minimal documentation of authid-rewrite* stuff

author Pierangelo Masarati <ando@openldap.org>

Sun, 22 Nov 2009 14:44:44 +0000 (14:44 +0000)

committer Pierangelo Masarati <ando@openldap.org>

Sun, 22 Nov 2009 14:44:44 +0000 (14:44 +0000)
author Pierangelo Masarati <ando@openldap.org>
Sun, 22 Nov 2009 14:44:44 +0000 (14:44 +0000)
committer Pierangelo Masarati <ando@openldap.org>
Sun, 22 Nov 2009 14:44:44 +0000 (14:44 +0000)
diff --git a/doc/man/man5/slapd.conf.5 b/doc/man/man5/slapd.conf.5

index ff4242e19dac3b6b28021438a37d1fd968e0dfaf..5fe511964cdc556504012da6195b7b292acea298 100644 (file)
--- a/doc/man/man5/slapd.conf.5
+++ b/doc/man/man5/slapd.conf.5
@@ -162,6 +162,21 @@ attribute syntax OID.
  description.) 
  .RE
  .TP
+.B authid\-rewrite<cmd> <args>
+Used by the authentication framework to convert simple user names
+to an LDAP DN used for authorization purposes.
+Its purpose is analogous to that of
+.BR authz-regexp
+(see below).
+The prefix \fIauthid\-\fP is followed by a set of rules analogous
+to those described in
+.BR slapo\-rwm (5)
+for data rewriting (replace the \fIrwm\-\fP prefix with \fIauthid\-\fP).
+.B authid\-rewrite<cmd>
+and
+.B authz\-regexp
+rules should not be intermixed.
+.TP
  .B authz\-policy <policy>
  Used to specify which rules to use for Proxy Authorization.  Proxy
  authorization allows a client to authenticate to the server using one
author	Pierangelo Masarati <ando@openldap.org>
	Sun, 22 Nov 2009 14:44:44 +0000 (14:44 +0000)
committer	Pierangelo Masarati <ando@openldap.org>
	Sun, 22 Nov 2009 14:44:44 +0000 (14:44 +0000)