.BI \-S \ attribute
Sort the entries returned based on \fIattribute\fP. The default is not
to sort entries returned. If \fIattribute\fP is a zero-length string (""),
-the entries are sorted by the components of their Distingished Name. See
+the entries are sorted by the components of their Distinguished Name. See
.BR ldap_sort (3)
for more details. Note that
.B ldapsearch
.B bv_len
octets.
.B bv_val
-is not necessarly terminated by a NUL (zero) octet.
+is not necessarily terminated by a NUL (zero) octet.
.BR ber_bvfree ()
frees a BerValue, pointed to by \fIbv\fP, returned from this API. If \fIbv\fP
is NULL, the routine does nothing.
.BR ldap_err2string (3).
.SH LDAP versions
This library supports version 3 of the Lightweight Directory Access
-Protocol (LDAPv3) as defined in RFC 3377. It also supports a varient
+Protocol (LDAPv3) as defined in RFC 3377. It also supports a variant
of version 2 of LDAP as defined by U-Mich LDAP and, to some degree,
-RFC 1777. Version 2 (all varients) should be viewed as obsolete.
+RFC 1777. Version 2 (all variants) should be viewed as obsolete.
Version 3 should be used instead.
.LP
For backwards compatibility reasons, the library defaults to version 2.
.BR ldap_get_dn (3)
into a more user-friendly form, stripping off all type names. See
"Using the Directory to Achieve User Friendly Naming" (RFC 1781)
-for more details on the UFN format. Due to the ambigious nature
+for more details on the UFN format. Due to the ambiguous nature
of the format, it is generally only used for display purposes.
The space for the UFN returned is obtained dynamically and the user
is responsible for freeing it via a call to
.LP
A search response is made up of zero or
more search entries, zero or more search references, and zero or
-more extended parital responses followed by a search result. If
+more extended partial responses followed by a search result. If
\fIall\fP is set to 0, search entries will be returned one at a
time as they come in, via separate calls to
.BR ldap_result() .
If it's set to 1, the search
response will only be returned in its entirety, i.e., after all entries,
-all references, all extended parital responses, and the final search
+all references, all extended partial responses, and the final search
result have been received.
.LP
Upon success, the type of the result received is returned and the
These routines are used to parse schema definitions in the syntax
defined in RFC 2252 into structs and handle these structs. These
routines handle four kinds of definitions: syntaxes, matching rules,
-attribute types and objectclasses. For each definition kind, four
+attribute types and object classes. For each definition kind, four
routines are provided.
.LP
.B ldap_str2xxx()
\fIScope\fP is the scope of the search and should be one of LDAP_SCOPE_BASE,
to search the object itself,
LDAP_SCOPE_ONELEVEL, to search the object's immediate children,
-or LDAP_SCOPE_SUBTREE, to search the object and all its descendents.
+or LDAP_SCOPE_SUBTREE, to search the object and all its descendants.
.LP
\fIFilter\fP is a string
representation of the filter to apply in the search. Simple filters
Specifies the URI(s) of an LDAP server(s) to which the
.I LDAP
library should connect. The URI scheme may be either
-.BR ldap or
+.B ldap
+or
.B ldaps
which refer to LDAP over TCP and LDAP over SSL (TLS) respectively.
Each server's name can be specified as a
.TP
.B TLS_CRLCHECK <level>
Specifies if the Certificate Revocation List (CRL) of the CA should be
-used to verify if the server certicates have not been revoked. This
+used to verify if the server certificates have not been revoked. This
requires
.B TLS_CACERTDIR
parameter to be set.
.ft
.fi
.LP
-Lines beginning with a sharpe sign ('#') are ignored.
+Lines beginning with a sharp sign ('#') are ignored.
.LP
Multiple attribute values are specified on separate lines, e.g.,
.LP
.B rebind-as-user {NO|yes}
If this option is given, the client's bind credentials are remembered
for rebinds when chasing referrals. Useful when
-\fBchase-referrals\fP is set to \fByes\P, useless otherwise.
+\fBchase-referrals\fP is set to \fByes\fP, useless otherwise.
.TP
.B chase-referrals {YES|no}
(see \fIdraft-zeilenga-ldap-t-f\fP for details).
