]> git.sur5r.net Git - openldap/commitdiff
projects / openldap / commitdiff
? search:
summary | shortlog | log | commit | commitdiff | tree
raw | patch | inline | side by side (parent: 546bc9c)
further fulfilment of ITS#3639
authorPierangelo Masarati <ando@openldap.org>
Sat, 9 Apr 2005 00:44:17 +0000 (00:44 +0000)
committerPierangelo Masarati <ando@openldap.org>
Sat, 9 Apr 2005 00:44:17 +0000 (00:44 +0000)
doc/man/man5/slapd-null.5 patch | blob | history
doc/man/man5/slapd-relay.5 patch | blob | history
doc/man/man5/slapd-sql.5 patch | blob | history

diff --git a/doc/man/man5/slapd-null.5 b/doc/man/man5/slapd-null.5
index ee4272f38e513577131f8ad1c8bbdeb2b5ff6e8e..5164a7c4599f2447c4c44c42aa0dd4d41f7d5f91 100644 (file)
--- a/doc/man/man5/slapd-null.5
+++ b/doc/man/man5/slapd-null.5
@@ -42,6 +42,11 @@ suffix   "cn=Nothing"
 bind     on
 .fi
 .RE
 bind     on
 .fi
 .RE
+.SH ACCESS CONTROL
+The
+.B null
+backend does not honor any of the access control semantics described in
+.BR slapd.access (5).
 .SH FILES
 .TP
 ETCDIR/slapd.conf
 .SH FILES
 .TP
 ETCDIR/slapd.conf
diff --git a/doc/man/man5/slapd-relay.5 b/doc/man/man5/slapd-relay.5
index 5a165f3b5ba156baef4a1eb033b47cd312b38209..8aeead99c29e819cf2798fdfb3b11c15bd3010a8 100644 (file)
--- a/doc/man/man5/slapd-relay.5
+++ b/doc/man/man5/slapd-relay.5
@@ -52,7 +52,7 @@ directives described in
 One important issue is that access rules are based on the identity
 that issued the operation.
 After massaging from the virtual to the real naming context, the
 One important issue is that access rules are based on the identity
 that issued the operation.
 After massaging from the virtual to the real naming context, the
-frontend sees the operation as performed by the identty in the
+frontend sees the operation as performed by the identity in the
 real naming context.
 Moreover, since
 .B back-relay
 real naming context.
 Moreover, since
 .B back-relay
@@ -110,8 +110,7 @@ that looks up the real naming context for each operation, use
   database        relay
   suffix          "dc=virtual,dc=naming,dc=context"
   overlay         rwm
   database        relay
   suffix          "dc=virtual,dc=naming,dc=context"
   overlay         rwm
-  suffixmassage   "dc=virtual,dc=naming,dc=context"
-          "dc=real,dc=naming,dc=context"
+  suffixmassage   "dc=real,dc=naming,dc=context"
 .fi
 .LP
 This is useful, for instance, to relay different databases that
 .fi
 .LP
 This is useful, for instance, to relay different databases that
@@ -176,6 +175,20 @@ clause) are in the
 and in the
 .BR "virtual naming context" ,
 respectively.
 and in the
 .BR "virtual naming context" ,
 respectively.
+.SH ACCESS CONTROL
+The
+.B relay
+backend does not honor any of the access control semantics described in
+.BR slapd.access (5);
+all access control is delegated to the relayed database(s).
+Only
+.B read (=r)
+access to the
+.B entry
+pseudo-attribute and to the other attribute values of the entries
+returned by the
+.B search
+operation is honored, which is performed by the frontend.
 .SH FILES
 .TP
 ETCDIR/slapd.conf
 .SH FILES
 .TP
 ETCDIR/slapd.conf
diff --git a/doc/man/man5/slapd-sql.5 b/doc/man/man5/slapd-sql.5
index 03d31c381f08efa9c4a45f0f5a38e17944bbfe00..d7411e555f2a78a992f3a7b412e2b02e39026523 100644 (file)
--- a/doc/man/man5/slapd-sql.5
+++ b/doc/man/man5/slapd-sql.5
@@ -649,6 +649,14 @@ for details.
 .SH EXAMPLES
 There are example SQL modules in the slapd/back-sql/rdbms_depend/
 directory in the OpenLDAP source tree.
 .SH EXAMPLES
 There are example SQL modules in the slapd/back-sql/rdbms_depend/
 directory in the OpenLDAP source tree.
+.SH ACCESS CONTROL
+The 
+.B sql
+backend honors access control semantics as indicated in
+.BR slapd.access (5),
+including the 
+.B disclose
+access privilege.
 .SH FILES
 
 .TP
 .SH FILES
 
 .TP
Cloned from git://git.openldap.org/openldap.git