OpenLDAP clients and servers require installation of {{PRD:Cyrus}}
SASL libraries to provide {{TERM[expand]SASL}} services. Though
-some operating sytems may provide this library as part of the
+some operating systems may provide this library as part of the
base system or as an optional software component, Cyrus SASL
often requires separate installation.
{{slapd}}(8) supports TCP wrappers (IP level access control filters)
if preinstalled. Use of TCP wrappers or other IP level access
-filters (such as those provided by IP firewalls) is recommended
+filters (such as those provided by IP firewall) is recommended
for servers containing non-public information.
that version 3.1 is being used.)
The following example shows how to run {{EX:configure}} and specify where to
-find BerkeleyDB and turn on the DNSSRV backend. The example should be
-entered on a single line (it has been split onto seperate lines for clarity.)
+find BerkeleyDB and turn on the DNS-SRV backend. The example should be
+entered on a single line (it has been split onto separate lines for clarity.)
> env CPPFLAGS="-I/usr/local/BerkeleyDB.3.1/include" \
> LDFLAGS="-L/usr/local/BerkeleyDB.3.1/lib" \
> Please "make depend" to build dependencies
If the last line of output does not match, {{EX:configure}} has failed.
-You should not proceed until {{EX:configure}} completes sucessfuly.
+You should not proceed until {{EX:configure}} completes successfully.
To build dependencies, run:
> make depend
..{{EX:database ldbm}}
-.This marks the begining of the database configuration for {{slapd}}.
+.This marks the beginning of the database configuration for {{slapd}}.
Everything you will need to change for this example is located
after this line.
{{F:slapd.conf}}(5). Lines that begin with a sharp sign ('{{EX:#}}')
are considered to be comments by slapd, they have been removed
from the listing below to save space. If a line starts with
-white space it is considered a continuation of the preceeding
+white space it is considered a continuation of the preceding
line.
..{{EX:suffix "dc=my-domain, dc=com"}}
a subtree.
Subordinate knowledge information is maintained in the directory
as a special {{referral}} object at the delegate point.
-The referral object acts as a delegation point, gluing two servcies
+The referral object acts as a delegation point, gluing two services
together.
-This mechanism allows for hierarchial directory services to to be
+This mechanism allows for hierarchical directory services to to be
constructed.
A referral object has an structural object class of
H2: ManageDSAit
Adding, modify, and deleting referral objects is generally done
-using {{ldapmodify}}(1) or similiar tools which support the
+using {{ldapmodify}}(1) or similar tools which support the
ManageDsaIT control. The ManageDsaIT control informs the server
that you intend to manage the referral object as a regular
entry. This keeps the server from sending a referral result
-for requests to introgating or updating referral objects.
+for requests which interrogate or update referral objects.
The -M option of {{ldapmodify}}(1) (and other tools) enables
ManageDsaIT. For example:
> -k <filename>
-When slurpd uses kerberos to authenticate to slave slapd
+When slurpd uses Kerberos to authenticate to slave slapd
instances, it needs to have an appropriate srvtab file for
the remote slapd. This option allows you to specify an
-alternate filename containing kerberos keys for the remote
+alternate filename containing Kerberos keys for the remote
slapd. The default filename is /etc/srvtab. You can also
specify the srvtab file to use in the slapd configuration
file's replica option. See the documentation on the srvtab
directive in section 5.2.2, General Backend Options. A
-more complete discussion of using kerberos with slapd
+more complete discussion of using Kerberos with slapd
and slurpd may be found in Appendix D.
and operation statistics should be syslogged (currently
logged to the {{syslogd}}(8) LOG_LOCAL4 facility). You must
have compiled slapd with -DLDAP_DEBUG for this to work
-(except for the two stats levels, which are always enabled).
+(except for the two statistics levels, which are always enabled).
Log levels are additive. To display what numbers correspond
to what kind of debugging, invoke slapd with the ? flag or
consult the table below. The possible values for <integer> are:
This directive defines an object class.
-H4: referral <url>
+H4: referral <URI>
This directive specifies the referral to pass back when slapd
cannot find a local database to handle a request.
H4: srvtab <filename>
This directive specifies the srvtab file in which slapd can find the
-kerberos keys necessary for authenticating clients using
-kerberos. This directive is only meaningful if you are using
-kerberos authentication, which must be enabled at compile
+Kerberos keys necessary for authenticating clients using
+Kerberos. This directive is only meaningful if you are using
+Kerberos authentication, which must be enabled at compile
time by including the appropriate definitions in the
{{EX:Make-common}} file.
The first line sets the default to indices to maintain to present
and equality. The second line causes the default (pres,eq) set
-of indices to be maintained for objectcCass and uid attribute
+of indices to be maintained for objectClass and uid attribute
types. The third line causes equality, substring, and approximate
filters to be maintained for cn and sn attribute types.
Identifier (OID). OIDs are also used to identify other objects.
They are commonly found in protocols described by ASN.1. In
particular, they are heavy used by Simple Network Management
-Protocol (SNMP). As OIDs are heirarchial, your organization
+Protocol (SNMP). As OIDs are hierarchical, your organization
can obtain one OID and branch in as needed. For example,
if your organization were assigned OID 1.1, you could branch
the tree as follows:
1.1.2.2.1 myObjectClass
!endblock
-You are, of course, free to design a heirarchy suitable to your
+You are, of course, free to design a hierarchy suitable to your
organizational needs under your organization's OID.
.{{Under no circumstances should you use a fictious OID!}}
To obtain a fully registered OID at {{no cost}}, apply for
-a OID under {{Internet Assigned Numbers Authority}} maintained
+a OID under {{ORG[expand]IANA}} maintained
{{Private Enterprise}} arch. Any private enterprise (organization)
may request an OID to be assigned under this arch. Just fill
-out the form at {{URL: http://www.iana.org/}} and your OID will
-be sent to you usually within a few days.
+out the form at {{URL: http://www.iana.org/cgi-bin/enterprise.pl}}
+and your official OID will be sent to you usually within a few days.
H3: AttributeType Specification
OLP OpenLDAP Project http://www.openldap.org/project/
UM University of Michigan http://www.umich.edu/
UMLDAP University of Michigan LDAP http://www.umich.edu/~dirsvcs/ldap/
+IANA Internet Assigned Numbers Authority http://www.iana.org/
IAB Internet Architecture Board http://www.iab.org/
IETF Internet Engineering Task Force http://www.ietf.org/
IESG Internet Engineering Steering Group http://www.ietf.org/iesg/
projects / openldap / commitdiff