Kurt Zeilenga
6fb4582d5c
suffixalias is no longer supported
2003-03-07 18:57:30 +00:00
Howard Chu
a60f6fe1a3
Added proxy-whoami keyword and some mention of connection pooling. Depends
...
on libldap_r, proxy authz control...
2003-02-26 16:35:09 +00:00
Kurt Zeilenga
63efc41728
clarify global ACL use
...
clarify root and subschema DSE ACLs
2003-02-24 19:53:03 +00:00
Kurt Zeilenga
607215a8d6
Some dn.regex clarifications
2003-02-23 19:38:32 +00:00
Kurt Zeilenga
f620aa08f9
Max workers was lowered to 16.
2003-02-21 07:18:43 +00:00
Kurt Zeilenga
85fe59c830
Misc updates
2003-02-10 20:33:49 +00:00
Kurt Zeilenga
bfa3448128
Remove domain= ACL examples, add security consideration.
2003-02-09 07:07:39 +00:00
Kurt Zeilenga
5abec40030
Document URI and SASL directives
2003-02-09 06:49:34 +00:00
Kurt Zeilenga
698d73d5f3
Disable reverse lookups by default for security
...
(and performance) reasons.
2003-02-08 07:40:19 +00:00
Pierangelo Masarati
f19df0a307
add 'rebind-as-user' according to back-ldap's implementation
2003-02-05 22:04:20 +00:00
Kurt Zeilenga
1aae1854ac
delete (7) after UTF-8
2003-02-05 20:42:50 +00:00
Kurt Zeilenga
81d533571b
fix syntax error
2003-02-05 20:38:58 +00:00
Pierangelo Masarati
eed2d5db4d
only document 'subtree', but also allow 'sub'
2003-02-05 20:38:42 +00:00
Pierangelo Masarati
381e293b41
allow 'sub' and 'subtree' in acl (fix ITS#2300)
2003-02-05 19:39:34 +00:00
Pierangelo Masarati
ac895cd4d5
document the multiple URI feature
2003-02-04 19:50:17 +00:00
Pierangelo Masarati
55d21236d1
comment a useful feature of using URIs
2003-02-04 19:43:10 +00:00
Kurt Zeilenga
b53eef9b81
-V updates
2003-01-20 21:16:58 +00:00
Kurt Zeilenga
3202e544e3
Added -V support
2003-01-20 20:50:15 +00:00
Hallvard Furuseth
1fbbc11811
Fix LBER_ERROR vs. -1 confusion.
2003-01-19 13:10:17 +00:00
Kurt Zeilenga
d2bb1b5691
Add a few notes about intended usage of these backends
2003-01-09 12:07:14 +00:00
Kurt Zeilenga
6939c53170
Happy new year
2003-01-03 20:20:47 +00:00
Kurt Zeilenga
968fced135
Happy new year!
2003-01-03 20:04:17 +00:00
Hallvard Furuseth
3dca6b67a5
Fix typo.
2002-12-16 07:32:06 +00:00
Hallvard Furuseth
5ca8773a8b
Fix typos.
2002-12-16 07:31:13 +00:00
Hallvard Furuseth
09df53687e
Make links to ber_bvfree and others, and add them to NAME section.
2002-12-16 07:29:43 +00:00
Hallvard Furuseth
7ce4a611dc
Fix ldap_extended_s(3) -> ldap_extended_operation(3)
2002-12-16 07:28:10 +00:00
Pierangelo Masarati
df5d69df8f
allow a custom error log file for plugins by means of a slapd.conf directive; add very bare-bone back-monitor info about installed plugins
2002-12-14 15:04:37 +00:00
Howard Chu
143603690f
Added searchstack keyword description. (Sorry, I don't like the word "slab"...)
