Used to specify the port used with connecting to LDAP servers(s).
The port may be specified as a number.
.TP 1i
-\fBSASL_SECPROPS <string>\fP
+\fBSASL_SECPROPS <properties>\fP
Used to specify Cyrus SASL security properties.
+The
+.B none
+flag (without any other properities) causes the flag properites
+defaults ("noanonymous,noplain") to be cleared.
+The
+.B noplain
+flag disables mechanisms susceptible to simple passive attacks.
+The
+.B noactive
+flag disables mechanisms susceptible to active attacks.
+The
+.B nodict
+flag disables mechanisms susceptible to passive dictionary attacks.
+The
+.B noanonyous
+flag disables mechanisms which support anonymous login.
+The
+.B forwardsec
+flag require forward secrecy between sessions.
+The
+.B passcred
+require mechanisms which pass client credentials (and allow
+mechanisms which can pass credentials to do so).
+The
+.B minssf=<factor>
+property specifies the minimum acceptable
+.I security strength factor
+as an integer approximate to effective key length used for
+encryption. 0 (zero) implies no protection, 1 implies integrity
+protection only, 56 allows DES or other weak ciphers, 112
+allows triple DES and other strong ciphers, 128 allows RC4,
+Blowfish and other modern strong ciphers. The default is 0.
+The
+.B maxssf=<factor>
+property specifies the maximum acceptable
+.I security strength factor
+as an integer (see minssf description). The default is INT_MAX.
+The
+.B maxbufsize=<factor>
+property specifies the maximum security layer receive buffer
+size allowed. 0 disables security layers. The default is 65536.
.TP 1i
\fBSIZELIMIT <integer>\fP
Used to specify a size limit to use when performing searches. The
-.TH SLAPD.CONF 5 "20 August 2000" "OpenLDAP LDVERSION"
+.TH SLAPD.CONF 5 "23 August 2000" "OpenLDAP LDVERSION"
.\" $OpenLDAP$
.\" Copyright 1998-2000 The OpenLDAP Foundation All Rights Reserved.
.\" Copying restrictions apply. See COPYRIGHT/LICENSE.
.B sasl-realm <string>
Used to specify Cyrus SASL realm.
.TP
-.B sasl-secprops <string>
+.B sasl-secprops <properties>
Used to specify Cyrus SASL security properties.
+The
+.B none
+flag (without any other properities) causes the flag properites
+defaults ("noanonymous,noplain") to be cleared.
+The
+.B noplain
+flag disables mechanisms susceptible to simple passive attacks.
+The
+.B noactive
+flag disables mechanisms susceptible to active attacks.
+The
+.B nodict
+flag disables mechanisms susceptible to passive dictionary attacks.
+The
+.B noanonyous
+flag disables mechanisms which support anonymous login.
+The
+.B forwardsec
+flag require forward secrecy between sessions.
+The
+.B passcred
+require mechanisms which pass client credentials (and allow
+mechanisms which can pass credentials to do so).
+The
+.B minssf=<factor>
+property specifies the minimum acceptable
+.I security strength factor
+as an integer approximate to effective key length used for
+encryption. 0 (zero) implies no protection, 1 implies integrity
+protection only, 56 allows DES or other weak ciphers, 112
+allows triple DES and other strong ciphers, 128 allows RC4,
+Blowfish and other modern strong ciphers. The default is 0.
+The
+.B maxssf=<factor>
+property specifies the maximum acceptable
+.I security strength factor
+as an integer (see minssf description). The default is INT_MAX.
+The
+.B maxbufsize=<factor>
+property specifies the maximum security layer receive buffer
+size allowed. 0 disables security layers. The default is 65536.
+.TP
+.B schemacheck { on | off }
+Turn schema checking on or off. The default is on.
+.TP
+.B sizelimit <integer>
+Specify the maximum number of entries to return from a search operation.
+The default size limit is 500.
+.TP
+.B srvtab <filename>
+Specify the srvtab file in which the kerberos keys necessary for
+authenticating clients using kerberos can be found. This option is only
+meaningful if you are using Kerberos authentication.
+.TP
+.B timelimit <integer>
+Specify the maximum number of seconds (in real time)
+require forward secrecy between sessions.
.TP
.B schemacheck { on | off }
Turn schema checking on or off. The default is on.
.BR LOCALSTATEDIR/openldap-ldbm .
.TP
.B
-index { <attrlist> | default } [ pres,eq,approx,sub,none ]
+index {<attrlist>|default} [pres,eq,approx,sub,<special>]
Specify the indexes to maintain for the given attribute. If only
an <attr> is given, the indices specified for \fBdefault\fR
-are maintained.
+are maintained. A number of special index parameters may be
+specified.
+The index type
+.B sub
+can be decomposed into
+.BR subinitial ,
+.BR subany ,\ and
+.B subfinal
+indices.
+The special type
+.B lang
+may be specified to allow use of this index by language subtypes.
+The special type
+.B autolang
+may be specified to automatically maintain separate indices for each
+language subtypes.
+The special type
+.B subtypes
+may be specified to allow use of this index by named subtypes.
+The special type
+.B autosubtypes
+may be specified to automatically maintain separate indices for each
+other subtypes.
.TP
.B mode <integer>
Specify the file protection mode that newly created database
.BR slappassword (8),
.BR slurpd (8),
.LP
-"OpenLDAP Administrator's Guide"
+"OpenLDAP Administrator's Guide" (http://www.OpenLDAP.org/doc/admin/)
.SH ACKNOWLEDGEMENTS
.B OpenLDAP
is developed and maintained by The OpenLDAP Project (http://www.openldap.org/).
projects / openldap / commitdiff