ITS#2497 value-level ACLs

author Howard Chu <hyc@openldap.org>

Sun, 21 Sep 2003 10:34:40 +0000 (10:34 +0000)

committer Howard Chu <hyc@openldap.org>

Sun, 21 Sep 2003 10:34:40 +0000 (10:34 +0000)
author Howard Chu <hyc@openldap.org>
Sun, 21 Sep 2003 10:34:40 +0000 (10:34 +0000)
committer Howard Chu <hyc@openldap.org>
Sun, 21 Sep 2003 10:34:40 +0000 (10:34 +0000)
diff --git a/doc/man/man5/slapd.access.5 b/doc/man/man5/slapd.access.5

index 2234e85abffad6e4bb25082b5d892cc90f95cfcc..4134cecab31cc4c95e1aa460444e96fb14bd55d5 100644 (file)
--- a/doc/man/man5/slapd.access.5
+++ b/doc/man/man5/slapd.access.5
@@ -123,7 +123,21 @@ indicating access to the entry's children. ObjectClass names may also
  be specified in this list, which will affect all the attributes that
  are required and/or allowed by that objectClass.
  .LP
-The last three statements are additive; they can be used in sequence 
+Using the form
+.B attrs=<attr> val[.<style>]=<value>
+specifies access to a particular value of a single attribute.
+In this case, only a single attribute type may be given. A value
+.B <style>
+of
+.B exact
+(the default) uses the attribute's equality matching rule to compare the
+value. If the
+.B <style>
+is
+.BR regex ,
+the provided value is used as a regular expression pattern.
+.LP
+The dn, filter, and attrs statements are additive; they can be used in sequence 
  to select entities the access rule applies to based on naming context,
  value and attribute type simultaneously.
  .LP
author	Howard Chu <hyc@openldap.org>
	Sun, 21 Sep 2003 10:34:40 +0000 (10:34 +0000)
committer	Howard Chu <hyc@openldap.org>
	Sun, 21 Sep 2003 10:34:40 +0000 (10:34 +0000)