Commit Graph

972 Commits

Author SHA1 Message Date
Kurt Zeilenga
6fb4582d5c suffixalias is no longer supported 2003-03-07 18:57:30 +00:00
Howard Chu
a60f6fe1a3 Added proxy-whoami keyword and some mention of connection pooling. Depends
on libldap_r, proxy authz control...
2003-02-26 16:35:09 +00:00
Kurt Zeilenga
63efc41728 clarify global ACL use
clarify root and subschema DSE ACLs
2003-02-24 19:53:03 +00:00
Kurt Zeilenga
607215a8d6 Some dn.regex clarifications 2003-02-23 19:38:32 +00:00
Kurt Zeilenga
f620aa08f9 Max workers was lowered to 16. 2003-02-21 07:18:43 +00:00
Kurt Zeilenga
85fe59c830 Misc updates 2003-02-10 20:33:49 +00:00
Kurt Zeilenga
bfa3448128 Remove domain= ACL examples, add security consideration. 2003-02-09 07:07:39 +00:00
Kurt Zeilenga
5abec40030 Document URI and SASL directives 2003-02-09 06:49:34 +00:00
Kurt Zeilenga
698d73d5f3 Disable reverse lookups by default for security
(and performance) reasons.
2003-02-08 07:40:19 +00:00
Pierangelo Masarati
f19df0a307 add 'rebind-as-user' according to back-ldap's implementation 2003-02-05 22:04:20 +00:00
Kurt Zeilenga
1aae1854ac delete (7) after UTF-8 2003-02-05 20:42:50 +00:00
Kurt Zeilenga
81d533571b fix syntax error 2003-02-05 20:38:58 +00:00
Pierangelo Masarati
eed2d5db4d only document 'subtree', but also allow 'sub' 2003-02-05 20:38:42 +00:00
Pierangelo Masarati
381e293b41 allow 'sub' and 'subtree' in acl (fix ITS#2300) 2003-02-05 19:39:34 +00:00
Pierangelo Masarati
ac895cd4d5 document the multiple URI feature 2003-02-04 19:50:17 +00:00
Pierangelo Masarati
55d21236d1 comment a useful feature of using URIs 2003-02-04 19:43:10 +00:00
Kurt Zeilenga
b53eef9b81 -V updates 2003-01-20 21:16:58 +00:00
Kurt Zeilenga
3202e544e3 Added -V support 2003-01-20 20:50:15 +00:00
Hallvard Furuseth
1fbbc11811 Fix LBER_ERROR vs. -1 confusion. 2003-01-19 13:10:17 +00:00
Kurt Zeilenga
d2bb1b5691 Add a few notes about intended usage of these backends 2003-01-09 12:07:14 +00:00
Kurt Zeilenga
6939c53170 Happy new year 2003-01-03 20:20:47 +00:00
Kurt Zeilenga
968fced135 Happy new year! 2003-01-03 20:04:17 +00:00
Hallvard Furuseth
3dca6b67a5 Fix typo. 2002-12-16 07:32:06 +00:00
Hallvard Furuseth
5ca8773a8b Fix typos. 2002-12-16 07:31:13 +00:00
Hallvard Furuseth
09df53687e Make links to ber_bvfree and others, and add them to NAME section. 2002-12-16 07:29:43 +00:00
Hallvard Furuseth
7ce4a611dc Fix ldap_extended_s(3) -> ldap_extended_operation(3) 2002-12-16 07:28:10 +00:00
Pierangelo Masarati
df5d69df8f allow a custom error log file for plugins by means of a slapd.conf directive; add very bare-bone back-monitor info about installed plugins 2002-12-14 15:04:37 +00:00
Howard Chu
143603690f Added searchstack keyword description. (Sorry, I don't like the word "slab"...) 2002-12-12 23:39:21 +00:00
Hallvard Furuseth
54728f367e Implement user-defined tagging attribute options and ranges 2002-12-12 13:56:05 +00:00
Pierangelo Masarati
9cce5e4c98 a skeleton of slapd.conf directives for SLAPI configuration (lot to do) 2002-12-07 18:03:13 +00:00
