mirror/openldap
2
0
Fork 0
mirror of https://git.openldap.org/openldap/openldap.git synced 2025-01-06 10:46:21 +08:00
Code Issues Packages Projects Releases Wiki Activity
9,709 Commits 38 Branches 307 Tags 74 MiB
53002fc3ce
Commit Graph

1016 Commits

Author SHA1 Message Date
Kurt Zeilenga
256732f2ce s/tls/starttls/ 2003-06-10 18:32:36 +00:00
Kurt Zeilenga
29eaea5745 Clean up syntaxes and matching rules 2003-06-09 20:58:38 +00:00
Hallvard Furuseth
feef99c760 Axe abandon support (ITS#2564) 2003-06-03 12:02:00 +00:00
Kurt Zeilenga
304410c7a0 Update drafts 2003-05-31 22:47:07 +00:00
Kurt Zeilenga
0954351565 Change ACL default style to exact (from regex) 2003-05-30 05:24:39 +00:00
Howard Chu
5ce0e3afb1 Add authors 2003-05-25 03:50:59 +00:00
Kurt Zeilenga
52e88a36a4 Fix typos ITS#2544 2003-05-24 05:20:15 +00:00
Kurt Zeilenga
d6bfa4ab8f remove documentation for bind_simple_unprotected 
(which was axed log ago)
 2003-05-24 01:26:38 +00:00
Kurt Zeilenga
df025639e3 TLS hard updates 2003-05-22 00:37:01 +00:00
Kurt Zeilenga
b378944fc1 Zap "TLS hard" 2003-05-22 00:15:57 +00:00
Hallvard Furuseth
437e179098 Fix typo. 2003-05-19 17:30:14 +00:00
Pierangelo Masarati
ea8e28c6c1 update back-monitor man page 2003-05-18 23:26:30 +00:00
Kurt Zeilenga
c8a6d52e04 Rework CAVEATS 2003-05-17 18:37:40 +00:00
Pierangelo Masarati
904f513028 clarify DN regex match quirks 2003-05-17 12:39:10 +00:00
Kurt Zeilenga
7c8f3b351f Warn folks that setting TLS option may break some applications. 
URI should be used instead.
 2003-05-17 01:08:09 +00:00
Kurt Zeilenga
92b99a4133 Add a few more "nice to haves" 2003-05-09 02:12:42 +00:00
Hallvard Furuseth
7e8ff6df6b Implement slapcat -s <dn>: Only dump a subtree of the database. 2003-04-29 20:47:21 +00:00
Hallvard Furuseth
fa915adb5b Minor nroff tweaks. 2003-04-29 15:14:35 +00:00
Kurt Zeilenga
c661a77268 axe suffixAlias 2003-04-26 23:52:28 +00:00
Kurt Zeilenga
26badc8174 Add some comments about DB_CONFIG 2003-04-24 16:22:46 +00:00
Howard Chu
5642e54117 Fix file: URL examples 2003-04-23 03:35:37 +00:00
Howard Chu
a58190e2b1 Fix missing slash in file: URL 2003-04-23 03:32:05 +00:00
Kurt Zeilenga
099c2426b8 clarify that updatedn permits replica updating subject to access controls. 2003-04-21 02:29:46 +00:00
Pierangelo Masarati
ab9f7108f1 add caveats to man page; cleanup and small improvements 2003-04-16 22:23:46 +00:00
Pierangelo Masarati
9a39dcb7d4 add slurpd pid/args files 2003-04-15 21:56:21 +00:00
Pierangelo Masarati
8563681f18 document recent changes 2003-04-15 20:55:29 +00:00
Kurt Zeilenga
06da0f5e6f Clarify "users" terminology 2003-04-15 02:20:01 +00:00
Pierangelo Masarati
3e3e5fdec5 first cut at documenting back-monitor 2003-04-08 23:46:56 +00:00
Pierangelo Masarati
250934254b cleanup 2003-04-07 21:42:51 +00:00
Howard Chu
f2293e0486 One more typo 2003-04-07 11:35:58 +00:00
Howard Chu
37767962f2 Fix typo 2003-04-07 11:13:57 +00:00
Pierangelo Masarati
d275fee025 new rewrite example 2003-04-03 21:17:09 +00:00
Pierangelo Masarati
430077e2ed partially revert previous commit 2003-04-02 23:01:21 +00:00
Pierangelo Masarati
a67b41eb69 fix listener mod handling 2003-04-02 20:27:58 +00:00
Kurt Zeilenga
02028df6c6 Add additional password file support. 2003-03-31 06:29:59 +00:00