If set to
.BR discover ,
-support is detected by reading the remote server's rootDSE.
+support is detected by reading the remote server's root DSE.
.SH BACKWARD COMPATIBILITY
The LDAP backend has been heavily reworked between releases 2.2 and 2.3;
.B idassert-authcDN "<administrative DN for proxyAuthz purposes>"
DN which is used to propagate the client's identity to the target
by means of the proxyAuthz control when the client does not
-belong to the DIT fragment that is being proxyied by back-ldap.
+belong to the DIT fragment that is being proxied by back-ldap.
This directive is obsoleted by
.BR idassert-bind ,
and may be dismissed in the future.
seconds.
Implies
.B dbnosync
-(ie. indvidual updates are no longer written to disk).
+(ie. individual updates are no longer written to disk).
It attempts to avoid syncs during periods of peak activity by waiting
.B <delayinterval>
seconds if the server is busy, repeating this delay up to
.SH SEE ALSO
.BR slapd.conf (5),
.BR slapd (8),
-.BR LDIF (5).
+.BR ldif (5).
.SH AUTHOR
Eric Stokes
be separated by TABs (e.g. '\\t'; commas or spaces, unlike back-ldap,
will not work,
because they are legal in the <naming context>, and we don't want to use
-URL-encoded <namimg context>s), and the additional URIs must have
+URL-encoded <naming context>s), and the additional URIs must have
no <naming context> part. This causes the underlying library
to contact the first server of the list that responds.
.RE
(see \fIdraft-zeilenga-ldap-t-f\fP for details).
If set to
.BR discover ,
-support is detected by reading the remote server's rootDSE.
+support is detected by reading the remote server's root DSE.
.TP
.B onerr {CONTINUE|stop}
This directive allows to select the behavior in case an error is returned
-by one targe during a search.
+by one target during a search.
The default, \fBcontinue\fP, consists in continuing the operation,
trying to return as much data as possible.
If this statement is set to \fBstop\fP, the search is terminated as soon
The underlying concept is to build a lightweight rewrite module
for the slapd server (initially dedicated to the LDAP backend).
.SH Passes
-An incoming string is matched agains a set of rules.
+An incoming string is matched against a set of rules.
Rules are made of a regex match pattern, a substitution pattern
and a set of actions, described by a set of flags.
In case of match a string rewriting is performed according to the
The substitution pattern allows map resolution of substrings.
A map is a generic object that maps a substitution pattern to a value.
The flags are divided in "Pattern matching Flags" and "Action Flags";
-the former alter the regex match pattern behaviorm while the latter
+the former alter the regex match pattern behavior while the latter
alter the action that is taken after substitution.
.SH "Pattern Matching Flags"
.TP
assigns a variable in the rewrite context scope; operator
.B &&
assigns a variable that scopes the entire session, e.g. its value
-can be derefenced later by other rewrite contexts
+can be dereferenced later by other rewrite contexts
.TP
.B *
variable dereferencing; <name> must refer to a variable that is
<Context name> is the name that identifies the context, i.e. the name
used by the application to refer to the set of rules it contains.
It is used also to reference sub contexts in string rewriting.
-A context may aliase another one.
+A context may alias another one.
In this case the alias context contains no rule, and any reference to
it will result in accessing the aliased one.
.TP
* object reference
* base DN
* scope
- * alias deferencing policy
+ * alias dereferencing policy
* size limit
* time limit
* filter string
returned directly to the client.
.SH EXAMPLE
There is an example Perl module `SampleLDAP' in the slapd/back-perl/
-direcetory in the OpenLDAP source tree.
+directory in the OpenLDAP source tree.
.SH ACCESS CONTROL
The
.B passwd
suffix, and the scope is subtree; rather collect all entries.
.RE
-.SH STAMEMENT CONFIGURATION
+.SH STATEMENT CONFIGURATION
These options specify SQL query templates for loading schema mapping
metainformation, adding and deleting entries to ldap_entries, etc.
All these and subtree_cond should have the given default values.
.B has_ldapinfo_dn_ru { NO | yes }
Explicitly inform the backend whether the dn_ru column
(DN in reverse uppercased form) is present in table \fIldap_entries\fP.
