Some minor adjustments

This commit is contained in:
Kurt Zeilenga 2001-11-03 21:53:44 +00:00
parent 57a5439d6c
commit 74300deaab

View File

@ -6,9 +6,9 @@ slapd.access \- access configuration for slapd, the stand-alone LDAP daemon
.SH SYNOPSIS .SH SYNOPSIS
ETCDIR/slapd.conf ETCDIR/slapd.conf
.SH DESCRIPTION .SH DESCRIPTION
The file The
.B ETCDIR/slapd.conf (5) .BR slapd.conf (5)
contains configuration information for the file contains configuration information for the
.BR slapd (8) .BR slapd (8)
daemon. This configuration file is also used by the daemon. This configuration file is also used by the
.BR slurpd (8) .BR slurpd (8)
@ -82,8 +82,8 @@ The optional style qualificator
.B <dnstyle> .B <dnstyle>
can be can be
.BR regex , .BR regex ,
which implies a regex (7) which implies a regular expression pattern, as detailed in
.B pattern .BR regex (7),
will be used (the default), will be used (the default),
.B base .B base
or or
@ -147,16 +147,17 @@ It can have the forms
sockurl[.<style>]=<pattern> sockurl[.<style>]=<pattern>
set[.<style>]=<pattern> set[.<style>]=<pattern>
aci=<attrname>
.fi
.LP
Each of them can be prefixed by the modifiers
.LP
.nf
ssf=<n> ssf=<n>
transport_ssf=<n> transport_ssf=<n>
tls_ssf=<n> tls_ssf=<n>
sasl_ssf=<n> sasl_ssf=<n>
aci=<attrname>
.fi
.LP
They may be specified in combination.
.LP
.nf
.fi .fi
.LP .LP
The wildcard The wildcard
@ -264,16 +265,13 @@ means that the access control is determined by the values in the
of the entry itself. of the entry itself.
ACIs are experimental; they must be enabled at compile time. ACIs are experimental; they must be enabled at compile time.
.LP .LP
The modifiers The statements
.BR ssf=<n> , .BR ssf=<n> ,
.BR transport_ssf=<n> , .BR transport_ssf=<n> ,
.BR tls_ssf=<n> , .BR tls_ssf=<n> ,
and and
.BR sasl_ssf=<n> .BR sasl_ssf=<n>
set the required Security Strenght Factor (ssf) required to grant access. set the required Security Strength Factor (ssf) required to grant access.
They are prefixed to the
.B <who>
clause they alter.
.LP .LP
The field The field
.B <access> ::= [self]{<level>|<priv>} .B <access> ::= [self]{<level>|<priv>}
@ -294,7 +292,7 @@ only in case the operation involves the name of the user that's requesting
the access. the access.
It implies the user that requests access is bound. It implies the user that requests access is bound.
An example is the An example is the
.B self write .B selfwrite
access to the member attribute of a group, which allows one to add/delete access to the member attribute of a group, which allows one to add/delete
its own DN from the member list of a group, without affecting other members. its own DN from the member list of a group, without affecting other members.
.LP .LP
@ -318,7 +316,7 @@ While
is trivial, is trivial,
.B auth .B auth
access means that one is allowed access to an attribute to perform access means that one is allowed access to an attribute to perform
authentication operations (e.g. authentication/authorization operations (e.g.
.BR bind ) .BR bind )
with no other access. with no other access.
This is useful to grant unauthenticated users the least possible This is useful to grant unauthenticated users the least possible
@ -407,7 +405,7 @@ ETCDIR/slapd.conf
.LP .LP
"OpenLDAP Administrator's Guide" (http://www.OpenLDAP.org/doc/admin/) "OpenLDAP Administrator's Guide" (http://www.OpenLDAP.org/doc/admin/)
.SH ACKNOWLEDGEMENTS .SH ACKNOWLEDGEMENTS
.B OpenLDAP .B OpenLDAP
is developed and maintained by The OpenLDAP Project (http://www.openldap.org/). is developed and maintained by The OpenLDAP Project (http://www.openldap.org/).
.B OpenLDAP .B OpenLDAP
is derived from University of Michigan LDAP 3.3 Release. is derived from University of Michigan LDAP 3.3 Release.