X-Git-Url: https://git.sur5r.net/?a=blobdiff_plain;f=doc%2Fman%2Fman5%2Fslapd-ldap.5;h=1d015bf8d9166550359debd9ff6aedcd24aec3cc;hb=05a84fb025ed397624730b3b5d79c15cc80c4357;hp=b3949472eb8163d2e5fb0b6d16a912f985780591;hpb=5ce0e3afb13fb413e0104beaf282f5217cd7dbc5;p=openldap diff --git a/doc/man/man5/slapd-ldap.5 b/doc/man/man5/slapd-ldap.5 index b3949472eb..1d015bf8d9 100644 --- a/doc/man/man5/slapd-ldap.5 +++ b/doc/man/man5/slapd-ldap.5 @@ -1,5 +1,5 @@ .TH SLAPD-LDAP 5 "RELEASEDATE" "OpenLDAP LDVERSION" -.\" Copyright 1998-2003 The OpenLDAP Foundation All Rights Reserved. +.\" Copyright 1998-2004 The OpenLDAP Foundation All Rights Reserved. .\" Copying restrictions apply. See COPYRIGHT/LICENSE. .\" $OpenLDAP$ .SH NAME @@ -33,9 +33,13 @@ Other database options are described in the manual page. .LP Note: It is strongly recommended to set +.LP .RS +.nf lastmod off +.fi .RE +.LP for every .B ldap and @@ -68,6 +72,32 @@ check permissions. .B bindpw Password used with the bind DN above. .TP +.B proxyauthzdn "" +DN which is used to propagate the client's identity to the target +by means of the proxyAuthz control when the client does not +belong to the DIT fragment that is being proxyied by back-ldap. +This is useful when operations performed by users bound to another +backend are propagated through back-ldap. +This requires the entry with +.B proxyauthzdn +identity on the remote server to have +.B proxyAuthz +privileges on a wide set of DNs, e.g. +.BR authzTo=dn.regex:.* , +and the remote server to have +.B authz-policy +set to +.B to +or +.BR both . +See +.BR slapd.conf (5) +for details on these statements and for remarks and drawbacks about +their usage. +.TP +.B proxyauthzpw +Password used with the proxy authzDN above. +.TP .B proxy-whoami Turns on proxying of the WhoAmI extended operation. If this option is given, back-ldap will replace slapd's original WhoAmI routine with its