Added LDAP_FILTER_EXT case to filter_free()

[openldap] / doc / guide / admin / slapdconfig.sdf

diff --git a/doc/guide/admin/slapdconfig.sdf b/doc/guide/admin/slapdconfig.sdf
index c34f63ba2ca09ac1acd1cb467a8f9693e88c140a..c37150ff616d586f582f9927701800c642160459 100644 (file)
--- a/doc/guide/admin/slapdconfig.sdf
+++ b/doc/guide/admin/slapdconfig.sdf
@@ -475,18 +475,27 @@ This directive specifies the indexes to maintain for the given
 attribute. If only an {{EX:<attrlist>}} is given, the default
 indexes are maintained.
 
 attribute. If only an {{EX:<attrlist>}} is given, the default
 indexes are maintained.
 

-

 \Example:
 
 >      index default pres,eq
 \Example:
 
 >      index default pres,eq

->      index objectClass,uid
->      index cn,sn eq,sub,approx
+>      index uid
+>      index cn,sn pres,eq,sub
+>      index objectClass eq
+
+The first line sets the default set of indices to maintain to
+present and equality.  The second line causes the default (pres,eq)
+set of indices to be maintained for the {{EX:uid}} attribute type.
+The third line causes present, equality, and substring indices to
+be maintained for {{EX:cn}} and {{EX:sn}} attribute types.  The
+fourth line causes an equality index for the {{EX:objectClass}}
+attribute type.
+
+By default, no indices are maintained.  It is generally advised
+that minimally an equality index upon objectClass be maintained.
+
+>      index objectClass eq
+

 
 

-The first line sets the default set of indices to maintain to present
-and equality.  The second line causes the default (pres,eq) set
-of indices to be maintained for {{EX:objectClass}} and {{EX:uid}} attribute
-types.  The third line causes equality, substring, and approximate
-indices to be maintained for {{EX:cn}} and {{EX:sn}} attribute types.

 
 H4: mode <integer>
 
 
 H4: mode <integer>
 


@@ -757,7 +766,7 @@ to a specific attribute and various {{EX:<who>}} selectors.
 This example applies to entries in the "{{EX:dc=example,dc=com}}"
 subtree. To all attributes except {{EX:homePhone}}, the entry itself
 can write them, other {{EX:example.com}} entries can search by them,
 This example applies to entries in the "{{EX:dc=example,dc=com}}"
 subtree. To all attributes except {{EX:homePhone}}, the entry itself
 can write them, other {{EX:example.com}} entries can search by them,

-anybody else has no access ((implicit {{EX:by * none}}) excepting for
+anybody else has no access (implicit {{EX:by * none}}) excepting for

 authentication/authorization (which is always done anonymously).
 The {{EX:homePhone}} attribute is writable by the entry, searchable
 by other {{EX:example.com}} entries, readable by clients connecting
 authentication/authorization (which is always done anonymously).
 The {{EX:homePhone}} attribute is writable by the entry, searchable
 by other {{EX:example.com}} entries, readable by clients connecting


@@ -858,12 +867,12 @@ Lines 9 and 10 identify the database "super user" entry and associated
 password. This entry is not subject to access control or size or
 time limit restrictions.
 
 password. This entry is not subject to access control or size or
 time limit restrictions.
 

-Lines 11 through 18 are for replication. Line 11 specifies the
+Lines 11 through 18 are for replication. Line 12 specifies the

 replication log file (where changes to the database are logged \-
 replication log file (where changes to the database are logged \-

-this file is written by slapd and read by slurpd). Lines 12 through
-14 specify the hostname and port for a replicated host, the DN to
+this file is written by slapd and read by slurpd). Lines 13 through
+15 specify the hostname and port for a replicated host, the DN to

 bind as when performing updates, the bind method (simple) and the
 bind as when performing updates, the bind method (simple) and the

-credentials (password) for the binddn. Lines 15 through 18 specify
+credentials (password) for the binddn. Lines 16 through 18 specify

 a second replication site.  See the {{SECT:Replication with slurpd}}
 chapter for more information on these directives.
 
 a second replication site.  See the {{SECT:Replication with slurpd}}
 chapter for more information on these directives.
 


@@ -877,17 +886,18 @@ all applicable entries, the {{EX:userPassword}} attribute is writable
 by the entry itself and by the "admin" entry.  It may be used for
 authentication/authorization purposes, but is otherwise not readable.
 All other attributes are writable by the entry and the "admin"
 by the entry itself and by the "admin" entry.  It may be used for
 authentication/authorization purposes, but is otherwise not readable.
 All other attributes are writable by the entry and the "admin"

-entry, but may be read by authenticated users.
+entry, but may be read by all users (authenticated or not).

 
 The next section of the example configuration file defines another
 LDBM database. This one handles queries involving the
 
 The next section of the example configuration file defines another
 LDBM database. This one handles queries involving the

-{{EX:dc=example,dc=net}} subtree.  Note that without line 38, the
-read access would be allowed due to the global access rule at line
-4.
+{{EX:dc=example,dc=net}} subtree but is managed by the same entity
+as the first database.  Note that without line 39, the read access
+would be allowed due to the global access rule at line 4.

 
 E: 33. # ldbm definition for example.net
 E: 34. database ldbm
 E: 35. suffix "dc=example,dc=net"
 E: 36. directory /usr/local/var/ldbm-example-net
 E: 37. rootdn "cn=Manager,dc=example,dc=com"
 
 E: 33. # ldbm definition for example.net
 E: 34. database ldbm
 E: 35. suffix "dc=example,dc=net"
 E: 36. directory /usr/local/var/ldbm-example-net
 E: 37. rootdn "cn=Manager,dc=example,dc=com"

-E: 38. access to * by users read
+E: 38. index objectClass eq
+E: 39. access to * by users read