Howard Chu
2c2bf67cea ITS#2389, describe conn_max_pending/auth keywords 2003-03-27 04:18:16 +00:00
Hallvard Furuseth
1f00bd3c7f Manpage nitpicks 2003-03-23 16:37:06 +00:00
Kurt Zeilenga
98e5afc28f Remove cache stuff 2003-03-20 19:50:22 +00:00
Pierangelo Masarati
c4b925f343 document -u option 2003-03-18 10:38:23 +00:00
Kurt Zeilenga
f4bb9a5d64 Fix typo (ITS#2379) 2003-03-15 23:36:23 +00:00
Howard Chu
bd935956f4 ITS#2366 typos 2003-03-12 21:51:17 +00:00
Kurt Zeilenga
bdf02dde71 clarify "by anonymous auth" semantics 2003-03-12 16:25:20 +00:00
Kurt Zeilenga
63041611c5 Add comment about LDAPv2 2003-03-10 15:41:55 +00:00
Kurt Zeilenga
472a79f211 LDAPv2 is Historic 2003-03-10 15:34:14 +00:00
Kurt Zeilenga
6fb4582d5c suffixalias is no longer supported 2003-03-07 18:57:30 +00:00
Howard Chu
a60f6fe1a3 Added proxy-whoami keyword and some mention of connection pooling. Depends 
on libldap_r, proxy authz control...
 2003-02-26 16:35:09 +00:00
Kurt Zeilenga
63efc41728 clarify global ACL use 
clarify root and subschema DSE ACLs
 2003-02-24 19:53:03 +00:00
Kurt Zeilenga
607215a8d6 Some dn.regex clarifications 2003-02-23 19:38:32 +00:00
Kurt Zeilenga
f620aa08f9 Max workers was lowered to 16. 2003-02-21 07:18:43 +00:00
Kurt Zeilenga
85fe59c830 Misc updates 2003-02-10 20:33:49 +00:00
Kurt Zeilenga
bfa3448128 Remove domain= ACL examples, add security consideration. 2003-02-09 07:07:39 +00:00
Kurt Zeilenga
5abec40030 Document URI and SASL directives 2003-02-09 06:49:34 +00:00
Kurt Zeilenga
698d73d5f3 Disable reverse lookups by default for security 
(and performance) reasons.
 2003-02-08 07:40:19 +00:00
Pierangelo Masarati
f19df0a307 add 'rebind-as-user' according to back-ldap's implementation 2003-02-05 22:04:20 +00:00
Kurt Zeilenga
1aae1854ac delete (7) after UTF-8 2003-02-05 20:42:50 +00:00
Kurt Zeilenga
81d533571b fix syntax error 2003-02-05 20:38:58 +00:00
Pierangelo Masarati
eed2d5db4d only document 'subtree', but also allow 'sub' 2003-02-05 20:38:42 +00:00
Pierangelo Masarati
381e293b41 allow 'sub' and 'subtree' in acl (fix ITS#2300) 2003-02-05 19:39:34 +00:00
Pierangelo Masarati
ac895cd4d5 document the multiple URI feature 2003-02-04 19:50:17 +00:00
Pierangelo Masarati
55d21236d1 comment a useful feature of using URIs 2003-02-04 19:43:10 +00:00
Kurt Zeilenga
b53eef9b81 -V updates 2003-01-20 21:16:58 +00:00
Kurt Zeilenga
3202e544e3 Added -V support 2003-01-20 20:50:15 +00:00
Hallvard Furuseth
1fbbc11811 Fix LBER_ERROR vs. -1 confusion. 2003-01-19 13:10:17 +00:00
Kurt Zeilenga
d2bb1b5691 Add a few notes about intended usage of these backends 2003-01-09 12:07:14 +00:00
Kurt Zeilenga
6939c53170 Happy new year 2003-01-03 20:20:47 +00:00
Kurt Zeilenga
968fced135 Happy new year! 2003-01-03 20:04:17 +00:00
Hallvard Furuseth
3dca6b67a5 Fix typo. 2002-12-16 07:32:06 +00:00
Hallvard Furuseth
5ca8773a8b Fix typos. 2002-12-16 07:31:13 +00:00
Hallvard Furuseth
09df53687e Make links to ber_bvfree and others, and add them to NAME section. 2002-12-16 07:29:43 +00:00
Hallvard Furuseth
7ce4a611dc Fix ldap_extended_s(3) -> ldap_extended_operation(3) 2002-12-16 07:28:10 +00:00
Pierangelo Masarati
df5d69df8f allow a custom error log file for plugins by means of a slapd.conf directive; add very bare-bone back-monitor info about installed plugins 2002-12-14 15:04:37 +00:00
