minimal documentation of olcAuthIDRewrite

author Pierangelo Masarati <ando@openldap.org>

Sun, 22 Nov 2009 20:56:36 +0000 (20:56 +0000)

committer Pierangelo Masarati <ando@openldap.org>

Sun, 22 Nov 2009 20:56:36 +0000 (20:56 +0000)
author Pierangelo Masarati <ando@openldap.org>
Sun, 22 Nov 2009 20:56:36 +0000 (20:56 +0000)
committer Pierangelo Masarati <ando@openldap.org>
Sun, 22 Nov 2009 20:56:36 +0000 (20:56 +0000)
diff --git a/doc/man/man5/slapd-config.5 b/doc/man/man5/slapd-config.5

index 24d00bb4906dac94a9ded4123e565db16782c1d6..555ae7c6f2147613451542396a0b10d48c30ddc0 100644 (file)
--- a/doc/man/man5/slapd-config.5
+++ b/doc/man/man5/slapd-config.5
@@ -172,6 +172,22 @@ Other options should be registered with IANA, see RFC 4520 section 3.5.
  OpenLDAP also has the `binary' option built in, but this is a transfer
  option, not a tagging option.
  .TP
+.B olcAuthIDRewrite: <rewrite\-rule>
+Used by the authentication framework to convert simple user names
+to an LDAP DN used for authorization purposes.
+Its purpose is analogous to that of
+.BR olcAuthzRegexp
+(see below).
+The
+.B rewrite\-rule
+is a set of rules analogous to those described in
+.BR slapo\-rwm (5)
+for data rewriting (after stripping the \fIrwm\-\fP prefix).
+.B olcAuthIDRewrite
+and
+.B olcAuthzRegexp
+should not be intermixed.
+.TP
  .B olcAuthzPolicy: <policy>
  Used to specify which rules to use for Proxy Authorization.  Proxy
  authorization allows a client to authenticate to the server using one
author	Pierangelo Masarati <ando@openldap.org>
	Sun, 22 Nov 2009 20:56:36 +0000 (20:56 +0000)
committer	Pierangelo Masarati <ando@openldap.org>
	Sun, 22 Nov 2009 20:56:36 +0000 (20:56 +0000)