Commit Graph

1222 Commits

Author SHA1 Message Date
Howard Chu
a7bd9dc4f8 ITS#2890 fix Sleepycat URL 2004-01-24 04:08:18 +00:00
Kurt Zeilenga
e476580d85 clarify -t 2004-01-21 00:51:09 +00:00
Pierangelo Masarati
f5a9f62578 clarify that's useless to give write privileges to the roodn of a database... 2004-01-14 23:11:48 +00:00
Pierangelo Masarati
4dbc0b842a spacing (ITS#2916) 2004-01-10 11:17:52 +00:00
Kurt Zeilenga
62a0746126 Fix formating 2004-01-09 20:36:24 +00:00
Kurt Zeilenga
c8408d3c6a ITS#2906: report invalid userPassword schemes, clarify documentation 2004-01-09 04:11:57 +00:00
Kurt Zeilenga
3c598e89fb Happy new year 2004-01-01 19:15:16 +00:00
Kurt Zeilenga
b613a3d57d crypt(3) is not portable... 2003-12-30 01:37:38 +00:00
Kurt Zeilenga
f03c29257f Add new CSN draft
Remove GSER drafts (now available as RFCs)
2003-12-29 23:39:55 +00:00
Kurt Zeilenga
6776a17bee Collective Attributes and Subentries are now RFCs. 2003-12-29 18:40:10 +00:00
Pierangelo Masarati
3994dc645a allow to set max passes per rule 2003-12-29 18:02:49 +00:00
Pierangelo Masarati
9e86d9ffe2 clarify field description in rewriteRule statement 2003-12-29 17:12:29 +00:00
Pierangelo Masarati
c860ba6a23 fix, clarify and document previous commit 2003-12-29 17:06:43 +00:00
Pierangelo Masarati
3ddfddb1a7 typo 2003-12-29 15:22:10 +00:00
Jong Hyuk Choi
4d4eeb1fd2 misc updates 2003-12-21 20:00:14 +00:00
Jong Hyuk Choi
8fa4ca5893 rewrite of the syncrepl section 2003-12-21 19:54:29 +00:00
Jong Hyuk Choi
cd16a93244 update syncrepl and session log info 2003-12-21 16:32:00 +00:00
Pierangelo Masarati
8e89944abc for consistency, always allow 'onelevel' as an alias for 'one' in dnstyle 2003-12-20 15:29:05 +00:00
Jong Hyuk Choi
4894623e4d replica promotion / demotion 2003-12-19 23:12:44 +00:00
Kurt Zeilenga
35574210d7 document +0 2003-12-19 05:08:41 +00:00
Kurt Zeilenga
aabcce3e58 Document +0 2003-12-19 05:06:51 +00:00
Kurt Zeilenga
492aee7cd1 Domain Administrative Data in LDAP 2003-12-19 02:36:54 +00:00
Kurt Zeilenga
082087691e supportedFeatures and "+" are now RFCs 2003-12-19 01:51:02 +00:00
Kurt Zeilenga
2284f101fc Print UNDEFINED on compare error 2003-12-18 23:24:49 +00:00
Pierangelo Masarati
113727ba53 allow 'all' vs. 'any' sasl-authz-policy 2003-12-18 18:28:43 +00:00
Kurt Zeilenga
7f4ff18bd4 Update index to encourage "proper" use 2003-12-18 02:12:44 +00:00
Kurt Zeilenga
30bd8ce3c6 Latest 2003-12-18 00:36:45 +00:00
Pierangelo Masarati
ca52621c1b some notes on access required by proxyAuthz control;
note that other controls may need different access
privileges via, e.g., backend_attribute() (syncrepl?)
2003-12-18 00:27:01 +00:00
Kurt Zeilenga
0752b23e13 More updatedn != rootdn recommendations 2003-12-18 00:06:55 +00:00
Kurt Zeilenga
c4c6a38a0b Dont mention bare oc in list. 2003-12-17 17:48:56 +00:00
Kurt Zeilenga
30a1ff596d s/+/@/ in OC attr lists 2003-12-17 17:36:41 +00:00
Howard Chu
be550a37e4 Some text tweaks 2003-12-17 04:22:40 +00:00
Pierangelo Masarati
947f41832e more clarifications on dnstyle usage 2003-12-16 11:20:59 +00:00
Kurt Zeilenga
925db26754 Formating 2003-12-16 06:52:52 +00:00
Kurt Zeilenga
37465b1f3a Rework for overlay (should be checked by someone who knows this
stuff).