2002-12-12 23:39:21 +00:00
Hallvard Furuseth
54728f367e
Implement user-defined tagging attribute options and ranges
2002-12-12 13:56:05 +00:00
Pierangelo Masarati
9cce5e4c98
a skeleton of slapd.conf directives for SLAPI configuration (lot to do)
2002-12-07 18:03:13 +00:00
Kurt Zeilenga
01660fbdd9
Minor cleanup
2002-12-05 03:30:20 +00:00
Kurt Zeilenga
4a0bfbdd64
Add ldapwhoami/ldapcompre to flags map
2002-12-05 00:19:21 +00:00
Kurt Zeilenga
618877cd39
remove proxy authorization (as first-cut was committed)
2002-12-03 18:45:42 +00:00
Kurt Zeilenga
b41ab2502f
Revamp TODO list a bit
2002-11-27 19:56:58 +00:00
Kurt Zeilenga
e27d7a0d5a
Remove autoconf task, best left to a committer (or me)
2002-11-26 17:57:32 +00:00
Pierangelo Masarati
65efd6a185
fix -h option example for multi-URI handling (as suggested by Roland Bauerschmidt <rb@debian.org>)
2002-11-24 21:52:48 +00:00
Pierangelo Masarati
8473f6e778
set keyword to noEstimate and document it
2002-11-21 20:57:00 +00:00
Pierangelo Masarati
59aea47963
improve limits handling and consistency; return "Admin limit exceeded" instead of "Unwilling to perform"
2002-11-21 12:58:59 +00:00
Pierangelo Masarati
b9e442d7de
clarify how to specify no limits
2002-10-31 11:26:19 +00:00
Pierangelo Masarati
53e1930fd0
use keyword "unlimited" instead of -1 for no limits
2002-10-31 09:57:24 +00:00
Kurt Zeilenga
492c5b83f8
Misc cleanup
2002-10-27 21:45:17 +00:00
Kurt Zeilenga
f72dbc212f
forced change for testing
2002-10-26 02:58:31 +00:00
Kurt Zeilenga
c14cbc1fb7
Update anon
2002-10-26 02:53:36 +00:00
Pierangelo Masarati
86dbdc1ddb
document socket permission extension to ldapi://
2002-10-23 14:22:21 +00:00
Kurt Zeilenga
54570d22ca
Misc updates
2002-10-17 05:59:57 +00:00
Kurt Zeilenga
6bc33d28c0
Note --without-threads limitation
2002-10-16 16:54:27 +00:00
Kurt Zeilenga
dd3279eab0
Clarify new "entry" ACLs
2002-10-10 04:27:23 +00:00
Kurt Zeilenga
1ca552dff7
Add DIT Structure Rules and Name Forms
2002-10-10 04:19:46 +00:00
Kurt Zeilenga
f914c0545c
Fix multiple NAME example
2002-10-10 01:34:55 +00:00
Kurt Zeilenga
023d0e2a5c
Rework unprotected simple bind checks
2002-10-08 19:03:18 +00:00
Kurt Zeilenga
2fd41add70
Clarify unprotected simple bind settings
2002-10-08 01:07:12 +00:00
Kurt Zeilenga
36fca96695
if "disallow bind_simple_unprotected", require at least SSF of 2
2002-10-08 01:06:49 +00:00
Kurt Zeilenga
90e320398a
Clarify that "security ssf=n" applies to "disallow bind_simple_unprotected".
2002-10-08 00:51:19 +00:00
Kurt Zeilenga
880eced255
Clarify that v2 is disabled by default
2002-10-06 03:32:43 +00:00
Kurt Zeilenga
c46e00a34c
Misc. cleanup
2002-10-04 19:08:10 +00:00
Kurt Zeilenga
de6ed4fde4
Undocument -C (chase referrals)
...
(already removed from usage statements)
2002-09-23 21:33:26 +00:00
Kurt Zeilenga
044b39f4ec
Add Steven's I-Ds on LDAP/X.500 admin models
...
