From: Gavin Henry <ghenry@openldap.org>
Date: Thu, 7 Feb 2008 23:31:51 +0000 (+0000)
Subject: constraint overlay section complete.
X-Git-Tag: OPENLDAP_REL_ENG_2_4_9~20^2~192
X-Git-Url: https://git.sur5r.net/?a=commitdiff_plain;h=08c583b8f06d1dd981c3a5a414cbb480e0b39428;p=openldap

constraint overlay section complete.
---

diff --git a/doc/guide/admin/aspell.en.pws b/doc/guide/admin/aspell.en.pws
index b8829abda7..311a66cb0a 100644
--- a/doc/guide/admin/aspell.en.pws
+++ b/doc/guide/admin/aspell.en.pws
@@ -1,4 +1,4 @@
-personal_ws-1.1 en 1492 
+personal_ws-1.1 en 1508 
 nattrsets
 inappropriateAuthentication
 api
@@ -8,8 +8,8 @@ reqEnd
 olcOverlayConfig
 shoesize
 olcTLSCACertificateFile
-cdx
 CGI
+cdx
 DCE
 DAP
 attributename
@@ -20,8 +20,8 @@ kurt
 authzID
 authzid
 authzId
-ddd
 DAs
+ddd
 userApplications
 BNF
 attrs
@@ -32,8 +32,8 @@ ldapport
 hallvard
 ASN
 acknowledgements
-ava
 Chu
+ava
 monitorCounter
 del
 DDR
@@ -84,13 +84,13 @@ olcModulePath
 maxentries
 authc
 seeAlso
-searchBase
 searchbase
+searchBase
 realnamingcontext
-dns
-DN's
-DNs
 dn's
+DNs
+DN's
+dns
 dereference
 sortKey
 authzTo
@@ -148,8 +148,10 @@ adminLimitExceeded
 searchResultReference
 fmt
 qdescrs
+olcConstraintAttribute
 olcSuffix
 objectClassModsProhibited
+numEntries
 unavailableCriticalExtension
 supportedControl
 GHz
@@ -159,8 +161,8 @@ compareDN
 sizelimit
 unixODBC
 notAllowedOnNonLeaf
-blen
 APIs
+blen
 attrsOnly
 attrsonly
 slappasswd
@@ -193,19 +195,20 @@ args
 caseExactOrderingMatch
 olcDbQuarantine
 RELEASEDATE
-basedn
 baseDN
+basedn
 argv
 gss
 schemachecking
-WhoAmI
 whoami
+WhoAmI
 syslogd
 dataflow
 subentries
 attrpair
 balancer
 entryAlreadyExists
+suretec
 BerkeleyDB's
 notAllowedOnRDN
 singleLevel
@@ -244,8 +247,8 @@ ldd
 localstatedir
 sockbuf
 PENs
-IPv
 ipv
+IPv
 ghenry
 hyc
 multimaster
@@ -280,8 +283,8 @@ intermediateResponse
 myOID
 structuralObjectClass
 integerMatch
-OpenLDAP
 openldap
+OpenLDAP
 moddn
 rewriteEngine
 AVAs
@@ -300,8 +303,8 @@ bool
 logins
 jts
 memberAttr
-newPasswdFile
 newpasswdfile
+newPasswdFile
 ucdata
 LLL
 confdir
@@ -317,23 +320,26 @@ CThreads
 structs
 desc
 LTCOMPILE
+auditContext
 bindmethod
+sambaNTPassword
 olcDbCheckpoint
 addprinc
+auditContainer
 modme
 refreshOnly
 PIII
 pwdPolicySubentry
-supportedSASLMechanism
 supportedSASLmechanism
+supportedSASLMechanism
 FIXME
 realanonymous
 caseExactMatch
 olcSizeLimit
 Bourne
 attr
-objectIdentifier
 objectidentifier
+objectIdentifier
 refint
 msgtype
 OBJEXT
@@ -384,8 +390,8 @@ Autoconf
 alloc
 PDU
 OLF
-inetOrgPerson
 inetorgperson
+inetOrgPerson
 deleteoldrdn
 monitorCounterObject
 pid
@@ -445,9 +451,9 @@ OTP
 entrylimit
 attrdescN
 logold
-PRD
-sbi
 pos
+sbi
+PRD
 reqEntries
 pre
 bvals
@@ -473,8 +479,8 @@ telephonenumber
 telephoneNumber
 DLDAP
 peernamestyle
-SHA
 Sep
+SHA
 filename
 rpath
 argsfile
@@ -504,8 +510,8 @@ olcDbIDLcacheSize
 ostring
 toolsets
 mwrscdx
-UCD
 SMD
+UCD
 cancelled
 crit
 organizationalUnit
@@ -517,8 +523,8 @@ TGT
 modulepath
 quickstart
 mySNMP
-UDP
 tgz
+UDP
 RDBMs
 rdbms
 Matic
@@ -538,9 +544,9 @@ olcDbConfig
