The Administration Guide has no examples of usage of the "targetattrfilters" ACI keyword. We simply mention what it can be used for with a very brief description. We should add some real examples to show how it is used. The DS source code has some explanation, but I think development will need to provide more details and examples for the docs: /* * Check to see if we need to evaluate any targetattrfilters. * They look as follows: * (targetattrfilters="add=sn:(sn=rob) && gn:(gn!=byrne), * del=sn:(sn=rob) && gn:(gn=byrne)") * * For ADD/DELETE: * If theres's a targetattrfilter then each add/del filter * that applies to an attribute in the entry, must be satisfied * by each value of the attribute in the entry. * * For MODIFY: * If there's a targetattrfilter then the add/del filter * must be satisfied by the attribute to be added/deleted. * (MODIFY acl is evaluated one value at a time). * * */
Note that https://access.redhat.com/site/documentation/en-US/Red_Hat_Directory_Server/9.0/html/Administration_Guide/Managing_Access_Control-Creating_ACIs_Manually.html#Creating_ACIs_Manually-Defining_Targets talks about "targattrfilters" and not "targetattrfilters" - this also makes it harder to find...
Reassigning to Tomas.
(In reply to Martin Kosek from comment #1) > https://access.redhat.com/site/documentation/en-US/Red_Hat_Directory_Server/ > 9.0/html/Administration_Guide/Managing_Access_Control-Creating_ACIs_Manually. > html#Creating_ACIs_Manually-Defining_Targets > > talks about "targattrfilters" and not "targetattrfilters" - this also makes > it harder to find... I replaced all occurrences of the incorrect keyword in the Admin Guide (DS-9, 10.1, and master branch).
The update is now available on the Customer Portal.