Creating ACIs ManuallyChapter 6 Managing Access Control 197You can target multiple attributes by using the targetattr keyword with thefollowing syntax:(targetattr = "attribute1 || attribute2 ... || attributen")Where attribute is the name of the attribute you want to target.For example, to target the common name attribute you would use:(targetattr = "cn")To target an entry’s common name, surname, and uid attributes, you would usethe following:(targetattr = "cn || sn || uid")The attributes specified in the targetattr keyword apply to the entry that the ACIis targeting, and to all the entries below it. That is, if you target the passwordattribute on the entry uid=bjensen,ou=Marketing,dc=example,dc=com, only thepassword attribute on the bjensen entry is affected by the ACI because it is a leafentry.If, however, you target the tree’s branch pointou=Marketing,dc=example,dc=com, then all the entries beneath the branch pointthat can contain a password attribute are affected by the ACI.Targeting Both an Entry and AttributesBy default, the entry targeted by an ACI containing a targetattr keyword is theentry on which the ACI is placed. That is, if you put the ACIaci: (targetattr = "uid")(access_control_rules;)on the ou=Marketing, dc=example,dc=com entry, then the ACI applies to theentire Marketing subtree. However, you can also explicitly specify a target usingthe target keyword as follows:aci: (target="ldap:///ou=Marketing,dc=example,dc=com")(targetattr="uid") (access_control_rules;)The order in which you specify the target and the targetattr keywords is notimportant.Targeting Entries or Attributes Using LDAP FiltersYou can use LDAP filters to target a group of entries that match certain criteria. Todo this, you must use the targetfilter keyword with an LDAP filter.The syntax of the targetfilter keyword is:(targetfilter = "LDAP_filter")