diff --git a/doc/man/man5/slapd-config.5 b/doc/man/man5/slapd-config.5 index f13cebd161..e5240b5991 100644 --- a/doc/man/man5/slapd-config.5 +++ b/doc/man/man5/slapd-config.5 @@ -1803,19 +1803,18 @@ to the obsolete \fIchangelog\fP format. If the parameter is omitted or set to "default" then the log parameters are ignored. .RE -.\".TP -.\".B updatedn -.\"This option is only applicable in a slave -.\"database updated using -.\".BR slurpd(8). -.\"It specifies the DN permitted to update (subject to access controls) -.\"the replica (typically, this is the DN -.\".BR slurpd (8) -.\"binds to update the replica). Generally, this DN -.\".I should not -.\"be the same as the -.\".B rootdn -.\"used at the master. +.TP +.B olcUpdateDN: +This option is only applicable in a slave +database. +It specifies the DN permitted to update (subject to access controls) +the replica (typically, this is the DN +.BR slurpd (8) +binds to update the replica). Generally, this DN +.I should not +be the same as the +.B rootdn +used at the master. .TP .B olcUpdateRef: Specify the referral to pass back when @@ -1825,83 +1824,9 @@ If multiple values are specified, each url is provided. .SH DATABASE-SPECIFIC OPTIONS Each database may allow specific configuration options; they are -documented separately in the backends' manual pages. -.SH BACKENDS -The following backends can be compiled into slapd. -They are documented in the -.BR slapd- (5) -manual pages. -.TP -.B bdb -This is the recommended primary backend for a normal slapd database. -It takes care to configure it properly. -It uses the transactional database interface of the Sleepycat Berkeley -DB (BDB) package to store data. -.TP -.B config -This backend is used to manage the configuration of slapd run-time. -.TP -.B dnssrv -This backend is experimental. -It serves up referrals based upon SRV resource records held in the -Domain Name System. -.TP -.B hdb -This is a variant of the BDB backend that uses a hierarchical database -layout which supports subtree renames. -.TP -.B ldap -This backend acts as a proxy to forward incoming requests to another -LDAP server. -.TP -.B ldif -This database uses the filesystem to build the tree structure -of the database, using plain ascii files to store data. -Its usage should be limited to very simple databases, where performance -is not a requirement. -.TP -.B meta -This backend performs basic LDAP proxying with respect to a set of -remote LDAP servers. It is an enhancement of the ldap backend. -.TP -.B monitor -This backend provides information about the running status of the slapd -daemon. -.TP -.B null -Operations in this backend succeed but do nothing. -.TP -.B passwd -This backend is provided for demonstration purposes only. -It serves up user account information from the system -.BR passwd (5) -file. -.TP -.B perl -This backend embeds a -.BR perl (1) -interpreter into slapd. -It runs Perl subroutines to implement LDAP operations. -.TP -.B relay -This backend is experimental. -It redirects LDAP operations to another database -in the same server, based on the naming context of the request. -Its use requires the -.B rwm -overlay (see -.BR slapo-rwm (5) -for details) to rewrite the naming context of the request. -It is primarily intended to implement virtual views on databases -that actually store data. -.TP -.B shell -This backend executes external programs to implement LDAP operations. -It is primarily intended to be used in prototypes. -.TP -.B sql -This backend is experimental. -It services LDAP requests from an SQL database. +documented separately in the backends' manual pages. See the +.BR slapd.backends (5) +manual page for an overview of available backends. .SH OVERLAYS An overlay is a piece of code that intercepts database operations in order to extend or change @@ -1917,97 +1842,9 @@ and the entry must have the olcOverlayConfig objectClass. Normally the config engine generates the "{x}" index in the RDN automatically, so it can be omitted when initially loading these