Kurt Zeilenga
01660fbdd9 Minor cleanup 2002-12-05 03:30:20 +00:00
Kurt Zeilenga
4a0bfbdd64 Add ldapwhoami/ldapcompre to flags map 2002-12-05 00:19:21 +00:00
Kurt Zeilenga
618877cd39 remove proxy authorization (as first-cut was committed) 2002-12-03 18:45:42 +00:00
Kurt Zeilenga
b41ab2502f Revamp TODO list a bit 2002-11-27 19:56:58 +00:00
Kurt Zeilenga
e27d7a0d5a Remove autoconf task, best left to a committer (or me) 2002-11-26 17:57:32 +00:00
Pierangelo Masarati
65efd6a185 fix -h option example for multi-URI handling (as suggested by Roland Bauerschmidt <rb@debian.org>) 2002-11-24 21:52:48 +00:00
Pierangelo Masarati
8473f6e778 set keyword to noEstimate and document it 2002-11-21 20:57:00 +00:00
Pierangelo Masarati
59aea47963 improve limits handling and consistency; return "Admin limit exceeded" instead of "Unwilling to perform" 2002-11-21 12:58:59 +00:00
Pierangelo Masarati
b9e442d7de clarify how to specify no limits 2002-10-31 11:26:19 +00:00
Pierangelo Masarati
53e1930fd0 use keyword "unlimited" instead of -1 for no limits 2002-10-31 09:57:24 +00:00
Kurt Zeilenga
492c5b83f8 Misc cleanup 2002-10-27 21:45:17 +00:00
Kurt Zeilenga
f72dbc212f forced change for testing 2002-10-26 02:58:31 +00:00
Kurt Zeilenga
c14cbc1fb7 Update anon 2002-10-26 02:53:36 +00:00
Pierangelo Masarati
86dbdc1ddb document socket permission extension to ldapi:// 2002-10-23 14:22:21 +00:00
Kurt Zeilenga
54570d22ca Misc updates 2002-10-17 05:59:57 +00:00
Kurt Zeilenga
6bc33d28c0 Note --without-threads limitation 2002-10-16 16:54:27 +00:00
Kurt Zeilenga
dd3279eab0 Clarify new "entry" ACLs 2002-10-10 04:27:23 +00:00
Kurt Zeilenga
1ca552dff7 Add DIT Structure Rules and Name Forms 2002-10-10 04:19:46 +00:00
Kurt Zeilenga
f914c0545c Fix multiple NAME example 2002-10-10 01:34:55 +00:00
Kurt Zeilenga
023d0e2a5c Rework unprotected simple bind checks 2002-10-08 19:03:18 +00:00
Kurt Zeilenga
2fd41add70 Clarify unprotected simple bind settings 2002-10-08 01:07:12 +00:00
Kurt Zeilenga
36fca96695 if "disallow bind_simple_unprotected", require at least SSF of 2 2002-10-08 01:06:49 +00:00
Kurt Zeilenga
90e320398a Clarify that "security ssf=n" applies to "disallow bind_simple_unprotected". 2002-10-08 00:51:19 +00:00
Kurt Zeilenga
880eced255 Clarify that v2 is disabled by default 2002-10-06 03:32:43 +00:00
Kurt Zeilenga
c46e00a34c Misc. cleanup 2002-10-04 19:08:10 +00:00
Kurt Zeilenga
de6ed4fde4 Undocument -C (chase referrals)
(already removed from usage statements)
2002-09-23 21:33:26 +00:00
Kurt Zeilenga
044b39f4ec Add Steven's I-Ds on LDAP/X.500 admin models
Correct naming of older drafts
2002-09-23 04:35:05 +00:00
Kurt Zeilenga
048d43512d -05 2002-09-22 18:21:23 +00:00
Kurt Zeilenga
b1cb903351 Add "IANA Considerations for LDAP" (rfc3383) 2002-09-20 20:50:53 +00:00
Kurt Zeilenga
68aebc05c9 Clean up hash password scheme stuff 2002-09-20 17:27:08 +00:00
Kurt Zeilenga
11a07153d6 Add some clarification as to what hash algorithms are used
with each password-hash scheme.
2002-09-20 17:12:58 +00:00
