Added -F option. Need to sync with current slapd(8)

This commit is contained in:
Gavin Henry 2007-10-14 23:38:46 +00:00
parent 6484cd34fe
commit ee5715fcc6
4 changed files with 55 additions and 39 deletions

View File

@ -24,7 +24,12 @@ asked on the OpenLDAP mailing lists and scenarios discussed there, we have added
* {{SECT:Troubleshooting}} * {{SECT:Troubleshooting}}
* {{SECT:Changes Since Previous Release}} * {{SECT:Changes Since Previous Release}}
* {{SECT:Upgrading from 2.3.x}} * {{SECT:Upgrading from 2.3.x}}
* {{SECT:Common errors encountered when using OpenLDAP Software}}
* {{SECT:Recommended OpenLDAP Software Dependency Versions}}
* {{SECT:Real World OpenLDAP Deployments and Examples}}
* {{SECT:OpenLDAP Software Contributions}}
* {{SECT:Configuration File Examples}} * {{SECT:Configuration File Examples}}
* {{SECT:LDAP Result Codes}}
* {{SECT:Glossary}} * {{SECT:Glossary}}
Also, the table of contents is now 3 levels deep to ease navigation. Also, the table of contents is now 3 levels deep to ease navigation.

View File

@ -47,7 +47,7 @@ If you have a suffix specified in slapd.conf eg.
You should use You should use
ldapsearch -b 'dc=example,dc=com' '(cn=jane*)' > ldapsearch -b 'dc=example,dc=com' '(cn=jane*)'
to tell it where to start the search. to tell it where to start the search.
@ -66,7 +66,7 @@ H3: ldap_*: Can't chase referral
This is caused by the line This is caused by the line
referral ldap://root.openldap.org > referral ldap://root.openldap.org
in slapd.conf, It was provided as an example for how to use referrals in the original file. however if your machine is not permanently connected to the Internet, it will fail to find the server, and hence produce an error message. in slapd.conf, It was provided as an example for how to use referrals in the original file. however if your machine is not permanently connected to the Internet, it will fail to find the server, and hence produce an error message.
@ -112,9 +112,9 @@ This error is reported when a value of an attribute does not conform to syntax r
Common causes include: Common causes include:
extraneous white space (especially trailing white space) * extraneous white space (especially trailing white space)
improperly encoded characters (LDAPv3 uses UTF-8 encoded Unicode) * improperly encoded characters (LDAPv3 uses UTF-8 encoded Unicode)
empty values (few syntaxes allow empty values) * empty values (few syntaxes allow empty values)
For certain syntax, like OBJECT IDENTIFIER (OID), this error can indicate that the OID descriptor (a "short name") provided is unrecognized. For instance, this error is returned if the objectClass value provided is unrecognized. For certain syntax, like OBJECT IDENTIFIER (OID), this error can indicate that the OID descriptor (a "short name") provided is unrecognized. For instance, this error is returned if the objectClass value provided is unrecognized.
@ -125,28 +125,28 @@ This error is returned with the entry to be added or the entry as modified viola
Violations related to the entry's attributes: Violations related to the entry's attributes:
Attribute not allowed > Attribute not allowed
A provided attribute is not allowed by the entry's object class(es). A provided attribute is not allowed by the entry's object class(es).
Missing required attribute > Missing required attribute
An attribute required by the entry's object class(es) was not provided. An attribute required by the entry's object class(es) was not provided.
Violations related to the entry's class(es): Violations related to the entry's class(es):
Entry has no objectClass attribute > Entry has no objectClass attribute
The entry did not state which object classes it belonged to. The entry did not state which object classes it belonged to.
Unrecognized objectClass > Unrecognized objectClass
One (or more) of the listed objectClass values is not recognized. One (or more) of the listed objectClass values is not recognized.
No structural object class provided > No structural object class provided
None of the listed objectClass values is structural. None of the listed objectClass values is structural.
Invalid structural object class chain > Invalid structural object class chain
Two or more structural objectClass values are not in same structural object class chain. See also (Xref) ldap add: invalid structural object class chain. Two or more structural objectClass values are not in same structural object class chain. See also (Xref) ldap add: invalid structural object class chain.
Structural object class modification > Structural object class modification
Modify operation attempts to change the structural class of the entry. See also (Xref) ldap_modify: cannot modify object class. Modify operation attempts to change the structural class of the entry. See also (Xref) ldap_modify: cannot modify object class.
Instanstantiation of abstract objectClass. > Instanstantiation of abstract objectClass.
An abstract class is not subordinate to any listed structural or auxiliary class. An abstract class is not subordinate to any listed structural or auxiliary class.
Invalid structural object class > Invalid structural object class
Other structural object class problem. Other structural object class problem.
No structuralObjectClass operational attribute > No structuralObjectClass operational attribute