Howard Chu
143603690f Added searchstack keyword description. (Sorry, I don't like the word "slab"...) 2002-12-12 23:39:21 +00:00
Hallvard Furuseth
54728f367e Implement user-defined tagging attribute options and ranges 2002-12-12 13:56:05 +00:00
Pierangelo Masarati
9cce5e4c98 a skeleton of slapd.conf directives for SLAPI configuration (lot to do) 2002-12-07 18:03:13 +00:00
Kurt Zeilenga
01660fbdd9 Minor cleanup 2002-12-05 03:30:20 +00:00
Kurt Zeilenga
4a0bfbdd64 Add ldapwhoami/ldapcompre to flags map 2002-12-05 00:19:21 +00:00
Kurt Zeilenga
618877cd39 remove proxy authorization (as first-cut was committed) 2002-12-03 18:45:42 +00:00
Kurt Zeilenga
b41ab2502f Revamp TODO list a bit 2002-11-27 19:56:58 +00:00
Kurt Zeilenga
e27d7a0d5a Remove autoconf task, best left to a committer (or me) 2002-11-26 17:57:32 +00:00
Pierangelo Masarati
65efd6a185 fix -h option example for multi-URI handling (as suggested by Roland Bauerschmidt <rb@debian.org>) 2002-11-24 21:52:48 +00:00
Pierangelo Masarati
8473f6e778 set keyword to noEstimate and document it 2002-11-21 20:57:00 +00:00
Pierangelo Masarati
59aea47963 improve limits handling and consistency; return "Admin limit exceeded" instead of "Unwilling to perform" 2002-11-21 12:58:59 +00:00
Pierangelo Masarati
b9e442d7de clarify how to specify no limits 2002-10-31 11:26:19 +00:00
Pierangelo Masarati
53e1930fd0 use keyword "unlimited" instead of -1 for no limits 2002-10-31 09:57:24 +00:00
Kurt Zeilenga
492c5b83f8 Misc cleanup 2002-10-27 21:45:17 +00:00
Kurt Zeilenga
f72dbc212f forced change for testing 2002-10-26 02:58:31 +00:00
Kurt Zeilenga
c14cbc1fb7 Update anon 2002-10-26 02:53:36 +00:00
Pierangelo Masarati
86dbdc1ddb document socket permission extension to ldapi:// 2002-10-23 14:22:21 +00:00
Kurt Zeilenga
54570d22ca Misc updates 2002-10-17 05:59:57 +00:00
Kurt Zeilenga
6bc33d28c0 Note --without-threads limitation 2002-10-16 16:54:27 +00:00
Kurt Zeilenga
dd3279eab0 Clarify new "entry" ACLs 2002-10-10 04:27:23 +00:00
Kurt Zeilenga
1ca552dff7 Add DIT Structure Rules and Name Forms 2002-10-10 04:19:46 +00:00
Kurt Zeilenga
f914c0545c Fix multiple NAME example 2002-10-10 01:34:55 +00:00
Kurt Zeilenga
023d0e2a5c Rework unprotected simple bind checks 2002-10-08 19:03:18 +00:00
Kurt Zeilenga
2fd41add70 Clarify unprotected simple bind settings 2002-10-08 01:07:12 +00:00
Kurt Zeilenga
36fca96695 if "disallow bind_simple_unprotected", require at least SSF of 2 2002-10-08 01:06:49 +00:00
Kurt Zeilenga
90e320398a Clarify that "security ssf=n" applies to "disallow bind_simple_unprotected". 2002-10-08 00:51:19 +00:00
Kurt Zeilenga
880eced255 Clarify that v2 is disabled by default 2002-10-06 03:32:43 +00:00
Kurt Zeilenga
c46e00a34c Misc. cleanup 2002-10-04 19:08:10 +00:00
Kurt Zeilenga
de6ed4fde4 Undocument -C (chase referrals) 
(already removed from usage statements)
 2002-09-23 21:33:26 +00:00
Kurt Zeilenga
044b39f4ec Add Steven's I-Ds on LDAP/X.500 admin models 
Correct naming of older drafts
 2002-09-23 04:35:05 +00:00
Kurt Zeilenga
048d43512d -05 2002-09-22 18:21:23 +00:00
Kurt Zeilenga
b1cb903351 Add "IANA Considerations for LDAP" (rfc3383) 2002-09-20 20:50:53 +00:00
Kurt Zeilenga