Kurt Zeilenga
e4d05f386a Add new LDAP RFCs 2002-09-19 04:43:28 +00:00
Kurt Zeilenga
bec2237439 Add the LDAPv3 TS. 2002-09-18 02:04:59 +00:00
Kurt Zeilenga
043e5c5a13 latest dupent I-D 2002-09-17 21:05:41 +00:00
Kurt Zeilenga
07a6d6c208 (re)insert reference to rfc2253 2002-09-09 07:01:51 +00:00
Kurt Zeilenga
b41d7df452 Add clarification 2002-09-09 06:59:51 +00:00
Kurt Zeilenga
be39bfd36a Update access control section to avoid regex usage 2002-09-09 06:53:11 +00:00
Kurt Zeilenga
64fcd8b043 Add note about "children" to access controls section.
Clarify cut-n-past in quickstart.
2002-09-09 00:47:01 +00:00
Kurt Zeilenga
f0a3a7bb47 Add reference to ldap.conf(5) 2002-09-04 21:00:11 +00:00
Kurt Zeilenga
2ca678ea2e More LDAPNOINIT statement to top of DESCRIPTION 2002-09-04 20:59:57 +00:00
Kurt Zeilenga
3cb2dc149d Document -R 2002-09-02 19:25:10 +00:00
Kurt Zeilenga
8f09321eb9 Clarify that rootpw is not needed when rootdn is not within database 2002-09-01 02:54:56 +00:00
Kurt Zeilenga
b67986cdde Format tweaks 2002-09-01 01:49:25 +00:00
Kurt Zeilenga
7901bc8f5b Reflect latest contributions 2002-09-01 01:47:59 +00:00
Pierangelo Masarati
5a0ba6e429 document another (optional) config directive 2002-08-31 10:27:49 +00:00
Kurt Zeilenga
d912c2c711 Rework client control parsing... need to implement
common controls across all tools.
2002-08-29 21:36:36 +00:00
Kurt Zeilenga
20ef1d9fe4 Misc updates... 2002-08-29 04:56:05 +00:00
Kurt Zeilenga
4114c96ccd More clarifications 2002-08-28 04:22:12 +00:00
Kurt Zeilenga
1e0cc6da35 Fix typo 2002-08-28 04:08:02 +00:00
Kurt Zeilenga
7c283a6685 Fix tables numbering. Add note able system schema extensions. 2002-08-28 04:05:07 +00:00
Kurt Zeilenga
22d3c7f24e Clarify that manageDsaIT is not to specified when managing
entry DSEs.
2002-08-28 01:20:03 +00:00
Kurt Zeilenga
4ef042fee4 Clean up filters 2002-08-28 01:16:25 +00:00
Kurt Zeilenga
44c214d4a0 Fix some formatting issues 2002-08-28 01:11:47 +00:00
Kurt Zeilenga
bb172cb518 clarify "authorization" feature as "proxy authorization". 2002-08-27 23:24:43 +00:00
Kurt Zeilenga
22915aac93 More OID clarifications. 2002-08-27 20:20:52 +00:00
Kurt Zeilenga
8c03d7ed4b Fix typos 2002-08-27 19:20:29 +00:00
Kurt Zeilenga
8889129762 Warn about hijacking. 2002-08-27 18:17:09 +00:00
Kurt Zeilenga
09e64b6fe8 Add note regard StartTLS over 389. 2002-08-26 22:10:32 +00:00
Kurt Zeilenga
bdcba5ad3a Add link to SDF tools at CPAN. 2002-08-24 23:37:59 +00:00
Kurt Zeilenga
18e4362b07 Add ldapwhoami(1) 2002-08-24 06:28:10 +00:00
Kurt Zeilenga
dabbefd908 Add -y. 2002-08-24 06:19:39 +00:00
Kurt Zeilenga
8de258d2e2 Patch: 'ldapmodify -y file' reads password from file (ITS#2031)
================
Written by Hallvard B. Furuseth and placed into the public domain.
This software is not subject to any license of the University of Oslo.
            ================
Adapted by Kurt Zeilenga for inclusion in OpenLDAP.  My comments are
marked with enclosed with square brackets (e.g. [Kurt's comment] below.
            ================