2003-12-16 03:59:24 +00:00
Pierangelo Masarati
ee34f3fb64 add to 'val[.<style>=<value>' ACLs special match styles for DN-valued attributes; add negated objectClass to attribute name lists for ACLs and partial replication 2003-12-16 00:49:10 +00:00
Kurt Zeilenga
75b9f8acdc Make a few OPERATIONAL REQUIREMENT clarifications
Clean up formating
2003-12-15 18:41:23 +00:00
Pierangelo Masarati
7444352358 describe detailed access levels required for each operation 2003-12-15 17:55:55 +00:00
Kurt Zeilenga
eec0f83fd7 Fix typos 2003-12-14 21:00:52 +00:00
Pierangelo Masarati
529a03df53 use dedicated admin identity to proxyAuthz 2003-12-13 10:57:42 +00:00
Kurt Zeilenga
0df311ed00 Clarify 2003-12-07 07:54:38 +00:00
Kurt Zeilenga
43ffeda85d Suck in latest I-D revisions 2003-12-07 07:50:23 +00:00
Kurt Zeilenga
e96063d9e8 minor updates 2003-12-07 07:38:07 +00:00
Howard Chu
2f06437348 Updated for proxycache overlay. Probably belongs on its own now... 2003-12-07 04:30:39 +00:00
Kurt Zeilenga
5e11340ccf misc updates 2003-12-06 23:48:30 +00:00
Kurt Zeilenga
9425092087 Reword things a bit. 2003-12-04 19:34:02 +00:00
Jong Hyuk Choi
f24bafd55a editorial fix for access control section 2003-12-03 18:56:39 +00:00
Kurt Zeilenga
17939ccdca Clarify that the updatedn should not be same as the rootdn. 2003-12-02 21:18:19 +00:00
Kurt Zeilenga
f1411d693f Mostly formating... 2003-12-02 21:03:21 +00:00
Kurt Zeilenga
4f406bc7d4 Misc updates 2003-12-02 19:41:19 +00:00
Pierangelo Masarati
f0ea4161ba add administrative bind and proxyAuthz control to enable bound operations in distributed directories (need to manually #define LDAP_BACK_PROXY_AUTHZ and patches from ITS#2851 and ITS#2852) 2003-12-01 08:29:06 +00:00
Kurt Zeilenga
c38b987499 Misc. updates 2003-12-01 05:43:27 +00:00
Jong Hyuk Choi
4ae382fd79 misc updates
- syncrepl : id -> rid
 - man page update
2003-11-26 21:37:44 +00:00
Jong Hyuk Choi
5a8047288b reflect multi syncrepl thread update 2003-11-26 21:10:50 +00:00
Jong Hyuk Choi
1fdda703e6 Support multiple sync replication at the consumer :
1) simultaneous operation of multiple active sync replication threads
2) cookie management for individual sync replication thread
   (include rid=%3d to the slapd cookie command line option (-c))
2003-11-26 19:49:47 +00:00
Kurt Zeilenga
944f6a9903 Moved to servers/slurpd/NOTES 2003-11-26 18:19:22 +00:00
Kurt Zeilenga
e3a4c4ec9c Notice/Acknowledge updates 2003-11-26 02:58:56 +00:00
Jong Hyuk Choi
4eee5c8595 another update to the chapter 5 of the admin guide 2003-11-24 23:18:06 +00:00
Jong Hyuk Choi
c204f4061f keeps syncrepl manpage sections current 2003-11-24 23:16:45 +00:00
Kurt Zeilenga
f2f195ac8f Fix SDF warnings 2003-11-24 20:50:23 +00:00
Kurt Zeilenga
b0d7f59a20 Minor cleanup 2003-11-24 20:34:45 +00:00
Kurt Zeilenga
5f2d317ec9 Update files 2003-11-24 20:33:28 +00:00
Kurt Zeilenga
d23516c6a2 Another round of minor tweaks 2003-11-24 20:29:21 +00:00
Jong Hyuk Choi
897fed0967 add the description of the sessionlog directive 2003-11-24 19:43:43 +00:00
Kurt Zeilenga
9203182e74 Minor tweak 2003-11-24 19:37:36 +00:00
Kurt Zeilenga
80f0a62710 This file serves as a template for new files. 2003-11-24 19:23:13 +00:00
Jong Hyuk Choi
d6073762fa syncrepl update 2003-11-24 18:57:22 +00:00
Jong Hyuk Choi
7a98b64255 update of the syncrepl directive 2003-11-24 14:44:30 +00:00
Howard Chu
f23c5d9565 ITS#2823 delete extraneous argument 2003-11-15 08:40:51 +00:00
Howard Chu
470345e993 ITS#2822 fix typos 2003-11-15 08:34:36 +00:00
Pierangelo Masarati
9620cacd34 clarify the usage of the <modifier> field in 'dn' and 'domain' clauses of <who> access directive 2003-11-01 14:14:09 +00:00
Kurt Zeilenga
d0c05e814d Add a basic DIT content rule test.
