.PD
.RE
.RE
+.TP
+.B moduleload <filename>
+Specify the name of a dynamically loadable module to load. The filename
+may be an absolute path name or a simple filename. Non-absolute names
+are searched for in the directories specified by the
+.B modulepath
+option. This option and the
+.B modulepath
+option are only usable if slapd was compiled with --enable-modules.
+.TP
+.B modulepath <pathspec>
+Specify a list of directories to search for loadable modules. Typically
+the path is colon-separated but this depends on the operating system.
.HP
.B objectclass ( <oid> [NAME <name>] [DESC <description] [OBSOLETE]\
[SUP <oids>] [{ ABSTRACT | STRUCTURAL | AUXILIARY }] [MUST <oids>]\
.RS
.RS
.TP
-.B uid=<UID>[,cn=<REALM>][,cn=<MECH>],cn=AUTHZ
+.B uid=<username>[,cn=<realm>],cn=<mechanism>,cn=auth
.RE
This SASL name is then compared against the
.RS
.RS
.TP
-.B uid=(.*)\\\\+realm=.*
+.B uid=(.*),cn=.*
.RE
.RE
and replacement patterns. The matching patterns are checked in the order they
appear in the file, stopping at the first successful match.
-.B Caution:
-Because the plus sign + is a character recognized by the regular expression engine,
-and it will appear in SASL names that include a REALM, be careful to escape the
-plus sign with a backslash \\+ to remove the character's special meaning.
+.\".B Caution:
+.\"Because the plus sign + is a character recognized by the regular expression engine,
+.\"and it will appear in SASL names that include a REALM, be careful to escape the
+.\"plus sign with a backslash \\+ to remove the character's special meaning.
.RE
.TP
.B sasl-secprops <properties>
See
.BR limits
for an explanation of the different flags.
+.TP
+.B ucdata-path <path>
+Specify the path to the directory containing the Unicode character
+tables. The default path is LOCALSTATEDIR/ucdata.
.SH TLS OPTIONS
If
.B slapd
.B slapd
will recognize.
.TP
+.B TLSCACertificatePath <path>
+Specifies the path of a directory that contains Certificate Authority
+certificates in separate individual files. Usually only one of this
+or the TLSCACertificateFile is used.
+.TP
.B TLSCertificateFile <filename>
Specifies the file that contains the
.B slapd
modifiersName, modifyTimestamp, creatorsName, and
createTimestamp attributes for entries. By default, lastmod is on.
.TP
+.B maxderefdepth <depth>
+Specifies the maximum number of aliases to dereference when trying to
+resolve an entry, used to avoid inifinite alias loops. The default is 1.
+.TP
.B readonly on | off
This option puts the database into "read-only" mode. Any attempts to
modify the database will return an "unwilling to perform" error. By
backend database. Multiple suffix lines can be given and at least one is
required for each database definition.
.TP
+.B suffixalias <alias> <aliased suffix>
+Specify an alternate suffix that may be used to reference an already defined
+database suffix. Operations specifying DNs residing under the alias
+will execute as if they had specified the aliased suffix.
+.TP
.B subordinate
Specify that the current backend database is a subordinate of another
backend database. A subordinate database may have only one suffix. This
projects / openldap / commitdiff