entries. -The following overlays can be compiled into slapd. -They are documented in the -.BR slapo- (5) -manual pages. -.TP -.B accesslog -Access Logging. -This overlay can record accesses to a given backend database on another -database. -.TP -.B auditlog -Audit Logging. -This overlay records changes on a given backend database to an LDIF log -file. -By default it is not built. -.TP -.B chain -Chaining. -This overlay allows automatic referral chasing when a referral would -have been returned, either when configured by the server or when -requested by the client. -.TP -.B denyop -Deny Operation. -This overlay allows selected operations to be denied, similar to the -\fBolcRestrict\fP option. -.TP -.B dyngroup -Dynamic Group. -This is a demo overlay which extends the Compare operation to detect -members of a dynamic group. -It has no effect on any other operations. -.TP -.B dynlist -Dynamic List. -This overlay allows expansion of dynamic groups and more. -.TP -.B lastmod -Last Modification. -This overlay maintains a service entry in the database with the DN, -modification type, modifiersName and modifyTimestamp of the last write -operation performed on that database. -.TP -.B pcache -Proxycache. -This overlay allows caching of LDAP search requests in a local database. -It is most often used with the ldap or meta backends. -.TP -.B ppolicy -Password Policy. -This overlay provides a variety of password control mechanisms, -e.g. password aging, password reuse and duplication control, mandatory -password resets, etc. -.TP -.B refint -Referential Integrity. -This overlay can be used with a backend database such as -.BR slapd-bdb (5) -to maintain the cohesiveness of a schema which utilizes reference -attributes. -.TP -.B retcode -Return Code. -This overlay is useful to test the behavior of clients when -server-generated erroneous and/or unusual responses occur. -.TP -.B rwm -Rewrite/remap. -This overlay is experimental. -It performs basic DN/data rewrite and -objectClass/attributeType mapping. -.TP -.B syncprov -Syncrepl Provider. -This overlay implements the provider-side support for -.B syncrepl -replication, including persistent search functionality. -.TP -.B translucent -Translucent Proxy. -This overlay can be used with a backend database such as -.BR slapd-bdb (5) -to create a "translucent proxy". -Content of entries retrieved from a remote LDAP server can be partially -overridden by the database. -.TP -.B unique -Attribute Uniqueness. -This overlay can be used with a backend database such as -.BR slapd-bdb (5) -to enforce the uniqueness of some or all attributes within a subtree. +See the +.BR slapd.overlays (5) +manual page for an overview of available overlays. .SH EXAMPLES .LP Here is a short example of a configuration in LDIF suitable for use with @@ -2104,20 +1941,10 @@ default slapd configuration directory .SH SEE ALSO .BR ldap (3), .BR ldif (5), -.BR slapd\-bdb (5), -.BR slapd\-dnssrv (5), -.BR slapd\-hdb (5), -.BR slapd\-ldap (5), -.BR slapd\-ldif (5), -.BR slapd\-meta (5), -.BR slapd\-monitor (5), -.BR slapd\-null (5), -.BR slapd\-passwd (5), -.BR slapd\-perl (5), -.BR slapd\-relay (5), -.BR slapd\-shell (5), -.BR slapd\-sql (5), .BR slapd.access (5), +.BR slapd.backends (5), +.BR slapd.conf (5), +.BR slapd.overlays (5), .BR slapd.plugin (5), .BR slapd.replog (5), .BR slapd (8), @@ -2130,21 +1957,6 @@ default slapd configuration directory .BR slappasswd (8), .BR slaptest (8), .BR slurpd (8). - -Known overlays are documented in -.BR slapo\-accesslog (5), -.BR slapo\-auditlog (5), -.BR slapo\-chain (5), -.BR slapo\-dynlist (5), -.BR slapo\-lastmod (5), -.BR slapo\-pcache (5), -.BR slapo\-ppolicy (5), -.BR slapo\-refint (5), -.BR slapo\-retcode (5), -.BR slapo\-rwm (5), -.BR slapo\-syncprov (5), -.BR slapo\-translucent (5), -.BR slapo\-unique (5). .LP "OpenLDAP Administrator's Guide" (http://www.OpenLDAP.org/doc/admin/) .SH ACKNOWLEDGEMENTS diff --git a/doc/man/man5/slapd.backends.5 b/doc/man/man5/slapd.backends.5 new file mode 100644 index 0000000000..05de3ef06f --- /dev/null +++ b/doc/man/man5/slapd.backends.5 @@ -0,0 +1,139 @@ +.TH SLAPD.BACKENDS 5 "RELEASEDATE" "OpenLDAP LDVERSION" +.