Fix DIT rules to allow extensibleObject in AUX
unifdef -DSLAP_EXTENDED_SCHEMA
2003-10-24 04:40:32 +00:00
Kurt Zeilenga
dc3944b591 add a few misc projects 2003-10-18 22:16:13 +00:00
Kurt Zeilenga
f6c1163eea clarify that replacement, but not expression evaluation,
is done on the string in group.regex=string
We really should rename the style, in this case, to "replacement".
2003-10-15 08:04:25 +00:00
Kurt Zeilenga
53081446ed Rework Kerberos principals (ITS#2695) 2003-10-13 03:18:17 +00:00
Luke Howard
976f61f0ed Update SLAPI manual page 2003-10-12 06:36:29 +00:00
Kurt Zeilenga
d03c83f077 ITS#2621, reference slapd.plugin 2003-10-12 04:22:26 +00:00
Kurt Zeilenga
fd445970fb document ditcontentrule directive 2003-10-12 04:20:20 +00:00
Kurt Zeilenga
7094fd6c08 Update filter representations to conform to RFC 2254. 2003-10-07 22:41:45 +00:00
Kurt Zeilenga
86ebc402e1 Add native SASL support to do. 2003-10-06 17:26:29 +00:00
Howard Chu
96314dce23 ITS#2600 replica uri= docs 2003-09-27 07:14:29 +00:00
Howard Chu
878bff913a Added description for idlcachesize, shm_key 2003-09-27 07:06:48 +00:00
Howard Chu
14745b74d2 ITS#2497 value-level ACLs 2003-09-21 11:07:32 +00:00
Howard Chu
0eca4fa42f More for dynamic groups 2003-09-21 10:52:44 +00:00
Howard Chu
11148522ec ITS#2573 dynamic group support 2003-09-21 10:45:57 +00:00
Howard Chu
b93a0f45d5 ITS#2497 value-level ACLs 2003-09-21 10:34:40 +00:00
Jong Hyuk Choi
0d31f9a251 correction of binddn= requirement in the example section 2003-09-17 23:30:43 +00:00
Kurt Zeilenga
f5cabd3a68 Update refs 2003-09-16 05:27:20 +00:00
Kurt Zeilenga
34d6b50e45 Initial proxy cache and syncrepl chapters 2003-09-16 05:16:33 +00:00
Kurt Zeilenga
6489aaa08b s/mech/saslmech/ in sasl directives 2003-09-16 04:39:14 +00:00
Jong Hyuk Choi
7f882daf15 Schema checking option for LDAP Sync replication 2003-09-03 21:42:52 +00:00
Jong Hyuk Choi
8dc1ac85dd manual update for proxy cache (apurva) 2003-09-03 16:26:17 +00:00
Jong Hyuk Choi
372cb876a0 slapd.conf man page update (LDAP Sync replication configuration) 2003-08-28 22:29:55 +00:00
Kurt Zeilenga
9b0de44b91 Add clarification about authzDN which don't exist in the DIT 2003-08-14 18:38:20 +00:00
Kurt Zeilenga
bd98f4c2a2 ITS#2644: fix inconsistent domain names used in example 2003-08-09 03:23:03 +00:00
Kurt Zeilenga
443d4c8999 sasl-regexp clarifications 2003-07-29 15:28:52 +00:00
Hallvard Furuseth
c1270ba4d5 Rename LDAP_OPT_ERROR_NUMBER to LDAP_OPT_RESULT_CODE. 2003-07-22 18:49:40 +00:00
Hallvard Furuseth
7c5d23dd05 ldap_msgfree() can take a result chain, not just a single result. 2003-07-22 18:30:59 +00:00
Kurt Zeilenga
0a1be4b126 ITS#2622: ucdata is in DATADIR 2003-06-30 18:39:17 +00:00
Hallvard Furuseth
d0582fb4c2 Replace some tabs with spaces.
Split some too long preformatted lines.
2003-06-29 15:34:32 +00:00
Hallvard Furuseth
c20dbfb4f6 Remove SEE ALSO locale(5); the locale option has been gone for ages. 2003-06-27 17:30:13 +00:00
Hallvard Furuseth
e613b1a353 Add BACKENDS section in slapd.conf(5).