-Overrides automatic check (this is required, ofr instance,
+Overrides automatic check (this is required, for instance,
by PostgreSQL/unixODBC).
This is \fIexperimental\fP and may change in future releases.
.LP
The \fBhasSubordintes\fP operational attribute is honored by back-sql
in search results and in compare operations; it is partially honored
-also in filtering. Owing to design limitations, a (braindead?) filter
+also in filtering. Owing to design limitations, a (brain-dead?) filter
of the form
\fB(!(hasSubordinates=TRUE))\fP
will give no results instead of returning all the leaf entries, because
.B modify
operation requires
.B write (=w)
-privileges on the attibutes being modified.
+privileges on the attributes being modified.
.LP
The
.B modrdn
and
.B <who>
clauses, to avoid possible incorrect specifications of the access rules
-as well as for performance (avoid unrequired regex matching when an exact
+as well as for performance (avoid unnecessary regex matching when an exact
match suffices) reasons.
.LP
An administrator might create a rule of the form:
.TP
.B TLSCRLCheck <level>
Specifies if the Certificate Revocation List (CRL) of the CA should be
-used to verify if the client certicates have not been revoked. This
+used to verify if the client certificates have not been revoked. This
requires
.B TLSCACertificatePath
parameter to be set.
.BR unchecked
specifier sets a limit on the number of candidates a search request is allowed
to examine.
-The rationale behind it is that searches for non-properly indicized
+The rationale behind it is that searches for non-properly indexed
attributes may result in large sets of candidates, which must be
examined by
.BR slapd (8)
to determine whether they match the search filter or not.
The
-.B unckeched
+.B unchecked
limit provides a means to drop such operations before they are even
started.
If the selected candidates exceed the
In general the search path is made of colon-separated paths; usually
the user-defined path is searched first; then the value of the
\fILTDL_LIBRARY_PATH\fP environment variable, if defined, is used;
-finally, the systemi-specific dynamic load path is attempted (e.g. on
+finally, the system-specific dynamic load path is attempted (e.g. on
Linux the value of the environment variable \fILD_LIBRARY_PATH\fP).
Please carefully read the documentation of ltdl because its behavior
is very platform dependent.
.RE
.P
Note that all of the OIDs used in the logging schema currently reside
-under the OpenLDAP Experimental branch. It is anticipated that thay
+under the OpenLDAP Experimental branch. It is anticipated that they
will migrate to a Standard branch in the future.
An overview of the attributes follows:
circumstances.
The
-.BR reqControls and
+.B reqControls
+and
.B reqRespControls
attributes carry any controls sent by the client on the request and returned
by the server in the response, respectively. The attribute values are just
.LP
There are no chain overlay specific directives; however, directives
related to the \fIldap\fP database that is implicitly instantiated
-by the overlay may assume a special meaning when used in conjuction
+by the overlay may assume a special meaning when used in conjunction
with this overlay. They are described in
.BR slapd-ldap (5).
.TP
.\" Copying restrictions apply. See the COPYRIGHT file.
.\" $OpenLDAP$
.SH NAME
-slapo-dynlist \- dynnamic list overlay
+slapo-dynlist \- Dynamic List overlay
.SH SYNOPSIS
ETCDIR/slapd.conf
.SH DESCRIPTION
.B dynlist-member-ad <attributeName>
The name of the attributeDescription that will list the DN of the entries
resulting from the internal search. This statement is optional and, if
-present, changes the behvior of the overlay into that of a dynamic group.
+present, changes the behavior of the overlay into that of a dynamic group.
The <attrs> portion of the URI is ignored, and the DNs of all the entries
resulting from the expansion of the URI are listed as values of this
attribute.
optional \fBasync\fP keyword is supplied, searches against this database may
be spawned in a separate thread to run concurrently with other operations
(currently not implemented). If the optional \fBadvertise\fP flag
-is supplied, the naming context is advertised in the rootDSE.
+is supplied, the naming context is advertised in the root DSE.
.SH FILES
.TP
ETCDIR/slapd.conf
.LP
The
.B lastmod
-overlay creates aa service entry rooted at the suffix of the database
+overlay creates a service entry rooted at the suffix of the database
it's stacked onto, which holds the DN, the modification type,
the modifiersName and the modifyTimestamp of the last write operation
performed on that database.
