From: Kurt Zeilenga Date: Tue, 17 Oct 2000 21:32:55 +0000 (+0000) Subject: Import man page updates from devel X-Git-Tag: OPENLDAP_REL_ENG_2_0_7~48 X-Git-Url: http://git.ipfire.org/cgi-bin/gitweb.cgi?a=commitdiff_plain;h=d87ff6a2047bc40be2de1d60240c05e4a684c9ec;p=thirdparty%2Fopenldap.git Import man page updates from devel --- diff --git a/CHANGES b/CHANGES index 5253b965ba..789925b262 100644 --- a/CHANGES +++ b/CHANGES @@ -4,18 +4,24 @@ OpenLDAP 2.0.X Engineering Fixed slapd spasswd mutex bug Fixed slapd ACL nameuid bug Fixed slapd SASL layerring bug + Fixed slapd unknown authc method bug (ITS#831) Updated -lldap SASL error reporting Updated -lldap TLS error reporting + Updated -llber large element handling Updated slapadd error reporting Updated slapd chroot handling (ITS#810) Added slapd numericString indexing + Removed lint Build Environment Fixed make comment bug (ITS#811) Fixed $(DESTDIR) install (ITS#806) Added proxy check to passwd test Documentation - Updated slapd(8) + Updated ldappasswd(1) + Updated ldap_url(3) Updated slapd.conf(5) + Updated slapd(8) + Updated slurpd(8) OpenLDAP 2.0.6 Release Build Environment diff --git a/doc/man/man3/ldap_url.3 b/doc/man/man3/ldap_url.3 index 8b48e4c4d5..4d5ac3fb3a 100644 --- a/doc/man/man3/ldap_url.3 +++ b/doc/man/man3/ldap_url.3 @@ -1,4 +1,4 @@ -.TH LDAP_URL 3 "22 September 1998" "OpenLDAP LDVERSION" +.TH LDAP_URL 3 "17 October 2000" "OpenLDAP LDVERSION" .\" $OpenLDAP$ .\" Copyright 1998-2000 The OpenLDAP Foundation All Rights Reserved. .\" Copying restrictions apply. See COPYRIGHT/LICENSE. @@ -27,13 +27,15 @@ char *url; LDAPURLDesc **ludpp; .LP typedef struct ldap_url_desc { - char *lud_host; /* LDAP host to contact */ - int lud_port; /* port on host */ - char *lud_dn; /* base for search */ - char **lud_attrs; /* NULL-terminate list of attributes */ - int lud_scope; /* a valid LDAP_SCOPE_... value */ - char *lud_filter; /* LDAP search filter */ - char *lud_string; /* for internal use only */ + char * lud_scheme; /* URI scheme */ + char lud_host; /* LDAP host to contact */ + int lud_port; /* port on host */ + char * lud_dn; /* base for search */ + char ** lud_attrs; /* list of attributes */ + int lud_scope; /* a LDAP_SCOPE_... value */ + char * lud_filter; /* LDAP search filter */ + char ** lud_exts; /* LDAP extensions */ + /* may contain additional fields for internal use */ } LDAPURLDesc; .LP .ft B @@ -65,24 +67,29 @@ int attrsonly; struct timeval *timeout; LDAPMessage **res; .SH DESCRIPTION -These routines support the use of LDAP URLs (Uniform Resource Locators). -LDAP URLs look like this: +These routines support the use of LDAP URLs (Uniform Resource Locators) +as detailed in RFC 2255. LDAP URLs look like this: .nf - \fBldap://\fP\fIhostport\fP\fB/\fP\fIdn\fP[\fB?\fP\fIattributes\fP[\fB?\fP\fIscope\fP[\fB?\fP\fIfilter\fP]]] + \fBldap://\fP\fIhostport\fP\fB/\fP\fIdn\fP[\fB?\fP\fIattrs\fP[\fB?\fP\fIscope\fP[\fB?\fP\fIfilter\fP[\fB?\fP\fIexts\fP]]]] where: \fIhostport\fP is a host name with an optional ":portnumber" - \fIdn\fP is the base DN to be used for an LDAP search operation - \fIattributes\fP is a comma separated list of attributes to be retrieved - \fIscope\fP is one of these three strings: base one sub (default=base) - \fIfilter\fP is LDAP search filter as used in a call to ldap_search(3) + \fIdn\fP is the search base + \fIattrs\fP is a comma separated list of attributes to request + \fIscope\fP is one of these three strings: + base one sub (default=base) + \fIfilter\fP is filter + \fIexts\fP are recognized set of LDAP and/or API extensions. + +Example: + ldap://ldap.example.net/dc=example,dc=net?cn,sn?sub?