Briefly compare back-bdb and back-ldbm.
Remove mention of MDBM and NDBM.  Rename GNU DBM to GDBM.
Fix spacing typos.  Prefix an octal file mode with 0.
Mention "notags" (new name for "nolang" from the attribute options patch).
Add SEE ALSO slapd-monitor(5) to slapd.conf(5).
2003-06-27 12:22:27 +00:00
Hallvard Furuseth
7d57eb4c03 Fix spacing typos. 2003-06-27 12:16:29 +00:00
Pierangelo Masarati
ade4642f85 Document proxy cache extensions (by way of Jong Hyuk Choi) 2003-06-24 11:49:56 +00:00
Kurt Zeilenga
b593522c11 Assertion control is now implemented 2003-06-23 17:57:38 +00:00
Howard Chu
44e32b3f7f ITS#2594 add URI support for replica config 2003-06-14 00:06:36 +00:00
Kurt Zeilenga
256732f2ce s/tls/starttls/ 2003-06-10 18:32:36 +00:00
Kurt Zeilenga
29eaea5745 Clean up syntaxes and matching rules 2003-06-09 20:58:38 +00:00
Hallvard Furuseth
feef99c760 Axe abandon support (ITS#2564) 2003-06-03 12:02:00 +00:00
Kurt Zeilenga
304410c7a0 Update drafts 2003-05-31 22:47:07 +00:00
Kurt Zeilenga
0954351565 Change ACL default style to exact (from regex) 2003-05-30 05:24:39 +00:00
Howard Chu
5ce0e3afb1 Add authors 2003-05-25 03:50:59 +00:00
Kurt Zeilenga
52e88a36a4 Fix typos ITS#2544 2003-05-24 05:20:15 +00:00
Kurt Zeilenga
d6bfa4ab8f remove documentation for bind_simple_unprotected
(which was axed log ago)
2003-05-24 01:26:38 +00:00
Kurt Zeilenga
df025639e3 TLS hard updates 2003-05-22 00:37:01 +00:00
Kurt Zeilenga
b378944fc1 Zap "TLS hard" 2003-05-22 00:15:57 +00:00
Hallvard Furuseth
437e179098 Fix typo. 2003-05-19 17:30:14 +00:00
Pierangelo Masarati
ea8e28c6c1 update back-monitor man page 2003-05-18 23:26:30 +00:00
Kurt Zeilenga
c8a6d52e04 Rework CAVEATS 2003-05-17 18:37:40 +00:00
Pierangelo Masarati
904f513028 clarify DN regex match quirks 2003-05-17 12:39:10 +00:00
Kurt Zeilenga
7c8f3b351f Warn folks that setting TLS option may break some applications.
URI should be used instead.
2003-05-17 01:08:09 +00:00
Kurt Zeilenga
92b99a4133 Add a few more "nice to haves" 2003-05-09 02:12:42 +00:00
Hallvard Furuseth
7e8ff6df6b Implement slapcat -s <dn>: Only dump a subtree of the database. 2003-04-29 20:47:21 +00:00
Hallvard Furuseth
fa915adb5b Minor nroff tweaks. 2003-04-29 15:14:35 +00:00
Kurt Zeilenga
c661a77268 axe suffixAlias 2003-04-26 23:52:28 +00:00
Kurt Zeilenga
26badc8174 Add some comments about DB_CONFIG 2003-04-24 16:22:46 +00:00
Howard Chu
5642e54117 Fix file: URL examples 2003-04-23 03:35:37 +00:00
Howard Chu
a58190e2b1 Fix missing slash in file: URL 2003-04-23 03:32:05 +00:00
Kurt Zeilenga
099c2426b8 clarify that updatedn permits replica updating subject to access controls. 2003-04-21 02:29:46 +00:00
Pierangelo Masarati
ab9f7108f1 add caveats to man page; cleanup and small improvements 2003-04-16 22:23:46 +00:00
Pierangelo Masarati
9a39dcb7d4 add slurpd pid/args files 2003-04-15 21:56:21 +00:00
Pierangelo Masarati
8563681f18 document recent changes 2003-04-15 20:55:29 +00:00
Kurt Zeilenga
06da0f5e6f Clarify "users" terminology 2003-04-15 02:20:01 +00:00
Pierangelo Masarati
3e3e5fdec5 first cut at documenting back-monitor 2003-04-08 23:46:56 +00:00
Pierangelo Masarati
250934254b cleanup 2003-04-07 21:42:51 +00:00
Howard Chu
f2293e0486 One more typo 2003-04-07 11:35:58 +00:00
Howard Chu
37767962f2 Fix typo 2003-04-07 11:13:57 +00:00
Pierangelo Masarati
d275fee025 new rewrite example 2003-04-03 21:17:09 +00:00
Pierangelo Masarati
430077e2ed partially revert previous commit 2003-04-02 23:01:21 +00:00