This is commonly returned when a shadow server is provided an entry which does not contain the structuralObjectClass operational attribute. This is commonly returned when a shadow server is provided an entry which does not contain the structuralObjectClass operational attribute.
@ -158,11 +158,11 @@ The "ldap_add: No such object" error is commonly returned if parent of the entry
For example, if you are adding "cn=bob,dc=domain,dc=com" and you get: For example, if you are adding "cn=bob,dc=domain,dc=com" and you get:
ldap_add: No such object > ldap_add: No such object
The entry "dc=domain,dc=com" likely doesn't exist. You can use ldapsearch to see if does exist: The entry "dc=domain,dc=com" likely doesn't exist. You can use ldapsearch to see if does exist:
ldapsearch -b 'dc=domain,dc=com' -s base '(objectclass=*)' > ldapsearch -b 'dc=domain,dc=com' -s base '(objectclass=*)'
If it doesn't, add it. See the Quick Start Guide (http://www.openldap.org/doc/admin/quickstart.html) for assistance. If it doesn't, add it. See the Quick Start Guide (http://www.openldap.org/doc/admin/quickstart.html) for assistance.
@ -186,9 +186,9 @@ H3: ldap_add: no structuralObjectClass operational attribute
ldapadd(1) may error: ldapadd(1) may error:
adding new entry "uid=XXX,ou=People,o=campus,c=ru" > adding new entry "uid=XXX,ou=People,o=campus,c=ru"
ldap_add: Internal (implementation specific) error (80) > ldap_add: Internal (implementation specific) error (80)
additional info: no structuralObjectClass operational attribute > additional info: no structuralObjectClass operational attribute
when slapd(8) cannot determine, based upon the contents of the objectClass attribute, what the structural class of the object should be. when slapd(8) cannot determine, based upon the contents of the objectClass attribute, what the structural class of the object should be.
@ -203,7 +203,7 @@ OpenLDAP's slapd checks for naming attributes and distinguished values consisten
Naming attributes are those attributeTypes that appear in an entry's RDN; distinguished values are the values of the naming attributes that appear in an entry's RDN, e.g, in Naming attributes are those attributeTypes that appear in an entry's RDN; distinguished values are the values of the naming attributes that appear in an entry's RDN, e.g, in
cn=Someone+mail=someone@example.com,dc=example,dc=com > cn=Someone+mail=someone@example.com,dc=example,dc=com
the naming attributes are cn and mail, and the distinguished values are Someone and someone@example.com. the naming attributes are cn and mail, and the distinguished values are Someone and someone@example.com.
@ -217,10 +217,10 @@ Possible causes of error are:
* the naming attributes are not present in the entry; for example: * the naming attributes are not present in the entry; for example:
dn: dc=example,dc=com > dn: dc=example,dc=com
objectClass: organization > objectClass: organization
o: Example > o: Example
# note: "dc: example" is missing > # note: "dc: example" is missing
* the naming attributes are present in the entry, but in the attributeType definition they are marked as: * the naming attributes are present in the entry, but in the attributeType definition they are marked as:
o collective o collective
@ -228,10 +228,10 @@ Possible causes of error are:
o obsolete o obsolete
* the naming attributes are present in the entry, but the distinguished values are not; for example: * the naming attributes are present in the entry, but the distinguished values are not; for example:
dn: dc=example,dc=com > dn: dc=example,dc=com
objectClass: domain > objectClass: domain
dc: foobar > dc: foobar
# note: "dc" is present, but the value is not "example" > # note: "dc" is present, but the value is not "example"
* the naming attributes are present in the entry, with the distinguished values, but the naming attributes: * the naming attributes are present in the entry, with the distinguished values, but the naming attributes:
o do not have an equality field, so equality cannot be asserted o do not have an equality field, so equality cannot be asserted
@ -264,13 +264,13 @@ In the example ACL below grants the following access:
All other access is denied. All other access is denied.
access to attr=userPassword > access to attr=userPassword
by self =w > by self =w
by anonymous auth > by anonymous auth
access * > access *
by self write > by self write
by users read > by users read
Note that latest versions of slapd(8) will report invalid credentials in cases where the client has insufficient access to complete the operation. This is avoid inappropriate disclosure of the validity of the user's name. Note that latest versions of slapd(8) will report invalid credentials in cases where the client has insufficient access to complete the operation. This is avoid inappropriate disclosure of the validity of the user's name.
@ -352,8 +352,8 @@ H3: ldap_start_tls: Operations error
ldapsearch(1) and other tools will return ldapsearch(1) and other tools will return
ldap_start_tls: Operations error (1) > ldap_start_tls: Operations error (1)
additional info: TLS already started > additional info: TLS already started
when the user (though command line options and/or ldap.conf(5)) has requested TLS (SSL) be started twice. For instance, when specifying both "-H ldaps://server.do.main" and "-ZZ". when the user (though command line options and/or ldap.conf(5)) has requested TLS (SSL) be started twice. For instance, when specifying both "-H ldaps://server.do.main" and "-ZZ".