68aebc05c9 Clean up hash password scheme stuff 2002-09-20 17:27:08 +00:00
Kurt Zeilenga
11a07153d6 Add some clarification as to what hash algorithms are used 
with each password-hash scheme.
 2002-09-20 17:12:58 +00:00
Kurt Zeilenga
e4d05f386a Add new LDAP RFCs 2002-09-19 04:43:28 +00:00
Kurt Zeilenga
bec2237439 Add the LDAPv3 TS. 2002-09-18 02:04:59 +00:00
Kurt Zeilenga
043e5c5a13 latest dupent I-D 2002-09-17 21:05:41 +00:00
Kurt Zeilenga
07a6d6c208 (re)insert reference to rfc2253 2002-09-09 07:01:51 +00:00
Kurt Zeilenga
b41d7df452 Add clarification 2002-09-09 06:59:51 +00:00
Kurt Zeilenga
be39bfd36a Update access control section to avoid regex usage 2002-09-09 06:53:11 +00:00
Kurt Zeilenga
64fcd8b043 Add note about "children" to access controls section. 
Clarify cut-n-past in quickstart.
 2002-09-09 00:47:01 +00:00
Kurt Zeilenga
f0a3a7bb47 Add reference to ldap.conf(5) 2002-09-04 21:00:11 +00:00
Kurt Zeilenga
2ca678ea2e More LDAPNOINIT statement to top of DESCRIPTION 2002-09-04 20:59:57 +00:00
Kurt Zeilenga
3cb2dc149d Document -R 2002-09-02 19:25:10 +00:00
Kurt Zeilenga
8f09321eb9 Clarify that rootpw is not needed when rootdn is not within database 2002-09-01 02:54:56 +00:00
Kurt Zeilenga
b67986cdde Format tweaks 2002-09-01 01:49:25 +00:00
Kurt Zeilenga
7901bc8f5b Reflect latest contributions 2002-09-01 01:47:59 +00:00
Pierangelo Masarati
5a0ba6e429 document another (optional) config directive 2002-08-31 10:27:49 +00:00
Kurt Zeilenga
d912c2c711 Rework client control parsing... need to implement 
common controls across all tools.
 2002-08-29 21:36:36 +00:00
Kurt Zeilenga
20ef1d9fe4 Misc updates... 2002-08-29 04:56:05 +00:00
Kurt Zeilenga
4114c96ccd More clarifications 2002-08-28 04:22:12 +00:00
Kurt Zeilenga
1e0cc6da35 Fix typo 2002-08-28 04:08:02 +00:00
Kurt Zeilenga
7c283a6685 Fix tables numbering. Add note able system schema extensions. 2002-08-28 04:05:07 +00:00
Kurt Zeilenga
22d3c7f24e Clarify that manageDsaIT is not to specified when managing 
entry DSEs.
 2002-08-28 01:20:03 +00:00
Kurt Zeilenga
4ef042fee4 Clean up filters 2002-08-28 01:16:25 +00:00
Kurt Zeilenga
44c214d4a0 Fix some formatting issues 2002-08-28 01:11:47 +00:00
Kurt Zeilenga
bb172cb518 clarify "authorization" feature as "proxy authorization". 2002-08-27 23:24:43 +00:00
Kurt Zeilenga
22915aac93 More OID clarifications. 2002-08-27 20:20:52 +00:00
Kurt Zeilenga
8c03d7ed4b Fix typos 2002-08-27 19:20:29 +00:00
Kurt Zeilenga
8889129762 Warn about hijacking. 2002-08-27 18:17:09 +00:00
Kurt Zeilenga
09e64b6fe8 Add note regard StartTLS over 389. 2002-08-26 22:10:32 +00:00
Kurt Zeilenga
bdcba5ad3a Add link to SDF tools at CPAN. 2002-08-24 23:37:59 +00:00
Kurt Zeilenga
18e4362b07 Add ldapwhoami(1) 2002-08-24 06:28:10 +00:00
Kurt Zeilenga
dabbefd908 Add -y. 2002-08-24 06:19:39 +00:00
Kurt Zeilenga
8de258d2e2 Patch: 'ldapmodify -y file' reads password from file (ITS#2031) 
================
Written by Hallvard B. Furuseth and placed into the public domain.
This software is not subject to any license of the University of Oslo.
            ================
Adapted by Kurt Zeilenga for inclusion in OpenLDAP.  My comments are
marked with enclosed with square brackets (e.g. [Kurt's comment] below.
            ================