Pierangelo Masarati
a67b41eb69 fix listener mod handling 2003-04-02 20:27:58 +00:00
Kurt Zeilenga
02028df6c6 Add additional password file support. 2003-03-31 06:29:59 +00:00
Howard Chu
2c2bf67cea ITS#2389, describe conn_max_pending/auth keywords 2003-03-27 04:18:16 +00:00
Hallvard Furuseth
1f00bd3c7f Manpage nitpicks 2003-03-23 16:37:06 +00:00
Kurt Zeilenga
98e5afc28f Remove cache stuff 2003-03-20 19:50:22 +00:00
Pierangelo Masarati
c4b925f343 document -u option 2003-03-18 10:38:23 +00:00
Kurt Zeilenga
f4bb9a5d64 Fix typo (ITS#2379) 2003-03-15 23:36:23 +00:00
Howard Chu
bd935956f4 ITS#2366 typos 2003-03-12 21:51:17 +00:00
Kurt Zeilenga
bdf02dde71 clarify "by anonymous auth" semantics 2003-03-12 16:25:20 +00:00
Kurt Zeilenga
63041611c5 Add comment about LDAPv2 2003-03-10 15:41:55 +00:00
Kurt Zeilenga
472a79f211 LDAPv2 is Historic 2003-03-10 15:34:14 +00:00
Kurt Zeilenga
6fb4582d5c suffixalias is no longer supported 2003-03-07 18:57:30 +00:00
Howard Chu
a60f6fe1a3 Added proxy-whoami keyword and some mention of connection pooling. Depends
on libldap_r, proxy authz control...
2003-02-26 16:35:09 +00:00
Kurt Zeilenga
63efc41728 clarify global ACL use
clarify root and subschema DSE ACLs
2003-02-24 19:53:03 +00:00
Kurt Zeilenga
607215a8d6 Some dn.regex clarifications 2003-02-23 19:38:32 +00:00
Kurt Zeilenga
f620aa08f9 Max workers was lowered to 16. 2003-02-21 07:18:43 +00:00
Kurt Zeilenga
85fe59c830 Misc updates 2003-02-10 20:33:49 +00:00
Kurt Zeilenga
bfa3448128 Remove domain= ACL examples, add security consideration. 2003-02-09 07:07:39 +00:00
Kurt Zeilenga
5abec40030 Document URI and SASL directives 2003-02-09 06:49:34 +00:00
Kurt Zeilenga
698d73d5f3 Disable reverse lookups by default for security
(and performance) reasons.
2003-02-08 07:40:19 +00:00
Pierangelo Masarati
f19df0a307 add 'rebind-as-user' according to back-ldap's implementation 2003-02-05 22:04:20 +00:00
Kurt Zeilenga
1aae1854ac delete (7) after UTF-8 2003-02-05 20:42:50 +00:00
Kurt Zeilenga
81d533571b fix syntax error 2003-02-05 20:38:58 +00:00
Pierangelo Masarati
eed2d5db4d only document 'subtree', but also allow 'sub' 2003-02-05 20:38:42 +00:00
Pierangelo Masarati
381e293b41 allow 'sub' and 'subtree' in acl (fix ITS#2300) 2003-02-05 19:39:34 +00:00
Pierangelo Masarati
ac895cd4d5 document the multiple URI feature 2003-02-04 19:50:17 +00:00
Pierangelo Masarati
55d21236d1 comment a useful feature of using URIs 2003-02-04 19:43:10 +00:00
Kurt Zeilenga
b53eef9b81 -V updates 2003-01-20 21:16:58 +00:00
Kurt Zeilenga
3202e544e3 Added -V support 2003-01-20 20:50:15 +00:00
Hallvard Furuseth
1fbbc11811 Fix LBER_ERROR vs. -1 confusion. 2003-01-19 13:10:17 +00:00
Kurt Zeilenga
d2bb1b5691 Add a few notes about intended usage of these backends 2003-01-09 12:07:14 +00:00
Kurt Zeilenga
6939c53170 Happy new year 2003-01-03 20:20:47 +00:00
Kurt Zeilenga
968fced135 Happy new year! 2003-01-03 20:04:17 +00:00
Hallvard Furuseth
3dca6b67a5 Fix typo. 2002-12-16 07:32:06 +00:00
Hallvard Furuseth
5ca8773a8b Fix typos. 2002-12-16 07:31:13 +00:00
Hallvard Furuseth
09df53687e Make links to ber_bvfree and others, and add them to NAME section. 2002-12-16 07:29:43 +00:00
Hallvard Furuseth
7ce4a611dc Fix ldap_extended_s(3) -> ldap_extended_operation(3) 2002-12-16 07:28:10 +00:00
Pierangelo Masarati
df5d69df8f allow a custom error log file for plugins by means of a slapd.conf directive; add very bare-bone back-monitor info about installed plugins 2002-12-14 15:04:37 +00:00