\" Copyright 2006 The OpenLDAP Foundation All Rights Reserved. +.\" Copying restrictions apply. See COPYRIGHT/LICENSE. +.\" $OpenLDAP$ +.SH NAME +slapd.backends \- backends for slapd, the stand-alone LDAP daemon +.SH DESCRIPTION +The +.BR slapd (8) +daemon can use a variety of different backends for serving LDAP requests. +Backends may be compiled statically into slapd, or when module support +is enabled, they may be dynamically loaded. Multiple instances of a +backend can be configured, to serve separate databases from the same +slapd server. + + +Configuration options for each backend are documented separately in the +corresponding +.BR slapd- (5) +manual pages. +.TP +.B bdb +This is the recommended primary backend for a normal slapd database. +It takes care to configure it properly. +It uses the transactional database interface of the Sleepycat Berkeley +DB (BDB) package to store data. +.TP +.B config +This backend is used to manage the configuration of slapd at run-time. +Unlike other backends, only a single instance of the +.B config +backend may be defined. It also instantiates itself automatically, +so it is always present even if not explicitly defined in the +.BR slapd.conf (5) +file. +.TP +.B dnssrv +This backend is experimental. +It serves up referrals based upon SRV resource records held in the +Domain Name System. +.TP +.B hdb +This is a variant of the +.B bdb +backend that uses a hierarchical database +layout. This layout stores entry DNs more efficiently than the +.B bdb +backend, +using less space and requiring less work to create, delete, and rename +entries. It is also one of the few backends to support subtree renames. +.TP +.B ldap +This backend acts as a proxy to forward incoming requests to another +LDAP server. +.TP +.B ldif +This database uses the filesystem to build the tree structure +of the database, using plain ascii files to store data. +Its usage should be limited to very simple databases, where performance +is not a requirement. This backend also supports subtree renames. +.TP +.B meta +This backend performs basic LDAP proxying with respect to a set of +remote LDAP servers. It is an enhancement of the +.B ldap +backend. +.TP +.B monitor +This backend provides information about the running status of the slapd +daemon. Only a single instance of the +.B monitor +backend may be defined. +.TP +.B null +Operations in this backend succeed but do nothing. +.TP +.B passwd +This backend is provided for demonstration purposes only. +It serves up user account information from the system +.BR passwd (5) +file. +.TP +.B perl +This backend embeds a +.BR perl (1) +interpreter into slapd. +It runs Perl subroutines to implement LDAP operations. +.TP +.B relay +This backend is experimental. +It redirects LDAP operations to another database +in the same server, based on the naming context of the request. +Its use requires the +.B rwm +overlay (see +.BR slapo-rwm (5) +for details) to rewrite the naming context of the request. +It is primarily intended to implement virtual views on databases +that actually store data. +.TP +.B shell +This backend executes external programs to implement LDAP operations. +It is primarily intended to be used in prototypes. +.TP +.B sql +This backend is experimental. +It services LDAP requests from an SQL database. +.SH FILES +.TP +ETCDIR/slapd.conf +default slapd configuration file +.TP +ETCDIR/slapd.d +default slapd configuration directory +.SH SEE ALSO +.BR ldap (3), +.BR slapd\-bdb (5), +.BR slapd\-config (5), +.BR slapd\-dnssrv (5), +.BR slapd\-hdb (5), +.BR slapd\-ldap (5), +.BR slapd\-ldif (5), +.BR slapd\-meta (5), +.BR slapd\-monitor (5), +.BR slapd\-null (5), +.BR slapd\-passwd (5), +.BR slapd\-perl (5), +.BR slapd\-relay (5), +.BR slapd\-shell (5), +.BR slapd\-sql (5), +.BR slapd.conf (5), +.BR slapd.overlays (5), +.BR slapd (8). +"OpenLDAP Administrator's Guide" (http://www.OpenLDAP.org/doc/admin/) +.SH ACKNOWLEDGEMENTS +.B OpenLDAP +is developed and maintained by The OpenLDAP Project (http://www.openldap.org/). +.B OpenLDAP +is derived from University of Michigan LDAP 3.3 Release. diff --git a/doc/man/man5/slapd.conf.5 b/doc/man/man5/slapd.conf.5 index 6ad2e8ae4c..fdfde5f5f1 100644 --- a/doc/man/man5/slapd.conf.5 +++ b/doc/man/man5/slapd.conf.5 @@ -1342,7 +1342,9 @@ code that intercepts database operations in order to extend or change them. Overlays are pushed onto a stack over the database, and so they will execute in the reverse of the order in which they were configured and the database itself -will receive control last of all. +will receive control last of all. See the +.BR slapd.overlays (5) +manual page for an overview of the available overlays. .TP .B readonly on | off This option puts the database into "read-only" mode. Any attempts to @@ -1731,182 +1733,9 @@ If specified multiple times, each url is provided. .SH DATABASE-SPECIFIC OPTIONS Each database may allow specific configuration options; they are -documented separately in the backends' manual pages. -.SH BACKENDS -The following backends can be compiled into slapd. -They are documented in the -.BR slapd- (5) -manual pages. -.TP -.B bdb -This is the recommended primary backend for a normal slapd database. -It takes care to configure it properly. -It uses the transactional database interface of the Sleepycat Berkeley -DB (BDB) package to store data. -.TP -.B config -This backend is used to manage the configuration of slapd run-time. -.TP -.B dnssrv -This backend is experimental. -It serves up referrals based upon SRV resource records held in the -Domain Name System. -.TP -.B hdb -This is a variant of the BDB backend that uses a hierarchical database -layout which supports subtree renames. -.TP -.B ldap -This backend acts as a proxy to forward incoming requests to another -LDAP server. -.TP -.B ldbm -This is an easy-to-configure but obsolete database backend. It -does not offer the data durability features of the BDB and HDB -backends and hence is deprecated in favor of these robust backends. -LDBM uses lightweight non-transactional DB interfaces, -such as those providing by GDBM or Berkeley DB, to store data. -.TP -.B ldif -This database uses the filesystem to build the tree structure -of the database, using plain ascii files to store data. -Its usage should be limited to very simple databases, where performance -is not a requirement. -.TP -.B meta -This backend performs basic LDAP proxying with respect to a set of -remote LDAP servers. It is an enhancement of the ldap backend. -.TP -.B monitor -This backend provides information about the running status of the slapd -daemon. -.TP -.B null -Operations in this backend succeed but do nothing. -.TP -.B passwd -This backend is provided for demonstration purposes only. -It serves up user account information from the system -.BR passwd (5) -file. -.TP -.B perl -This backend embeds a -.BR perl (1) -interpreter into slapd. -It runs Perl subroutines to implement LDAP operations. -.TP -.B relay -This backend is experimental. -It redirects LDAP operations to another database -in the same server, based on the naming context of the request. -Its use requires the -.B rwm -overlay (see -.BR slapo-rwm (5) -for details) to rewrite the naming context of the request. -It is primarily intended to implement virtual views on databases -that actually store data. -.TP -.B shell -This backend executes external programs to implement LDAP operations. -It is primarily intended to be used in prototypes. -.TP -.B sql -This backend is experimental. -It services LDAP requests from an SQL database. -.SH OVERLAYS -The following overlays can be compiled into slapd. -They are documented in the -.BR slapo- (5) -manual pages. -.TP -.B accesslog -Access Logging. -This overlay can record accesses to a given backend database on another -database. -.TP -.B auditlog -Audit Logging. -This