name can also be used with a suffix of the form ":xx" in which case the
value "oid.xx" will be used.
.TP
-.B pidfile <filename>
-The ( absolute ) name of a file that will hold the
-.B slapd
-server's process ID ( see
-.BR getpid (2)
-) if started without the debugging command line option.
-.TP
.B password-hash <hash>
The <hash> to use for userPassword generation. One of
.BR {SSHA} ,
The default is
.BR {SSHA} .
.TP
+.B pidfile <filename>
+The ( absolute ) name of a file that will hold the
+.B slapd
+server's process ID ( see
+.BR getpid (2)
+) if started without the debugging command line option.
+.TP
.B referral <url>
Specify the referral to pass back when
.BR slapd (8)
.B sasl-host <fqdn>
Used to specify the fully qualified domain name used for SASL processing.
.TP
-.B sasl-realm <string>
-Used to specify Cyrus SASL realm.
-.TP
-.B sasl-secprops <properties>
-Used to specify Cyrus SASL security properties.
-The
-.B none
-flag (without any other properities) causes the flag properites
-defaults ("noanonymous,noplain") to be cleared.
-The
-.B noplain
-flag disables mechanisms susceptible to simple passive attacks.
-The
-.B noactive
-flag disables mechanisms susceptible to active attacks.
-The
-.B nodict
-flag disables mechanisms susceptible to passive dictionary attacks.
-The
-.B noanonyous
-flag disables mechanisms which support anonymous login.
-The
-.B forwardsec
-flag require forward secrecy between sessions.
-The
-.B passcred
-require mechanisms which pass client credentials (and allow
-mechanisms which can pass credentials to do so).
-The
-.B minssf=<factor>
-property specifies the minimum acceptable
-.I security strength factor
-as an integer approximate to effective key length used for
-encryption. 0 (zero) implies no protection, 1 implies integrity
-protection only, 56 allows DES or other weak ciphers, 112
-allows triple DES and other strong ciphers, 128 allows RC4,
-Blowfish and other modern strong ciphers. The default is 0.
-The
-.B maxssf=<factor>
-property specifies the maximum acceptable
-.I security strength factor
-as an integer (see minssf description). The default is INT_MAX.
-The
-.B maxbufsize=<factor>
-property specifies the maximum security layer receive buffer
-size allowed. 0 disables security layers. The default is 65536.
+.B sasl-realm <realm>
+Specify SASL realm. Default is empty.
.TP
-.B saslregexp <match> <replace>
+.B sasl-regexp <match> <replace>
Used by the SASL authorization mechanism to convert a SASL authenticated
username to an LDAP DN. When an authorization request is received, the SASL
.B USERNAME, REALM,
.RS
.RS
.TP
-.B uid=(.*)+realm=.*
+.B uid=(.*)\\\\+realm=.*
.RE
.RE
server will use the URI to search its own database, and if the search returns
exactly one entry, the SASL name is replaced by the DN of that entry.
Multiple
-.B saslregexp
+.B sasl-regexp
options can be given in the configuration file to allow for multiple matching
and replacement patterns. The matching patterns are checked in the order they
appear in the file, stopping at the first successful match.
plus sign with a double backslash \\\\+ to remove the character's special meaning.
.RE
.TP
+.B sasl-secprops <properties>
+Used to specify Cyrus SASL security properties.
+The
+.B none
+flag (without any other properities) causes the flag properites
+default, "noanonymous,noplain", to be cleared.
+The
+.B noplain
+flag disables mechanisms susceptible to simple passive attacks.
+The
+.B noactive
+flag disables mechanisms susceptible to active attacks.
+The
+.B nodict
+flag disables mechanisms susceptible to passive dictionary attacks.
+The
+.B noanonyous
+flag disables mechanisms which support anonymous login.
+The
+.B forwardsec
+flag require forward secrecy between sessions.
+The
+.B passcred
+require mechanisms which pass client credentials (and allow
+mechanisms which can pass credentials to do so).
+The
+.B minssf=<factor>
+property specifies the minimum acceptable
+.I security strength factor
+as an integer approximate to effective key length used for
+encryption. 0 (zero) implies no protection, 1 implies integrity
+protection only, 56 allows DES or other weak ciphers, 112
+allows triple DES and other strong ciphers, 128 allows RC4,
+Blowfish and other modern strong ciphers. The default is 0.
+The
+.B maxssf=<factor>
+property specifies the maximum acceptable
+.I security strength factor
+as an integer (see minssf description). The default is INT_MAX.
+The
+.B maxbufsize=<factor>
+property specifies the maximum security layer receive buffer
+size allowed. 0 disables security layers. The default is 65536.
+.TP
.B schemacheck { on | off }
Turn schema checking on or off. The default is on.
.TP
Specify the maximum number of entries to return from a search operation.
The default size limit is 500.
.TP
-.B sasl-realm <realm>
-Specify SASL realm. Default is empty.
-.TP
-.B sasl-secprops <props>
-Cyrus SASL security properties. Default is "noanonymous,noplain".
-.TP
.B srvtab <filename>
Specify the srvtab file in which the kerberos keys necessary for
authenticating clients using kerberos can be found. This option is only
projects / openldap / commitdiff