Correct naming of older drafts
2002-09-23 04:35:05 +00:00
Kurt Zeilenga
048d43512d
-05
2002-09-22 18:21:23 +00:00
Kurt Zeilenga
b1cb903351
Add "IANA Considerations for LDAP" (rfc3383)
2002-09-20 20:50:53 +00:00
Kurt Zeilenga
68aebc05c9
Clean up hash password scheme stuff
2002-09-20 17:27:08 +00:00
Kurt Zeilenga
11a07153d6
Add some clarification as to what hash algorithms are used
...
with each password-hash scheme.
2002-09-20 17:12:58 +00:00
Kurt Zeilenga
e4d05f386a
Add new LDAP RFCs
2002-09-19 04:43:28 +00:00
Kurt Zeilenga
bec2237439
Add the LDAPv3 TS.
2002-09-18 02:04:59 +00:00
Kurt Zeilenga
043e5c5a13
latest dupent I-D
2002-09-17 21:05:41 +00:00
Kurt Zeilenga
07a6d6c208
(re)insert reference to rfc2253
2002-09-09 07:01:51 +00:00
Kurt Zeilenga
b41d7df452
Add clarification
2002-09-09 06:59:51 +00:00
Kurt Zeilenga
be39bfd36a
Update access control section to avoid regex usage
2002-09-09 06:53:11 +00:00
Kurt Zeilenga
64fcd8b043
Add note about "children" to access controls section.
...
Clarify cut-n-past in quickstart.
2002-09-09 00:47:01 +00:00
Kurt Zeilenga
f0a3a7bb47
Add reference to ldap.conf(5)
2002-09-04 21:00:11 +00:00
Kurt Zeilenga
2ca678ea2e
More LDAPNOINIT statement to top of DESCRIPTION
2002-09-04 20:59:57 +00:00
Kurt Zeilenga
3cb2dc149d
Document -R
2002-09-02 19:25:10 +00:00
Kurt Zeilenga
8f09321eb9
Clarify that rootpw is not needed when rootdn is not within database
2002-09-01 02:54:56 +00:00
Kurt Zeilenga
b67986cdde
Format tweaks
2002-09-01 01:49:25 +00:00
Kurt Zeilenga
7901bc8f5b
Reflect latest contributions
2002-09-01 01:47:59 +00:00
Pierangelo Masarati
5a0ba6e429
document another (optional) config directive
2002-08-31 10:27:49 +00:00
Kurt Zeilenga
d912c2c711
Rework client control parsing... need to implement
...
common controls across all tools.
2002-08-29 21:36:36 +00:00
Kurt Zeilenga
20ef1d9fe4
Misc updates...
2002-08-29 04:56:05 +00:00
Kurt Zeilenga
4114c96ccd
More clarifications
2002-08-28 04:22:12 +00:00
Kurt Zeilenga
1e0cc6da35
Fix typo
2002-08-28 04:08:02 +00:00
Kurt Zeilenga
7c283a6685
Fix tables numbering. Add note able system schema extensions.
2002-08-28 04:05:07 +00:00
Kurt Zeilenga
22d3c7f24e
Clarify that manageDsaIT is not to specified when managing
...
entry DSEs.
2002-08-28 01:20:03 +00:00
Kurt Zeilenga
4ef042fee4
Clean up filters
2002-08-28 01:16:25 +00:00
Kurt Zeilenga
44c214d4a0
Fix some formatting issues
2002-08-28 01:11:47 +00:00
Kurt Zeilenga
bb172cb518
clarify "authorization" feature as "proxy authorization".
2002-08-27 23:24:43 +00:00
Kurt Zeilenga
22915aac93
More OID clarifications.
2002-08-27 20:20:52 +00:00
Kurt Zeilenga
8c03d7ed4b
Fix typos
2002-08-27 19:20:29 +00:00
Kurt Zeilenga
8889129762
Warn about hijacking.