Howard Chu
143603690f Added searchstack keyword description. (Sorry, I don't like the word "slab"...) 2002-12-12 23:39:21 +00:00
Hallvard Furuseth
54728f367e Implement user-defined tagging attribute options and ranges 2002-12-12 13:56:05 +00:00
Pierangelo Masarati
9cce5e4c98 a skeleton of slapd.conf directives for SLAPI configuration (lot to do) 2002-12-07 18:03:13 +00:00
Kurt Zeilenga
01660fbdd9 Minor cleanup 2002-12-05 03:30:20 +00:00
Kurt Zeilenga
4a0bfbdd64 Add ldapwhoami/ldapcompre to flags map 2002-12-05 00:19:21 +00:00
Kurt Zeilenga
618877cd39 remove proxy authorization (as first-cut was committed) 2002-12-03 18:45:42 +00:00
Kurt Zeilenga
b41ab2502f Revamp TODO list a bit 2002-11-27 19:56:58 +00:00
Kurt Zeilenga
e27d7a0d5a Remove autoconf task, best left to a committer (or me) 2002-11-26 17:57:32 +00:00
Pierangelo Masarati
65efd6a185 fix -h option example for multi-URI handling (as suggested by Roland Bauerschmidt <rb@debian.org>) 2002-11-24 21:52:48 +00:00
Pierangelo Masarati
8473f6e778 set keyword to noEstimate and document it 2002-11-21 20:57:00 +00:00
Pierangelo Masarati
59aea47963 improve limits handling and consistency; return "Admin limit exceeded" instead of "Unwilling to perform" 2002-11-21 12:58:59 +00:00
Pierangelo Masarati
b9e442d7de clarify how to specify no limits 2002-10-31 11:26:19 +00:00
Pierangelo Masarati
53e1930fd0 use keyword "unlimited" instead of -1 for no limits 2002-10-31 09:57:24 +00:00
Kurt Zeilenga
492c5b83f8 Misc cleanup 2002-10-27 21:45:17 +00:00
Kurt Zeilenga
f72dbc212f forced change for testing 2002-10-26 02:58:31 +00:00
Kurt Zeilenga
c14cbc1fb7 Update anon 2002-10-26 02:53:36 +00:00
Pierangelo Masarati
86dbdc1ddb document socket permission extension to ldapi:// 2002-10-23 14:22:21 +00:00
Kurt Zeilenga
54570d22ca Misc updates 2002-10-17 05:59:57 +00:00
Kurt Zeilenga
6bc33d28c0 Note --without-threads limitation 2002-10-16 16:54:27 +00:00
Kurt Zeilenga
dd3279eab0 Clarify new "entry" ACLs 2002-10-10 04:27:23 +00:00
Kurt Zeilenga
1ca552dff7 Add DIT Structure Rules and Name Forms 2002-10-10 04:19:46 +00:00
Kurt Zeilenga
f914c0545c Fix multiple NAME example 2002-10-10 01:34:55 +00:00
Kurt Zeilenga
023d0e2a5c Rework unprotected simple bind checks 2002-10-08 19:03:18 +00:00
Kurt Zeilenga
2fd41add70 Clarify unprotected simple bind settings 2002-10-08 01:07:12 +00:00
Kurt Zeilenga
36fca96695 if "disallow bind_simple_unprotected", require at least SSF of 2 2002-10-08 01:06:49 +00:00
Kurt Zeilenga
90e320398a Clarify that "security ssf=n" applies to "disallow bind_simple_unprotected". 2002-10-08 00:51:19 +00:00
Kurt Zeilenga
880eced255 Clarify that v2 is disabled by default 2002-10-06 03:32:43 +00:00
Kurt Zeilenga
c46e00a34c Misc. cleanup 2002-10-04 19:08:10 +00:00
Kurt Zeilenga
de6ed4fde4 Undocument -C (chase referrals)
(already removed from usage statements)
2002-09-23 21:33:26 +00:00
Kurt Zeilenga
044b39f4ec Add Steven's I-Ds on LDAP/X.500 admin models
Correct naming of older drafts
2002-09-23 04:35:05 +00:00
Kurt Zeilenga
048d43512d -05 2002-09-22 18:21:23 +00:00
Kurt Zeilenga
b1cb903351 Add "IANA Considerations for LDAP" (rfc3383) 2002-09-20 20:50:53 +00:00
Kurt Zeilenga
68aebc05c9 Clean up hash password scheme stuff 2002-09-20 17:27:08 +00:00
Kurt Zeilenga
11a07153d6 Add some clarification as to what hash algorithms are used
with each password-hash scheme.