overlay records changes on a given backend database to an LDIF log -file. -By default it is not built. -.TP -.B chain -Chaining. -This overlay allows automatic referral chasing when a referral would -have been returned, either when configured by the server or when -requested by the client. -.TP -.B denyop -Deny Operation. -This overlay allows selected operations to be denied, similar to the -\fBrestrict\fP option. -.TP -.B dyngroup -Dynamic Group. -This is a demo overlay which extends the Compare operation to detect -members of a dynamic group. -It has no effect on any other operations. -.TP -.B dynlist -Dynamic List. -This overlay allows expansion of dynamic groups and more. -.TP -.B lastmod -Last Modification. -This overlay maintains a service entry in the database with the DN, -modification type, modifiersName and modifyTimestamp of the last write -operation performed on that database. -.TP -.B pcache -Proxycache. -This overlay allows caching of LDAP search requests in a local database. -It is most often used with the ldap or meta backends. -.TP -.B ppolicy -Password Policy. -This overlay provides a variety of password control mechanisms, -e.g. password aging, password reuse and duplication control, mandatory -password resets, etc. -.TP -.B refint -Referential Integrity. -This overlay can be used with a backend database such as -.BR slapd-bdb (5) -to maintain the cohesiveness of a schema which utilizes reference -attributes. -.TP -.B retcode -Return Code. -This overlay is useful to test the behavior of clients when -server-generated erroneous and/or unusual responses occur. -.TP -.B rwm -Rewrite/remap. -This overlay is experimental. -It performs basic DN/data rewrite and -objectClass/attributeType mapping. -.TP -.B syncprov -Syncrepl Provider. -This overlay implements the provider-side support for -.B syncrepl -replication, including persistent search functionality. -.TP -.B translucent -Translucent Proxy. -This overlay can be used with a backend database such as -.BR slapd-bdb (5) -to create a "translucent proxy". -Content of entries retrieved from a remote LDAP server can be partially -overridden by the database. -.TP -.B unique -Attribute Uniqueness. -This overlay can be used with a backend database such as -.BR slapd-bdb (5) -to enforce the uniqueness of some or all attributes within a subtree. +documented separately in the backends' manual pages. See the +.BR slapd.backends (5) +manual page for an overview of available backends. .SH EXAMPLES .LP Here is a short example of a configuration file: @@ -1955,21 +1784,10 @@ ETCDIR/slapd.conf default slapd configuration file .SH SEE ALSO .BR ldap (3), -.BR slapd\-bdb (5), -.BR slapd\-dnssrv (5), -.BR slapd\-hdb (5), -.BR slapd\-ldap (5), -.BR slapd\-ldbm (5), -.BR slapd\-ldif (5), -.BR slapd\-meta (5), -.BR slapd\-monitor (5), -.BR slapd\-null (5), -.BR slapd\-passwd (5), -.BR slapd\-perl (5), -.BR slapd\-relay (5), -.BR slapd\-shell (5), -.BR slapd\-sql (5), +.BR slapd\-config (5), .BR slapd.access (5), +.BR slapd.backends (5), +.BR slapd.overlays (5), .BR slapd.plugin (5), .BR slapd.replog (5), .BR slapd (8), @@ -1982,21 +1800,6 @@ default slapd configuration file .BR slappasswd (8), .BR slaptest (8), .BR slurpd (8). - -Known overlays are documented in -.BR slapo\-accesslog (5), -.BR slapo\-auditlog (5), -.BR slapo\-chain (5), -.BR slapo\-dynlist (5), -.BR slapo\-lastmod (5), -.BR slapo\-pcache (5), -.BR slapo\-ppolicy (5), -.BR slapo\-refint (5), -.BR slapo\-retcode (5), -.BR slapo\-rwm (5), -.BR slapo\-syncprov (5), -.BR slapo\-translucent (5), -.BR slapo\-unique (5). .LP "OpenLDAP Administrator's Guide" (http://www.OpenLDAP.org/doc/admin/) .SH ACKNOWLEDGEMENTS diff --git a/doc/man/man5/slapd.overlays.5 b/doc/man/man5/slapd.overlays.5 new file mode 100644 index 0000000000..e76ccc0af3 --- /dev/null +++ b/doc/man/man5/slapd.overlays.5 @@ -0,0 +1,143 @@ +.TH SLAPD.OVERLAYS 5 "RELEASEDATE" "OpenLDAP LDVERSION" +.\" Copyright 2006 The OpenLDAP Foundation All Rights Reserved. +.