2002-08-27 18:17:09 +00:00
Kurt Zeilenga
09e64b6fe8
Add note regard StartTLS over 389.
2002-08-26 22:10:32 +00:00
Kurt Zeilenga
bdcba5ad3a
Add link to SDF tools at CPAN.
2002-08-24 23:37:59 +00:00
Kurt Zeilenga
18e4362b07
Add ldapwhoami(1)
2002-08-24 06:28:10 +00:00
Kurt Zeilenga
dabbefd908
Add -y.
2002-08-24 06:19:39 +00:00
Kurt Zeilenga
8de258d2e2
Patch: 'ldapmodify -y file' reads password from file (ITS#2031)
...
================
Written by Hallvard B. Furuseth and placed into the public domain.
This software is not subject to any license of the University of Oslo.
================
Adapted by Kurt Zeilenga for inclusion in OpenLDAP. My comments are
marked with enclosed with square brackets (e.g. [Kurt's comment] below.
================
If I run ldapmodify & co from a script, I don't want to use '-W password'
because the password shows up in the output of 'ps' for everyone,
and I can't pipe the password to 'ldapmodify -w' because -w uses
getpassphrase() which reads from the tty instead of stdin.
So I added '-y file' which reads the password from file. The programs
exit if the file cannot be read.
[Complete contents of file is used as password. Use:
echo -n "secret" > password
to create a file with "secret" as the password. The -n avoids
adding a newline (which would invalidate the password). Note
that echo is a builtin and hence its arguments are not visible
to 'ps'.]
I changed ldapmodify, ldapmodrdn, ldapdelete, ldapsearch, ldapcompare.
I did not bother to change ldappasswd and ldapwhoami, because they
prompt for many passwords. [I fixed up ldapwhoami.]
Rerun autoconf after applying this patch. [Done.]
Note: I do not know if Windows NT has fstat(), so I set HAVE_FSTAT to
undef in portable.nt. (fstat() is used to warn if the file is publicly
readable or writeable.) [I used fstat() to set the buffer size to
read.]
[Note: using the contents of a file extends the tools to support
passwords which could not normally be provided using getpassphrase()
or via the command line.]
Hallvard B. Furuseth <h.b.furuseth@usit.uio.no>, Aug 2002.
[Kurt D. Zeilenga <kurt@openldap.org>, Aug 2002.]
2002-08-24 05:47:17 +00:00
Pierangelo Masarati
f11c6b27e7
Final run of changes to back-sql; IBM db2 support has been tested.
...
Now related ITSes need be audited and possibly closed.
Enhancements:
- re-styled code for better readability
- upgraded backend API to reflect recent changes
- LDAP schema is checked when loading SQL/LDAP mapping
- AttributeDescription/ObjectClass pointers used for more efficient
mapping lookup
- bervals used where string length is required often
- atomized write operations by committing at the end of each operation
and defaulting connection closure to rollback
- added LDAP access control to write operations
- fully implemented modrdn (with rdn attrs change, deleteoldrdn,
access check, parent/children check and more)
- added parent access control, children control to delete operation
- added structuralObjectClass operational attribute check and
value return on search
- added hasSubordinate operational attribute on demand
- search limits are appropriately enforced
- function backsql_strcat() has been made more efficient
- concat function has been made configurable by means of a pattern
- added config switches:
- fail_if_no_mapping write operations fail if there is no mapping
- has_ldapinfo_dn_ru overrides autodetect
- concat_pattern a string containing two '?' is used
(note that "?||?" should be more portable
than builtin function "CONCAT(?,?)")
- strcast_func cast of string constants in "SELECT DISTINCT statements (needed by PostgreSQL)
- upper_needs_cast cast the argument of upper when required
(basically when building dn substring queries)
Todo:
- add security checks for SQL statements that can be injected (?)