2002-09-20 17:12:58 +00:00
Kurt Zeilenga
e4d05f386a Add new LDAP RFCs 2002-09-19 04:43:28 +00:00
Kurt Zeilenga
bec2237439 Add the LDAPv3 TS. 2002-09-18 02:04:59 +00:00
Kurt Zeilenga
043e5c5a13 latest dupent I-D 2002-09-17 21:05:41 +00:00
Kurt Zeilenga
07a6d6c208 (re)insert reference to rfc2253 2002-09-09 07:01:51 +00:00
Kurt Zeilenga
b41d7df452 Add clarification 2002-09-09 06:59:51 +00:00
Kurt Zeilenga
be39bfd36a Update access control section to avoid regex usage 2002-09-09 06:53:11 +00:00
Kurt Zeilenga
64fcd8b043 Add note about "children" to access controls section.
Clarify cut-n-past in quickstart.
2002-09-09 00:47:01 +00:00
Kurt Zeilenga
f0a3a7bb47 Add reference to ldap.conf(5) 2002-09-04 21:00:11 +00:00
Kurt Zeilenga
2ca678ea2e More LDAPNOINIT statement to top of DESCRIPTION 2002-09-04 20:59:57 +00:00
Kurt Zeilenga
3cb2dc149d Document -R 2002-09-02 19:25:10 +00:00
Kurt Zeilenga
8f09321eb9 Clarify that rootpw is not needed when rootdn is not within database 2002-09-01 02:54:56 +00:00
Kurt Zeilenga
b67986cdde Format tweaks 2002-09-01 01:49:25 +00:00
Kurt Zeilenga
7901bc8f5b Reflect latest contributions 2002-09-01 01:47:59 +00:00
Pierangelo Masarati
5a0ba6e429 document another (optional) config directive 2002-08-31 10:27:49 +00:00
Kurt Zeilenga
d912c2c711 Rework client control parsing... need to implement
common controls across all tools.
2002-08-29 21:36:36 +00:00
Kurt Zeilenga
20ef1d9fe4 Misc updates... 2002-08-29 04:56:05 +00:00
Kurt Zeilenga
4114c96ccd More clarifications 2002-08-28 04:22:12 +00:00
Kurt Zeilenga
1e0cc6da35 Fix typo 2002-08-28 04:08:02 +00:00
Kurt Zeilenga
7c283a6685 Fix tables numbering. Add note able system schema extensions. 2002-08-28 04:05:07 +00:00
Kurt Zeilenga
22d3c7f24e Clarify that manageDsaIT is not to specified when managing
entry DSEs.
2002-08-28 01:20:03 +00:00
Kurt Zeilenga
4ef042fee4 Clean up filters 2002-08-28 01:16:25 +00:00
Kurt Zeilenga
44c214d4a0 Fix some formatting issues 2002-08-28 01:11:47 +00:00
Kurt Zeilenga
bb172cb518 clarify "authorization" feature as "proxy authorization". 2002-08-27 23:24:43 +00:00
Kurt Zeilenga
22915aac93 More OID clarifications. 2002-08-27 20:20:52 +00:00
Kurt Zeilenga
8c03d7ed4b Fix typos 2002-08-27 19:20:29 +00:00
Kurt Zeilenga
8889129762 Warn about hijacking. 2002-08-27 18:17:09 +00:00
Kurt Zeilenga
09e64b6fe8 Add note regard StartTLS over 389. 2002-08-26 22:10:32 +00:00
Kurt Zeilenga
bdcba5ad3a Add link to SDF tools at CPAN. 2002-08-24 23:37:59 +00:00
Kurt Zeilenga
18e4362b07 Add ldapwhoami(1) 2002-08-24 06:28:10 +00:00
Kurt Zeilenga
dabbefd908 Add -y. 2002-08-24 06:19:39 +00:00
Kurt Zeilenga
8de258d2e2 Patch: 'ldapmodify -y file' reads password from file (ITS#2031)
================
Written by Hallvard B. Furuseth and placed into the public domain.