.B lastmodEnabled
.P
This attribute contains a boolean flag that determines the status
-of the overlay. It can be latered via protocol by issuing a modify
+of the overlay. It can be altered via protocol by issuing a modify
operation that replaces the value of the attribute.
.LP
.RS 4
.B lastmodDN
.P
-This attribute contains the distingyished name of the entry
+This attribute contains the distinguished name of the entry
that was last modified within the naming context of a database.
.LP
.RS 4
.SH ACKNOWLEDGEMENTS
.P
-This module was written in 2004 by Pierangelo Masarati in fulfilment
+This module was written in 2004 by Pierangelo Masarati in fulfillment
of requirements from SysNet s.n.c.; this man page has been copied
from
.BR slapo-ppolicy (5),
Specify that cleartext passwords present in Add and Modify requests should
be hashed before being stored in the database. This violates the X.500
information model, but may be needed to compensate for LDAP clients that
-don't use the PasswordModify exop to manage passwords.
+don't use the Password Modify exop to manage passwords.
.TP
.B ppolicy_use_lockout
A client will always receive an LDAP
module will enforce the default password policy rules on the
user associated with this authenticating DN. If there is no
default, or the referenced subentry does not exist, then no
-policy rules wil be enforced.
+policy rules will be enforced.
.LP
.RS 4
( 1.3.6.1.4.1.42.2.27.8.1.23
.\" Copyright 1998-2004 The OpenLDAP Foundation, All Rights Reserved.
.\" Copying restrictions apply. See the COPYRIGHT file.
.\" Copyright 2001, Pierangelo Masarati, All rights reserved. <ando@sys-net.it>
-.\" $Header$
+.\" $OpenLDAP$
.SH NAME
-slapo-retcode \- dynamic listing overlay
+slapo-retcode \- return code overlay
.SH SYNOPSIS
ETCDIR/slapd.conf
.SH DESCRIPTION
.B retcode
overlay to
.BR slapd (8)
-is usefult to test the behavior of clients when server-generated erroneous
+is useful to test the behavior of clients when server-generated erroneous
and/or unusual responses occur, e.g. error codes, referrals,
excessive response times and so on.
same purpose, etc.
If local or foreign name is `*', the name is preserved.
If local name is omitted, the foreign name is removed.
-Unmapped names are preseved if both local and foreign name are `*',
+Unmapped names are preserved if both local and foreign name are `*',
and removed if local name is omitted and foreign name is `*'.
.LP
The local
for the slapd server (initially dedicated to the LDAP backend):
.LP
.SH Passes
-An incoming string is matched agains a set of
+An incoming string is matched against a set of
.IR rewriteRules .
Rules are made of a
.IR "regex match pattern" ,
assigns a variable in the rewrite context scope; operator
.B &&
assigns a variable that scopes the entire session, e.g. its value
-can be derefenced later by other rewrite contexts
+can be dereferenced later by other rewrite contexts
.TP
.B *
variable dereferencing; <name> must refer to a variable that is
<Context name> is the name that identifies the context, i.e. the name
used by the application to refer to the set of rules it contains.
It is used also to reference sub contexts in string rewriting.
-A context may aliase another one.
+A context may alias another one.
In this case the alias context contains no rule, and any reference to
it will result in accessing the aliased one.
.TP
The contextCSN is updated for every write operation performed against the
database. To reduce database contention, the contextCSN is only updated in
-memory. The value is written to the detabase on server shutdown and read into
+memory. The value is written to the database on server shutdown and read into
memory on startup, and maintained in memory thereafter. Checkpoints may be
configured to write the contextCSN into the underlying database to minimize
recovery time after an unclean shutdown.
.B Slaptest
is used to check the conformance of the
.BR slapd.conf (5)
-configurtion file.
+configuration file.
It opens the
.BR slapd.conf (5)
configuration file, and parses it according to the general
If the replication log file does not exist or is empty,
.B slurpd
goes to sleep. It periodically wakes up and checks to see if there
-are any changes to be propoagated.
+are any changes to be propagated.
.LP
When
.B slurpd
projects / openldap / commitdiff