If I run ldapmodify & co from a script, I don't want to use '-W password'
because the password shows up in the output of 'ps' for everyone,
and I can't pipe the password to 'ldapmodify -w' because -w uses
getpassphrase() which reads from the tty instead of stdin.
So I added '-y file' which reads the password from file.  The programs
exit if the file cannot be read.

[Complete contents of file is used as password.  Use:
	echo -n "secret" > password
to create a file with "secret" as the password.  The -n avoids
adding a newline (which would invalidate the password).  Note
that echo is a builtin and hence its arguments are not visible
to 'ps'.]

I changed ldapmodify, ldapmodrdn, ldapdelete, ldapsearch, ldapcompare.
I did not bother to change ldappasswd and ldapwhoami, because they
prompt for many passwords.  [I fixed up ldapwhoami.]

Rerun autoconf after applying this patch. [Done.]

Note:  I do not know if Windows NT has fstat(), so I set HAVE_FSTAT to
undef in portable.nt.  (fstat() is used to warn if the file is publicly
readable or writeable.)  [I used fstat() to set the buffer size to
read.]

[Note: using the contents of a file extends the tools to support
passwords which could not normally be provided using getpassphrase()
or via the command line.]

Hallvard B. Furuseth <h.b.furuseth@usit.uio.no>, Aug 2002.
[Kurt D. Zeilenga <kurt@openldap.org>, Aug 2002.]
 2002-08-24 05:47:17 +00:00
Pierangelo Masarati
f11c6b27e7 Final run of changes to back-sql; IBM db2 support has been tested. 
Now related ITSes need be audited and possibly closed.

Enhancements:
  - re-styled code for better readability
  - upgraded backend API to reflect recent changes
  - LDAP schema is checked when loading SQL/LDAP mapping
  - AttributeDescription/ObjectClass pointers used for more efficient
    mapping lookup
  - bervals used where string length is required often
  - atomized write operations by committing at the end of each operation
    and defaulting connection closure to rollback
  - added LDAP access control to write operations
  - fully implemented modrdn (with rdn attrs change, deleteoldrdn,
    access check, parent/children check and more)
  - added parent access control, children control to delete operation
  - added structuralObjectClass operational attribute check and
    value return on search
  - added hasSubordinate operational attribute on demand
  - search limits are appropriately enforced
  - function backsql_strcat() has been made more efficient
  - concat function has been made configurable by means of a pattern
  - added config switches:
      - fail_if_no_mapping	write operations fail if there is no mapping
      - has_ldapinfo_dn_ru	overrides autodetect
      - concat_pattern		a string containing two '?' is used
				(note that "?||?" should be more portable
				than builtin function "CONCAT(?,?)")
      - strcast_func		cast of string constants in "SELECT DISTINCT					statements (needed by PostgreSQL)
      - upper_needs_cast	cast the argument of upper when required
				(basically when building dn substring queries)

Todo:
  - add security checks for SQL statements that can be injected (?)
  - re-test with previously supported RDBMs
  - replace dn_ru and so with normalized dn (no need for upper() and so
    in dn match)
  - implement a backsql_normalize() function to replace the upper()
    conversion routines
  - note that subtree deletion, subtree renaming and so could be easily
    implemented (rollback and consistency checks are available :)
  - implement "lastmod" and other operational stuff (ldap_entries table ?)
 2002-08-23 08:54:08 +00:00
Howard Chu
33d5c0abd7 Fix errors in replica directive 2002-08-22 20:32:09 +00:00
Kurt Zeilenga
1b6c3fc57f Add dumpasn1 logging to TODO. 2002-08-21 18:45:08 +00:00
Kurt Zeilenga
22ec2b9e19 cleanup 2002-08-17 02:52:39 +00:00
Pierangelo Masarati
76e936e274 reflect recent additions to backend configuration 2002-08-13 17:13:57 +00:00
Kurt Zeilenga
d945a5aed9 minor updates 2002-08-12 18:07:24 +00:00
Howard Chu
1be4ab9d07 ITS#1893 Add (terse) schemadn description 2002-08-10 04:09:28 +00:00
Kurt Zeilenga
e2b8a3b139 Remove reference to getfilter(3) 2002-08-08 03:03:48 +00:00
Kurt Zeilenga
9c28c9b361 Zap LDAPv2-only stuff 2002-08-08 03:01:14 +00:00
Howard Chu
c3ca53cdfe Fix typo 2002-08-07 03:12:47 +00:00
Howard Chu
8971c2b730 ITS#1958 from Andrew Findlay with minor adjustments 2002-08-07 03:00:00 +00:00
Kurt Zeilenga
aab1f5b0a4 Minor updates 2002-08-05 20:05:25 +00:00
Kurt Zeilenga
884b476c32 Add note regarding user/system checks and operational attributes. 2002-08-02 00:55:50 +00:00
Kurt Zeilenga
fcae7e4286 namedref is now a Proposed Standard RFC 2002-07-24 15:48:27 +00:00