View File

@ -17,7 +17,7 @@ This document is considered a part of OpenLDAP Software. This
document is subject to terms of conditions set forth in {{SECT:OpenLDAP document is subject to terms of conditions set forth in {{SECT:OpenLDAP
Software Copyright Notices}} and the {{SECT:OpenLDAP Public License}}. Software Copyright Notices}} and the {{SECT:OpenLDAP Public License}}.
Complete copies of the notices and associated license can be found Complete copies of the notices and associated license can be found
in Appendix C and D, respectively. in Appendix K and L, respectively.
P2[notoc] Scope of this Document P2[notoc] Scope of this Document

View File

@ -19,6 +19,17 @@ in the manual page. This section details a few commonly used options.
This option specifies an alternate configuration file for slapd. This option specifies an alternate configuration file for slapd.
The default is normally {{F:/usr/local/etc/openldap/slapd.conf}}. The default is normally {{F:/usr/local/etc/openldap/slapd.conf}}.
> -F <slapd-config-directory>
Specifies the slapd configuration directory. The default is {{F:/usr/local/etc/openldap/slapd.d}}
If both {{EX:-f}} and {{EX:-F}} are specified, the config file will be read and converted
to config directory format and written to the specified directory.
If neither option is specified, slapd will attempt to read the default config
directory before trying to use the default config file. If a valid config
directory exists then the default config file is ignored. All of the slap tools
that use the config options observe this same behavior.
> -h <URLs> > -h <URLs>
This option specifies alternative listener configurations. The This option specifies alternative listener configurations. The
@ -37,7 +48,7 @@ numeric.
> -n <service-name> > -n <service-name>
This option specifies the service name used for logging and This option specifies the service name used for logging and
other purposes. The default service name is {{EX:slapd}}. other purposes. The default service name is {{EX:slapd}}.
> -l <syslog-local-user> > -l <syslog-local-user>