(cn=*) -e.g., ldap://ldap.itd.umich.edu/c=US?o,description?one?o=umich .fi .LP URLs that are wrapped in angle-brackets and/or preceded by "URL:" are also -tolerated. +tolerated. Alternative schemes such as ldaps:// and ldapi:// may be +parsed using the below routines as well. .LP .B ldap_is_ldap_url() returns a non-zero value if \fIurl\fP looks like an LDAP URL (as @@ -95,14 +102,7 @@ routine should be used if a more thorough check is needed. breaks down an LDAP URL passed in \fIurl\fP into its component pieces. If successful, zero is returned, an LDAP URL description is allocated, filled in, and \fIludpp\fP is set to point to it. If an -error occurs, one of these values is returned: -.nf - - LDAP_URL_ERR_NOTLDAP - URL doesn't begin with "ldap://" - LDAP_URL_ERR_NODN - URL has no DN (required) - LDAP_URL_ERR_BADSCOPE - URL scope string is invalid - LDAP_URL_ERR_MEM - can't allocate memory space -.fi +error occurs, a non-zero URL error code is returned. .LP .B ldap_free_urldesc() should be called to free an LDAP URL description that was obtained from @@ -130,12 +130,8 @@ except that many search parameters are pulled out of the URL. .BR ldap (3), .BR ldap_search (3) .LP -.B An LDAP URL Format, -Tim Howes and Mark Smith, December 1995. Internet Draft (work in progress). -Currently available at this URL: -.nf -ftp://ds.internic.net/internet-drafts/draft-ietf-asid-ldap-format-03.txt -.fi +.B The LDAP URL Format, RFC 2255, +Tim Howes and Mark Smith, December 1997. .SH ACKNOWLEDGEMENTS .B OpenLDAP is developed and maintained by The OpenLDAP Project (http://www.openldap.org/). diff --git a/doc/man/man5/slapd.conf.5 b/doc/man/man5/slapd.conf.5 index 54c0730b5a..4cd798b38c 100644 --- a/doc/man/man5/slapd.conf.5 +++ b/doc/man/man5/slapd.conf.5 @@ -486,7 +486,9 @@ and read by .BR slurpd (8). See .BR slapd.replog (5) -for more information. +for more information. The specified file should be located +in a directory with limited read/write/execute access as the replication +logs may contain sensitive information. .TP .B rootdn Specify the distinguished name that is not subject to access control diff --git a/doc/man/man8/slurpd.8 b/doc/man/man8/slurpd.8 index 1ea989a946..4323970700 100644 --- a/doc/man/man8/slurpd.8 +++ b/doc/man/man8/slurpd.8 @@ -82,7 +82,8 @@ Specifies the name of the replication logfile. Normally, the name of the replication log file is read from the .B slapd -configuration file. +configuration file. The file should be located in a directory +with limited read/write/execute access. The .B \-r option allows you to override this. In conjunction with the @@ -107,6 +108,8 @@ processes a replication log and exits. .BI \-t " temp\-dir" .B slurpd copies the replication log to a working directory before processing it. +The directory permissions should limit read/write/execute access as +temporary files may contain sensitive information. This option allows you to specify the location of these temporary files. The default is .BR LOCALSTATEDIR/openldap-slurp .