clarify that slapo-rwm could hide rootDSE and subschema

author Pierangelo Masarati <ando@openldap.org>

Mon, 21 May 2007 00:01:49 +0000 (00:01 +0000)

committer Pierangelo Masarati <ando@openldap.org>

Mon, 21 May 2007 00:01:49 +0000 (00:01 +0000)
author Pierangelo Masarati <ando@openldap.org>
Mon, 21 May 2007 00:01:49 +0000 (00:01 +0000)
committer Pierangelo Masarati <ando@openldap.org>
Mon, 21 May 2007 00:01:49 +0000 (00:01 +0000)
diff --git a/doc/man/man5/slapo-rwm.5 b/doc/man/man5/slapo-rwm.5

index 9ab1c1b3b7f7a41c682d8a0fe0f7d79d84cbaf61..ab69139dc6c570faeda6129284545e17c844fe29 100644 (file)
--- a/doc/man/man5/slapo-rwm.5
+++ b/doc/man/man5/slapo-rwm.5
@@ -78,6 +78,20 @@ overlay is the capability to perform suffix massaging between a virtual
  and a real naming context by means of the 
  .B rwm-suffixmassage
  directive.
+This, in conjunction with proxy backends,
+.BR slapd-ldap (5)
+and
+.BR slapd-meta (5),
+or with the relay backend, 
+.BR slapd-relay (5),
+allows to create virtual views of databases.
+A distinguishing feature of this overlay is that, when instantiated
+before any database, it can modify the DN of requests
+.I before
+database selection.
+For this reason, rules that rewrite the empty DN ("") 
+or the subschemaSubentry DN (usually "cn=subschema"),
+would prevent clients from reading the root DSE or the DSA's schema.
  .TP
  .B rwm-suffixmassage "[<virtual naming context>]" "<real naming context>"
  Shortcut to implement naming context rewriting; the trailing part
author	Pierangelo Masarati <ando@openldap.org>
	Mon, 21 May 2007 00:01:49 +0000 (00:01 +0000)
committer	Pierangelo Masarati <ando@openldap.org>
	Mon, 21 May 2007 00:01:49 +0000 (00:01 +0000)