X-Git-Url: https://git.sur5r.net/?a=blobdiff_plain;f=doc%2Fguide%2Fadmin%2Fslapdconfig.sdf;h=c37150ff616d586f582f9927701800c642160459;hb=50277c6abea63db90cf374b538215b4a63ae549e;hp=c34f63ba2ca09ac1acd1cb467a8f9693e88c140a;hpb=d0a77750fb1a53519cdf587d7746dfea7604e65d;p=openldap diff --git a/doc/guide/admin/slapdconfig.sdf b/doc/guide/admin/slapdconfig.sdf index c34f63ba2c..c37150ff61 100644 --- a/doc/guide/admin/slapdconfig.sdf +++ b/doc/guide/admin/slapdconfig.sdf @@ -475,18 +475,27 @@ This directive specifies the indexes to maintain for the given attribute. If only an {{EX:}} is given, the default indexes are maintained. - \Example: > index default pres,eq -> index objectClass,uid -> index cn,sn eq,sub,approx +> index uid +> index cn,sn pres,eq,sub +> index objectClass eq + +The first line sets the default set of indices to maintain to +present and equality. The second line causes the default (pres,eq) +set of indices to be maintained for the {{EX:uid}} attribute type. +The third line causes present, equality, and substring indices to +be maintained for {{EX:cn}} and {{EX:sn}} attribute types. The +fourth line causes an equality index for the {{EX:objectClass}} +attribute type. + +By default, no indices are maintained. It is generally advised +that minimally an equality index upon objectClass be maintained. + +> index objectClass eq + -The first line sets the default set of indices to maintain to present -and equality. The second line causes the default (pres,eq) set -of indices to be maintained for {{EX:objectClass}} and {{EX:uid}} attribute -types. The third line causes equality, substring, and approximate -indices to be maintained for {{EX:cn}} and {{EX:sn}} attribute types. H4: mode @@ -757,7 +766,7 @@ to a specific attribute and various {{EX:}} selectors. This example applies to entries in the "{{EX:dc=example,dc=com}}" subtree. To all attributes except {{EX:homePhone}}, the entry itself can write them, other {{EX:example.com}} entries can search by them, -anybody else has no access ((implicit {{EX:by * none}}) excepting for +anybody else has no access (implicit {{EX:by * none}}) excepting for authentication/authorization (which is always done anonymously). The {{EX:homePhone}} attribute is writable by the entry, searchable by other {{EX:example.com}} entries, readable by clients connecting @@ -858,12 +867,12 @@ Lines 9 and 10 identify the database "super user" entry and associated password. This entry is not subject to access control or size or time limit restrictions. -Lines 11 through 18 are for replication. Line 11 specifies the +Lines 11 through 18 are for replication. Line 12 specifies the replication log file (where changes to the database are logged \- -this file is written by slapd and read by slurpd). Lines 12 through -14 specify the hostname and port for a replicated host, the DN to +this file is written by slapd and read by slurpd). Lines 13 through +15 specify the hostname and port for a replicated host, the DN to bind as when performing updates, the bind method (simple) and the -credentials (password) for the binddn. Lines 15 through 18 specify +credentials (password) for the binddn. Lines 16 through 18 specify a second replication site. See the {{SECT:Replication with slurpd}} chapter for more information on these directives. @@ -877,17 +886,18 @@ all applicable entries, the {{EX:userPassword}} attribute is writable by the entry itself and by the "admin" entry. It may be used for authentication/authorization purposes, but is otherwise not readable. All other attributes are writable by the entry and the "admin" -entry, but may be read by authenticated users. +entry, but may be read by all users (authenticated or not). The next section of the example configuration file defines another LDBM database. This one handles queries involving the -{{EX:dc=example,dc=net}} subtree. Note that without line 38, the -read access would be allowed due to the global access rule at line -4. +{{EX:dc=example,dc=net}} subtree but is managed by the same entity +as the first database. Note that without line 39, the read access +would be allowed due to the global access rule at line 4. E: 33. # ldbm definition for example.net E: 34. database ldbm E: 35. suffix "dc=example,dc=net" E: 36. directory /usr/local/var/ldbm-example-net E: 37. rootdn "cn=Manager,dc=example,dc=com" -E: 38. access to * by users read +E: 38. index objectClass eq +E: 39. access to * by users read