- re-test with previously supported RDBMs
- replace dn_ru and so with normalized dn (no need for upper() and so
in dn match)
- implement a backsql_normalize() function to replace the upper()
conversion routines
- note that subtree deletion, subtree renaming and so could be easily
implemented (rollback and consistency checks are available :)
- implement "lastmod" and other operational stuff (ldap_entries table ?)
2002-08-23 08:54:08 +00:00
Howard Chu
33d5c0abd7
Fix errors in replica directive
2002-08-22 20:32:09 +00:00
Kurt Zeilenga
1b6c3fc57f
Add dumpasn1 logging to TODO.
2002-08-21 18:45:08 +00:00
Kurt Zeilenga
22ec2b9e19
cleanup
2002-08-17 02:52:39 +00:00
Pierangelo Masarati
76e936e274
reflect recent additions to backend configuration
2002-08-13 17:13:57 +00:00
Kurt Zeilenga
d945a5aed9
minor updates
2002-08-12 18:07:24 +00:00
Howard Chu
1be4ab9d07
ITS#1893 Add (terse) schemadn description
2002-08-10 04:09:28 +00:00
Kurt Zeilenga
e2b8a3b139
Remove reference to getfilter(3)
2002-08-08 03:03:48 +00:00
Kurt Zeilenga
9c28c9b361
Zap LDAPv2-only stuff
2002-08-08 03:01:14 +00:00
Howard Chu
c3ca53cdfe
Fix typo
2002-08-07 03:12:47 +00:00
Howard Chu
8971c2b730
ITS#1958 from Andrew Findlay with minor adjustments
2002-08-07 03:00:00 +00:00
Kurt Zeilenga
aab1f5b0a4
Minor updates
2002-08-05 20:05:25 +00:00
Kurt Zeilenga
884b476c32
Add note regarding user/system checks and operational attributes.
2002-08-02 00:55:50 +00:00
Kurt Zeilenga
fcae7e4286
namedref is now a Proposed Standard RFC
2002-07-24 15:48:27 +00:00
Kurt Zeilenga
65b5f64a0e
Clarify use of slapd.conf(5) v ldap.conf(5).
2002-07-24 03:11:58 +00:00
Kurt Zeilenga
99133f7944
Fix a few typos
2002-07-10 03:12:47 +00:00
Kurt Zeilenga
b839e6fc8b
Remove misleading (untrue) text about known syntax OID macros.
2002-06-27 16:27:07 +00:00
Kurt Zeilenga
0cd54a7d27
Fix typo in last commit
2002-06-21 21:25:38 +00:00
Kurt Zeilenga
2893a78d0a
Add LIBRARY section to each man page
2002-06-21 07:32:54 +00:00
Kurt Zeilenga
95a835be51
Detail simple method
2002-06-19 01:39:26 +00:00
Howard Chu
55521da9cb
Minor cleanup, add mention of BDB to tests
2002-06-18 19:35:29 +00:00
Kurt Zeilenga
39071ff932
SSF updates
2002-06-18 08:02:36 +00:00
Kurt Zeilenga
0d21db2858
SSF discussion
2002-06-18 07:41:56 +00:00
Kurt Zeilenga
2119d34ec6
More security considerations
2002-06-18 07:11:58 +00:00
Kurt Zeilenga
a50f336032
Add some basic network security information
2002-06-18 00:55:39 +00:00
Howard Chu
63b948806d
In rootdn, add ref to SASL Authentication identities
2002-06-18 00:23:40 +00:00
Kurt Zeilenga
4c3f1fea00
Add initial security chapter (intro only).
2002-06-18 00:11:36 +00:00
Kurt Zeilenga
a4bcf4c630
Reorganize chapters
2002-06-18 00:05:23 +00:00
Kurt Zeilenga
cbaf9f6649
Make it clear that ldap_explode_dn() and friends are deprecated.
2002-06-17 22:45:34 +00:00
Kurt Zeilenga
9a38d98d37
Add option to disallow unprotected simple authentication.