\" Copying restrictions apply. See COPYRIGHT/LICENSE. +.\" $OpenLDAP$ +.SH NAME +slapd.overlays \- overlays for slapd, the stand-alone LDAP daemon +.SH DESCRIPTION +The +.BR slapd (8) +daemon can use a variety of different overlays to alter or extend +the normal behavior of a database backend. +Overlays may be compiled statically into slapd, or when module support +is enabled, they may be dynamically loaded. Most of the overlays +are only allowed to be configured on individual databases, but some +may also be configured globally. + +Configuration options for each overlay are documented separately in the +corresponding +.BR slapo- (5) +manual pages. +.TP +.B accesslog +Access Logging. +This overlay can record accesses to a given backend database on another +database. +.TP +.B auditlog +Audit Logging. +This overlay records changes on a given backend database to an LDIF log +file. +By default it is not built. +.TP +.B chain +Chaining. +This overlay allows automatic referral chasing when a referral would +have been returned, either when configured by the server or when +requested by the client. +.TP +.B denyop +Deny Operation. +This overlay allows selected operations to be denied, similar to the +\fBrestrict\fP option. +.TP +.B dyngroup +Dynamic Group. +This is a demo overlay which extends the Compare operation to detect +members of a dynamic group. +It has no effect on any other operations. +.TP +.B dynlist +Dynamic List. +This overlay allows expansion of dynamic groups and more. +.TP +.B lastmod +Last Modification. +This overlay maintains a service entry in the database with the DN, +modification type, modifiersName and modifyTimestamp of the last write +operation performed on that database. +.TP +.B pcache +Proxycache. +This overlay allows caching of LDAP search requests in a local database. +It is most often used with the +.BR slapd-ldap (5) +or +.BR slapd-meta (5) +backends. +.TP +.B ppolicy +Password Policy. +This overlay provides a variety of password control mechanisms, +e.g. password aging, password reuse and duplication control, mandatory +password resets, etc. +.TP +.B refint +Referential Integrity. +This overlay can be used with a backend database such as +.BR slapd-bdb (5) +to maintain the cohesiveness of a schema which utilizes reference +attributes. +.TP +.B retcode +Return Code. +This overlay is useful to test the behavior of clients when +server-generated erroneous and/or unusual responses occur. +.TP +.B rwm +Rewrite/remap. +This overlay is experimental. +It performs basic DN/data rewrite and +objectClass/attributeType mapping. +.TP +.B syncprov +Syncrepl Provider. +This overlay implements the provider-side support for +.B syncrepl +replication, including persistent search functionality. +.TP +.B translucent +Translucent Proxy. +This overlay can be used with a backend database such as +.BR slapd-bdb (5) +to create a "translucent proxy". +Content of entries retrieved from a remote LDAP server can be partially +overridden by the database. +.TP +.B unique +Attribute Uniqueness. +This overlay can be used with a backend database such as +.BR slapd-bdb (5) +to enforce the uniqueness of some or all attributes within a subtree. +.SH FILES +.TP +ETCDIR/slapd.conf +default slapd configuration file +.TP +ETCDIR/slapd.d +default slapd configuration directory +.SH SEE ALSO +.BR ldap (3), +.BR slapo\-accesslog (5), +.BR slapo\-auditlog (5), +.BR slapo\-chain (5), +.BR slapo\-dynlist (5), +.BR slapo\-lastmod (5), +.BR slapo\-pcache (5), +.BR slapo\-ppolicy (5), +.BR slapo\-refint (5), +.BR slapo\-retcode (5), +.BR slapo\-rwm (5), +.BR slapo\-syncprov (5), +.BR slapo\-translucent (5), +.BR slapo\-unique (5). +.BR slapd\-config (5), +.BR slapd.conf (5), +.BR slapd.backends (5), +.BR slapd (8). +"OpenLDAP Administrator's Guide" (http://www.OpenLDAP.org/doc/admin/) +.SH ACKNOWLEDGEMENTS +.B OpenLDAP +is developed and maintained by The OpenLDAP Project (http://www.openldap.org/). +.B OpenLDAP +is derived from University of Michigan LDAP 3.3 Release.