If I run ldapmodify & co from a script, I don't want to use '-W password'
because the password shows up in the output of 'ps' for everyone,
and I can't pipe the password to 'ldapmodify -w' because -w uses
getpassphrase() which reads from the tty instead of stdin.
So I added '-y file' which reads the password from file.  The programs
exit if the file cannot be read.

[Complete contents of file is used as password.  Use:
	echo -n "secret" > password
to create a file with "secret" as the password.  The -n avoids
adding a newline (which would invalidate the password).  Note
that echo is a builtin and hence its arguments are not visible
to 'ps'.]

I changed ldapmodify, ldapmodrdn, ldapdelete, ldapsearch, ldapcompare.
I did not bother to change ldappasswd and ldapwhoami, because they
prompt for many passwords.  [I fixed up ldapwhoami.]

Rerun autoconf after applying this patch. [Done.]

Note:  I do not know if Windows NT has fstat(), so I set HAVE_FSTAT to
undef in portable.nt.  (fstat() is used to warn if the file is publicly
readable or writeable.)  [I used fstat() to set the buffer size to
read.]

[Note: using the contents of a file extends the tools to support
passwords which could not normally be provided using getpassphrase()
or via the command line.]

Hallvard B. Furuseth <h.b.furuseth@usit.uio.no>, Aug 2002.
[Kurt D. Zeilenga <kurt@openldap.org>, Aug 2002.]
2002-08-24 05:47:17 +00:00
Pierangelo Masarati
f11c6b27e7 Final run of changes to back-sql; IBM db2 support has been tested.
Now related ITSes need be audited and possibly closed.

Enhancements:
  - re-styled code for better readability
  - upgraded backend API to reflect recent changes
  - LDAP schema is checked when loading SQL/LDAP mapping
  - AttributeDescription/ObjectClass pointers used for more efficient
    mapping lookup
  - bervals used where string length is required often
  - atomized write operations by committing at the end of each operation
    and defaulting connection closure to rollback
  - added LDAP access control to write operations
  - fully implemented modrdn (with rdn attrs change, deleteoldrdn,
    access check, parent/children check and more)
  - added parent access control, children control to delete operation
  - added structuralObjectClass operational attribute check and
    value return on search
  - added hasSubordinate operational attribute on demand
  - search limits are appropriately enforced
  - function backsql_strcat() has been made more efficient
  - concat function has been made configurable by means of a pattern
  - added config switches:
      - fail_if_no_mapping	write operations fail if there is no mapping
      - has_ldapinfo_dn_ru	overrides autodetect
      - concat_pattern		a string containing two '?' is used
				(note that "?||?" should be more portable
				than builtin function "CONCAT(?,?)")
      - strcast_func		cast of string constants in "SELECT DISTINCT					statements (needed by PostgreSQL)
      - upper_needs_cast	cast the argument of upper when required
				(basically when building dn substring queries)