...
Add protected simple authentication as a "strong" mechanism.
2002-06-17 22:18:27 +00:00
Kurt Zeilenga
7cfb89cf96
Formatting fix
2002-06-17 05:57:09 +00:00
Kurt Zeilenga
647d1ad562
Some LDBM v BDB cleanup
2002-06-17 05:56:55 +00:00
Kurt Zeilenga
9cee733563
add rootpw hash password comments
2002-06-17 05:33:32 +00:00
Kurt Zeilenga
b818a12f03
Reference slapd-bdb and slapd-ldbm man pages.
...
Update index examples
2002-06-16 18:59:17 +00:00
Howard Chu
38de8a8483
Added CA and PEM terms
2002-06-16 12:31:17 +00:00
Howard Chu
4405c1ab27
Added TLS configuration, mostly the same as the man pages but fleshed
...
out a little more.
2002-06-16 12:24:16 +00:00
Howard Chu
98b1e09c44
Note that TLS_CERT and TLS_KEY are user-only options.
2002-06-16 12:10:23 +00:00
Howard Chu
5d8ce71c83
More minor cleanup
2002-06-16 08:46:41 +00:00
Howard Chu
dca986280e
Fix typo in previous commit
2002-06-16 07:29:06 +00:00
Howard Chu
0f0c268c6d
Minor cleanup and reformat, added TLS options.
2002-06-16 07:19:31 +00:00
Kurt Zeilenga
7d14f78c0e
Fix invalid search filter
2002-06-16 06:12:26 +00:00
Kurt Zeilenga
acb2efde53
Add SSF access control example.
2002-06-16 00:11:51 +00:00
Kurt Zeilenga
3925c471f9
Reserve digit flags
2002-06-15 22:18:51 +00:00
Kurt Zeilenga
27fdd04153
Add -4/-6 flags to slapd to force use of IPv4 or IPv6
2002-06-15 22:01:39 +00:00
Howard Chu
bdd0c38571
Cleanup grammar, etc.
2002-06-15 01:00:50 +00:00
Kurt Zeilenga
1c88e892fe
Use host-less LDAP URLs
2002-06-14 22:12:27 +00:00
Howard Chu
e0a359ef6c
Changed "saslRegexp" to "sasl-regexp". (Both are valid, but this is
...
more consistent with the other sasl directives.)
2002-06-14 22:06:23 +00:00
Howard Chu
09d093698c
Typos - "TCP" backend should be "TCL"
2002-06-14 21:59:23 +00:00
Kurt Zeilenga
db77cbdc35
Misc formatting changes
2002-06-14 21:47:09 +00:00
Kurt Zeilenga
b8f8869432
Remove extra BDB define
2002-06-14 21:42:55 +00:00
Kurt Zeilenga
045a8fb8be
LDBM->BDB updates
2002-06-14 21:19:42 +00:00
Kurt Zeilenga
76cb3243d3
Misc cleanup
2002-06-14 20:53:52 +00:00
Kurt Zeilenga
220b41bc91
Patch: Bugs with back-ldap/meta mappings (ITS#1787)
...
================
Written by Hallvard B. Furuseth and placed into the public domain.
This software is not subject to any license of the University of Oslo.
================
manpage patch for ITS#1787.
2002-06-14 20:41:40 +00:00
Howard Chu
3ee908649a
Added a bit about client and server certificates.
2002-06-14 13:35:09 +00:00
Howard Chu
4082c7a12d
Another typo, mistake in previous commit
2002-06-14 13:18:15 +00:00
Howard Chu
286c97f20a
Fix typos, add a brief mention of Authorization Policy configuration
2002-06-14 13:03:20 +00:00
Howard Chu
75012bf5ac
Fix EX: typo
2002-06-14 13:01:48 +00:00
Howard Chu
0d6c14b41d
*** empty log message ***
2002-06-14 12:38:32 +00:00