind rule is evaluated to be true if the client is accessing the directory at any time before

6 p.m.

252 Managing Access Control