Todo:
  - add security checks for SQL statements that can be injected (?)
  - re-test with previously supported RDBMs
  - replace dn_ru and so with normalized dn (no need for upper() and so
    in dn match)
  - implement a backsql_normalize() function to replace the upper()
    conversion routines
  - note that subtree deletion, subtree renaming and so could be easily
    implemented (rollback and consistency checks are available :)
  - implement "lastmod" and other operational stuff (ldap_entries table ?)
2002-08-23 08:54:08 +00:00
Howard Chu
33d5c0abd7 Fix errors in replica directive 2002-08-22 20:32:09 +00:00
Kurt Zeilenga
1b6c3fc57f Add dumpasn1 logging to TODO. 2002-08-21 18:45:08 +00:00
Kurt Zeilenga
22ec2b9e19 cleanup 2002-08-17 02:52:39 +00:00
Pierangelo Masarati
76e936e274 reflect recent additions to backend configuration 2002-08-13 17:13:57 +00:00
Kurt Zeilenga
d945a5aed9 minor updates 2002-08-12 18:07:24 +00:00
Howard Chu
1be4ab9d07 ITS#1893 Add (terse) schemadn description 2002-08-10 04:09:28 +00:00
Kurt Zeilenga
e2b8a3b139 Remove reference to getfilter(3) 2002-08-08 03:03:48 +00:00
Kurt Zeilenga
9c28c9b361 Zap LDAPv2-only stuff 2002-08-08 03:01:14 +00:00
Howard Chu
c3ca53cdfe Fix typo 2002-08-07 03:12:47 +00:00
Howard Chu
8971c2b730 ITS#1958 from Andrew Findlay with minor adjustments 2002-08-07 03:00:00 +00:00
Kurt Zeilenga
aab1f5b0a4 Minor updates 2002-08-05 20:05:25 +00:00
Kurt Zeilenga
884b476c32 Add note regarding user/system checks and operational attributes. 2002-08-02 00:55:50 +00:00
Kurt Zeilenga
fcae7e4286 namedref is now a Proposed Standard RFC 2002-07-24 15:48:27 +00:00
Kurt Zeilenga
65b5f64a0e Clarify use of slapd.conf(5) v ldap.conf(5). 2002-07-24 03:11:58 +00:00
Kurt Zeilenga
99133f7944 Fix a few typos 2002-07-10 03:12:47 +00:00
Kurt Zeilenga
b839e6fc8b Remove misleading (untrue) text about known syntax OID macros. 2002-06-27 16:27:07 +00:00
Kurt Zeilenga
0cd54a7d27 Fix typo in last commit 2002-06-21 21:25:38 +00:00
Kurt Zeilenga
2893a78d0a Add LIBRARY section to each man page 2002-06-21 07:32:54 +00:00
Kurt Zeilenga
95a835be51 Detail simple method 2002-06-19 01:39:26 +00:00
Howard Chu
55521da9cb Minor cleanup, add mention of BDB to tests 2002-06-18 19:35:29 +00:00
Kurt Zeilenga
39071ff932 SSF updates 2002-06-18 08:02:36 +00:00
Kurt Zeilenga
0d21db2858 SSF discussion 2002-06-18 07:41:56 +00:00
Kurt Zeilenga
2119d34ec6 More security considerations 2002-06-18 07:11:58 +00:00
Kurt Zeilenga
a50f336032 Add some basic network security information 2002-06-18 00:55:39 +00:00
Howard Chu
63b948806d In rootdn, add ref to SASL Authentication identities 2002-06-18 00:23:40 +00:00
Kurt Zeilenga
4c3f1fea00 Add initial security chapter (intro only). 2002-06-18 00:11:36 +00:00
Kurt Zeilenga
a4bcf4c630 Reorganize chapters 2002-06-18 00:05:23 +00:00
Kurt Zeilenga
cbaf9f6649 Make it clear that ldap_explode_dn() and friends are deprecated. 2002-06-17 22:45:34 +00:00