This software is not subject to any license of the University of Oslo.
            ================
Adapted by Kurt Zeilenga for inclusion in OpenLDAP.  My comments are
marked with enclosed with square brackets (e.g. [Kurt's comment] below.
            ================

If I run ldapmodify & co from a script, I don't want to use '-W password'
because the password shows up in the output of 'ps' for everyone,
and I can't pipe the password to 'ldapmodify -w' because -w uses
getpassphrase() which reads from the tty instead of stdin.
So I added '-y file' which reads the password from file.  The programs
exit if the file cannot be read.

[Complete contents of file is used as password.  Use:
	echo -n "secret" > password
to create a file with "secret" as the password.  The -n avoids
adding a newline (which would invalidate the password).  Note
that echo is a builtin and hence its arguments are not visible
to 'ps'.]

I changed ldapmodify, ldapmodrdn, ldapdelete, ldapsearch, ldapcompare.
I did not bother to change ldappasswd and ldapwhoami, because they
prompt for many passwords.  [I fixed up ldapwhoami.]

Rerun autoconf after applying this patch. [Done.]

Note:  I do not know if Windows NT has fstat(), so I set HAVE_FSTAT to
undef in portable.nt.  (fstat() is used to warn if the file is publicly
readable or writeable.)  [I used fstat() to set the buffer size to
read.]

[Note: using the contents of a file extends the tools to support
passwords which could not normally be provided using getpassphrase()
or via the command line.]

Hallvard B. Furuseth <h.b.furuseth@usit.uio.no>, Aug 2002.
[Kurt D. Zeilenga <kurt@openldap.org>, Aug 2002.]
2002-08-24 05:47:17 +00:00
Pierangelo Masarati
f11c6b27e7 Final run of changes to back-sql; IBM db2 support has been tested.
Now related ITSes need be audited and possibly closed.

Enhancements:
  - re-styled code for better readability
  - upgraded backend API to reflect recent changes
  - LDAP schema is checked when loading SQL/LDAP mapping
  - AttributeDescription/ObjectClass pointers used for more efficient
    mapping lookup
  - bervals used where string length is required often
  - atomized write operations by committing at the end of each operation
    and defaulting connection closure to rollback
  - added LDAP access control to write operations
  - fully implemented modrdn (with rdn attrs change, deleteoldrdn,
    access check, parent/children check and more)
  - added parent access control, children control to delete operation
  - added structuralObjectClass operational attribute check and
    value return on search
  - added hasSubordinate operational attribute on demand
  - search limits are appropriately enforced
  - function backsql_strcat() has been made more efficient
  - concat function has been made configurable by means of a pattern
  - added config switches:
      - fail_if_no_mapping	write operations fail if there is no mapping
      - has_ldapinfo_dn_ru	overrides autodetect
      - concat_pattern		a string containing two '?' is used
				(note that "?||?" should be more portable
				than builtin function "CONCAT(?,?)")
      - strcast_func		cast of string constants in "SELECT DISTINCT					statements (needed by PostgreSQL)
      - upper_needs_cast	cast the argument of upper when required
				(basically when building dn substring queries)

Todo:
  - add security checks for SQL statements that can be injected (?)
  - re-test with previously supported RDBMs
  - replace dn_ru and so with normalized dn (no need for upper() and so
    in dn match)
  - implement a backsql_normalize() function to replace the upper()
    conversion routines
  - note that subtree deletion, subtree renaming and so could be easily
    implemented (rollback and consistency checks are available :)
  - implement "lastmod" and other operational stuff (ldap_entries table ?)
2002-08-23 08:54:08 +00:00
Howard Chu
33d5c0abd7 Fix errors in replica directive 2002-08-22 20:32:09 +00:00
Kurt Zeilenga
1b6c3fc57f Add dumpasn1 logging to TODO. 2002-08-21 18:45:08 +00:00
Kurt Zeilenga
22ec2b9e19 cleanup 2002-08-17 02:52:39 +00:00
Pierangelo Masarati
76e936e274 reflect recent additions to backend configuration 2002-08-13 17:13:57 +00:00
Kurt Zeilenga
d945a5aed9 minor updates 2002-08-12 18:07:24 +00:00
Howard Chu
1be4ab9d07 ITS#1893 Add (terse) schemadn description 2002-08-10 04:09:28 +00:00
Kurt Zeilenga
e2b8a3b139 Remove reference to getfilter(3) 2002-08-08 03:03:48 +00:00