Bind RulesChapter 6 Managing Access Control 221Example With LDAPURL Bind TypeThe following is an example of the userattr keyword associated with a bindbased on an LDAP filter:userattr = "myfilter#LDAPURL"The bind rule is evaluated to be true if the bind DN matches the filter specified inthe myfilter attribute of the targeted entry. The myfilter attribute can be replaced byany attribute that contains an LDAP filter.Example With Any Attribute ValueThe following is an example of the userattr keyword associated with a bindbased on any attribute value:userattr = "favoriteDrink#Beer"The bind rule is evaluated to be true if the bind DN and the target DN include thefavoriteDrink attribute with a value of Beer.Using the userattr Keyword With InheritanceWhen you use the userattr keyword to associate the entry used to bind with thetarget entry, the ACI applies only to the target specified and not to the entriesbelow it. In some circumstances, you might want to extend the application of theACI several levels below the targeted entry. This is possible by using the parentkeyword, and specifying the number of levels below the target that should inheritthe ACI.When you use the userattr keyword in association with the parent keyword, thesyntax is as follows:userattr = "parent[inheritance_level].attrName#bindType"or, if you are using an attribute type that requires a value other than a user DN,group DN, role DN, or an LDAP filter:userattr = "parent[inheritance_level].attrName#attrValue"where:• inheritance_level is a comma separated list that indicates how many levels belowthe target will inherit the ACI. You can include five levels [0,1,2,3,4] belowthe targeted entry; zero (0) indicates the targeted entry.• attribute is the attribute targeted by the userattr or groupattr keyword.• bindType can be one of USERDN,GROUPDN,LDAPURL.