Kurt Zeilenga
9a38d98d37 Add option to disallow unprotected simple authentication.
Add protected simple authentication as a "strong" mechanism.
2002-06-17 22:18:27 +00:00
Kurt Zeilenga
7cfb89cf96 Formatting fix 2002-06-17 05:57:09 +00:00
Kurt Zeilenga
647d1ad562 Some LDBM v BDB cleanup 2002-06-17 05:56:55 +00:00
Kurt Zeilenga
9cee733563 add rootpw hash password comments 2002-06-17 05:33:32 +00:00
Kurt Zeilenga
b818a12f03 Reference slapd-bdb and slapd-ldbm man pages.
Update index examples
2002-06-16 18:59:17 +00:00
Howard Chu
38de8a8483 Added CA and PEM terms 2002-06-16 12:31:17 +00:00
Howard Chu
4405c1ab27 Added TLS configuration, mostly the same as the man pages but fleshed
out a little more.
2002-06-16 12:24:16 +00:00
Howard Chu
98b1e09c44 Note that TLS_CERT and TLS_KEY are user-only options. 2002-06-16 12:10:23 +00:00
Howard Chu
5d8ce71c83 More minor cleanup 2002-06-16 08:46:41 +00:00
Howard Chu
dca986280e Fix typo in previous commit 2002-06-16 07:29:06 +00:00
Howard Chu
0f0c268c6d Minor cleanup and reformat, added TLS options. 2002-06-16 07:19:31 +00:00
Kurt Zeilenga
7d14f78c0e Fix invalid search filter 2002-06-16 06:12:26 +00:00
Kurt Zeilenga
acb2efde53 Add SSF access control example. 2002-06-16 00:11:51 +00:00
Kurt Zeilenga
3925c471f9 Reserve digit flags 2002-06-15 22:18:51 +00:00
Kurt Zeilenga
27fdd04153 Add -4/-6 flags to slapd to force use of IPv4 or IPv6 2002-06-15 22:01:39 +00:00
Howard Chu
bdd0c38571 Cleanup grammar, etc. 2002-06-15 01:00:50 +00:00
Kurt Zeilenga
1c88e892fe Use host-less LDAP URLs 2002-06-14 22:12:27 +00:00
Howard Chu
e0a359ef6c Changed "saslRegexp" to "sasl-regexp". (Both are valid, but this is
more consistent with the other sasl directives.)
2002-06-14 22:06:23 +00:00
Howard Chu
09d093698c Typos - "TCP" backend should be "TCL" 2002-06-14 21:59:23 +00:00
Kurt Zeilenga
db77cbdc35 Misc formatting changes 2002-06-14 21:47:09 +00:00
Kurt Zeilenga
b8f8869432 Remove extra BDB define 2002-06-14 21:42:55 +00:00
Kurt Zeilenga
045a8fb8be LDBM->BDB updates 2002-06-14 21:19:42 +00:00
Kurt Zeilenga
76cb3243d3 Misc cleanup 2002-06-14 20:53:52 +00:00
Kurt Zeilenga
220b41bc91 Patch: Bugs with back-ldap/meta mappings (ITS#1787)
================
Written by Hallvard B. Furuseth and placed into the public domain.
This software is not subject to any license of the University of Oslo.
			================

manpage patch for ITS#1787.
2002-06-14 20:41:40 +00:00
Howard Chu
3ee908649a Added a bit about client and server certificates. 2002-06-14 13:35:09 +00:00
Howard Chu
4082c7a12d Another typo, mistake in previous commit 2002-06-14 13:18:15 +00:00
Howard Chu
286c97f20a Fix typos, add a brief mention of Authorization Policy configuration 2002-06-14 13:03:20 +00:00
Howard Chu
75012bf5ac Fix EX: typo 2002-06-14 13:01:48 +00:00
Howard Chu
0d6c14b41d *** empty log message *** 2002-06-14 12:38:32 +00:00