mirror of
https://git.openldap.org/openldap/openldap.git
synced 2024-12-21 03:10:25 +08:00
Some minor adjustments
This commit is contained in:
parent
57a5439d6c
commit
74300deaab
@ -6,9 +6,9 @@ slapd.access \- access configuration for slapd, the stand-alone LDAP daemon
|
|||||||
.SH SYNOPSIS
|
.SH SYNOPSIS
|
||||||
ETCDIR/slapd.conf
|
ETCDIR/slapd.conf
|
||||||
.SH DESCRIPTION
|
.SH DESCRIPTION
|
||||||
The file
|
The
|
||||||
.B ETCDIR/slapd.conf (5)
|
.BR slapd.conf (5)
|
||||||
contains configuration information for the
|
file contains configuration information for the
|
||||||
.BR slapd (8)
|
.BR slapd (8)
|
||||||
daemon. This configuration file is also used by the
|
daemon. This configuration file is also used by the
|
||||||
.BR slurpd (8)
|
.BR slurpd (8)
|
||||||
@ -82,8 +82,8 @@ The optional style qualificator
|
|||||||
.B <dnstyle>
|
.B <dnstyle>
|
||||||
can be
|
can be
|
||||||
.BR regex ,
|
.BR regex ,
|
||||||
which implies a regex (7)
|
which implies a regular expression pattern, as detailed in
|
||||||
.B pattern
|
.BR regex (7),
|
||||||
will be used (the default),
|
will be used (the default),
|
||||||
.B base
|
.B base
|
||||||
or
|
or
|
||||||
@ -147,16 +147,17 @@ It can have the forms
|
|||||||
sockurl[.<style>]=<pattern>
|
sockurl[.<style>]=<pattern>
|
||||||
set[.<style>]=<pattern>
|
set[.<style>]=<pattern>
|
||||||
|
|
||||||
aci=<attrname>
|
|
||||||
.fi
|
|
||||||
.LP
|
|
||||||
Each of them can be prefixed by the modifiers
|
|
||||||
.LP
|
|
||||||
.nf
|
|
||||||
ssf=<n>
|
ssf=<n>
|
||||||
transport_ssf=<n>
|
transport_ssf=<n>
|
||||||
tls_ssf=<n>
|
tls_ssf=<n>
|
||||||
sasl_ssf=<n>
|
sasl_ssf=<n>
|
||||||
|
|
||||||
|
aci=<attrname>
|
||||||
|
.fi
|
||||||
|
.LP
|
||||||
|
They may be specified in combination.
|
||||||
|
.LP
|
||||||
|
.nf
|
||||||
.fi
|
.fi
|
||||||
.LP
|
.LP
|
||||||
The wildcard
|
The wildcard
|
||||||
@ -264,16 +265,13 @@ means that the access control is determined by the values in the
|
|||||||
of the entry itself.
|
of the entry itself.
|
||||||
ACIs are experimental; they must be enabled at compile time.
|
ACIs are experimental; they must be enabled at compile time.
|
||||||
.LP
|
.LP
|
||||||
The modifiers
|
The statements
|
||||||
.BR ssf=<n> ,
|
.BR ssf=<n> ,
|
||||||
.BR transport_ssf=<n> ,
|
.BR transport_ssf=<n> ,
|
||||||
.BR tls_ssf=<n> ,
|
.BR tls_ssf=<n> ,
|
||||||
and
|
and
|
||||||
.BR sasl_ssf=<n>
|
.BR sasl_ssf=<n>
|
||||||
set the required Security Strenght Factor (ssf) required to grant access.
|
set the required Security Strength Factor (ssf) required to grant access.
|
||||||
They are prefixed to the
|
|
||||||
.B <who>
|
|
||||||
clause they alter.
|
|
||||||
.LP
|
.LP
|
||||||
The field
|
The field
|
||||||
.B <access> ::= [self]{<level>|<priv>}
|
.B <access> ::= [self]{<level>|<priv>}
|
||||||
@ -318,7 +316,7 @@ While
|
|||||||
is trivial,
|
is trivial,
|
||||||
.B auth
|
.B auth
|
||||||
access means that one is allowed access to an attribute to perform
|
access means that one is allowed access to an attribute to perform
|
||||||
authentication operations (e.g.
|
authentication/authorization operations (e.g.
|
||||||
.BR bind )
|
.BR bind )
|
||||||
with no other access.
|
with no other access.
|
||||||
This is useful to grant unauthenticated users the least possible
|
This is useful to grant unauthenticated users the least possible
|
||||||
|
Loading…
Reference in New Issue
Block a user