6.4.1. Bind Rule Syntax

http://www.redhat.com/docs/manuals/dir-server/ag/8.0/Managing_Access_Control-Bind_Rules.html#tab.LDIF_Bind_Rule_Keywords
groupdn ldap:///DN|| DN
---------------------------------------
ldap:///suffix??scope?(filter)
No
    [...]

6.4.3. Defining Group Access - groupdn Keyword

The groupdn keyword requires one or more valid distinguished names in the following format:

groupdn="ldap:///dn [|| ldap:///dn]...[|| ldap:///dn]"

The groupdn keyword can also be expressed as an LDAP filter:

ldap:///suffix??scope?(filter)
    [...]

Groupdn keyword containing LDAP URL with filter groupdn = "ldap:///dc=example,dc=com??sub?(cn=*Administrators)"; The bind rule is evaluated to be true if the bind DN belongs to the groups which are returned  from the search represented by the LDAP URL format.
Table 6.5. groupdn Examples
NOTE: the red colored part is new.