document proxyauthz{dn|pw} and idassert-*

author Pierangelo Masarati <ando@openldap.org>

Thu, 13 May 2004 23:35:39 +0000 (23:35 +0000)

committer Pierangelo Masarati <ando@openldap.org>

Thu, 13 May 2004 23:35:39 +0000 (23:35 +0000)
author Pierangelo Masarati <ando@openldap.org>
Thu, 13 May 2004 23:35:39 +0000 (23:35 +0000)
committer Pierangelo Masarati <ando@openldap.org>
Thu, 13 May 2004 23:35:39 +0000 (23:35 +0000)
diff --git a/doc/man/man5/slapd-ldap.5 b/doc/man/man5/slapd-ldap.5

index 1d015bf8d9166550359debd9ff6aedcd24aec3cc..265b1282700ef43068db65160e335d9064105cc6 100644 (file)
--- a/doc/man/man5/slapd-ldap.5
+++ b/doc/man/man5/slapd-ldap.5
@@ -98,6 +98,30 @@ their usage.
  .B proxyauthzpw <password>
  Password used with the proxy authzDN above.
  .TP
+.B idassert-mode {none|anonymous|self|proxyid|<dn>}
+defines what type of identity assertion is used.
+The default is 
+.BR none ,
+which implies that the proxy will bind as itself and assert the user's
+identity only when a user is bound.
+Other values are
+.BR anonymous
+and
+.BR self ,
+which respectively mean that the empty or the client's identity
+will be asserted,
+.BR proxyid ,
+which means that no proxyAuthz control will be used, so the proxyauthzdn
+identity will be asserted.
+Moreover, if a valid DN is used as 
+.BR <mode> ,
+that identity will be asserted.
+.TP
+.B idassert-authz <authz>
+if defined, selects what
+.I local
+identities are authorized to exploit the identity assertion feature.
+.TP
  .B proxy-whoami
  Turns on proxying of the WhoAmI extended operation. If this option is
  given, back-ldap will replace slapd's original WhoAmI routine with its
author	Pierangelo Masarati <ando@openldap.org>
	Thu, 13 May 2004 23:35:39 +0000 (23:35 +0000)
committer	Pierangelo Masarati <ando@openldap.org>
	Thu, 13 May 2004 23:35:39 +0000 (23:35 +0000)