 refreshDone
 ssf
 replogfile
-vec
-TOC
 rwm
+TOC
+vec
 LDAPDN
 compareAttrDN
 endmacro
@@ -548,18 +554,19 @@ tls
 repl
 monitoringslapd
 referralsp
-SRP
 tmp
+SRP
 olcDbNosync
 conns
 SSL
 PDkzODdASFxOQ
 SRV
-sss
 rwx
+sss
 deallocators
 Contribware
 URLlist
+olcConstraintConfig
 str
 subinitial
 CSNs
@@ -632,6 +639,7 @@ noSuchObject
 params
 groupnummer
 searchEntryDN
+titleCatalog
 negttl
 chainingPreferred
 TABs
@@ -675,11 +683,12 @@ groupstyle
 ldapsearch
 cp
 displayName
-bv
 eg
+bv
 olcBackendConfig
-fd
 dn
+fd
+sambaPwdLastSet
 LDAPSync
 olcReplicationInterval
 fG
@@ -698,6 +707,7 @@ slurpd
 logevels
 IG
 addDN
+olcAuditlogFile
 tbls
 ldapmodify
 kb
@@ -813,8 +823,8 @@ ZZ
 entryCSNs
 dlopen
 continuated
-newSuperior
 newsuperior
+newSuperior
 Preprocessor
 XXLIBS
 deallocate
@@ -850,6 +860,7 @@ applicatio
 nelems
 liblutil
 wrscdx
+numResponses
 scherr
 internet
 logfilter
@@ -866,8 +877,8 @@ pwdSafeModify
 contrib
 FQDNs
 bjorn
-myLDAP
 myldap
+myLDAP
 peercred
 SNMP
 myObjectClass
@@ -887,8 +898,8 @@ ldapmodrdn
 ldapbis
 attributeoptions
 serverID
-memberof
 memberOf
+memberof
 pseudorootpw
 allmail
 CFLAGS
@@ -907,8 +918,8 @@ modifyAttrDN
 dcedn
 olcOverlay
 exop
-BerElement
 berelement
+BerElement
 olcRootDN
 octetString
 SampleLDAP
@@ -916,10 +927,11 @@ expr
 allusersgroup
 PostgreSQL
 bvstr
+logsuccess
 filesystem
 pathtest
-objectclass
 objectClass
+objectclass
 submatches
 newrdn
 armijo
@@ -934,8 +946,8 @@ jane
 syncuser
 Masarati
 LDAPSyntax
-oldPasswdFile
 oldpasswdfile
+oldPasswdFile
 reqDN
 SSFs
 ietf
@@ -959,8 +971,8 @@ reqId
 setspec
 scanf
 TLSv
-distinguishedName
 distinguishedname
+distinguishedName
 BerVarray
 caseIgnoreSubstrin
 ldapwhoami
@@ -988,8 +1000,8 @@ slaptest
 zeilenga
 WebUpdate
 numericoid
-ChangeLog
 changelog
+ChangeLog
 creatorsName
 ascii
 wahl
@@ -1009,8 +1021,8 @@ simplebinddn
 authcDN
 TLSCipherSuite
 supportedSASLMechanisms
-rootDSE
 rootdse
+rootDSE
 dsaparam
 cachefree
 UMich's
@@ -1019,10 +1031,10 @@ schemadir
 attribute's
 extern
 varchar
-olcDbCachesize
 olcDbCacheSize
-authcID
+olcDbCachesize
 authcid
+authcID
 POSIX
 hnPk
 ldapext
@@ -1043,8 +1055,8 @@ sasldb
 somevalue
 LIBRELEASE
 randkey
-StartTLS
 starttls
+StartTLS
 LDAPSchemaExtensionItem
 reqReferral
 shtool
@@ -1056,8 +1068,8 @@ subjectAltName
 errObject
 gsskrb
 valsort
-berval's
 bervals
+berval's
 derefFindingBaseObj
 checkpointed
 keytab
@@ -1080,8 +1092,8 @@ README
 memcalloc
 inet
 saslargs
-givenName
 givenname
+givenName
 olcDbMode
 pidfile
 olcLimits
@@ -1090,8 +1102,8 @@ tuple
 superset
 directoryString
 ktadd
-proxytemplate
 proxyTemplate
+proxytemplate
 wildcards
 monitoredObject
 TTLs
@@ -1105,8 +1117,8 @@ reqResult
 impl
 strongerAuthRequired
 outvalue
-returncode
 returnCode
+returncode
 attributeDescription
 attrval
 dnssrv
@@ -1126,24 +1138,25 @@ subdirectories
 errlist
 addpartial
 slapdn
+olcAuditLogConfig
 uncached
 ldapapiinfo
 groupOfUniqueNames
 dhparam
-slapds
 slapd's
+slapds
 inputfile
 RDBMSes
 wildcard
 Locator
-errABsObject
 errAbsObject
+errABsObject
 SASL's
 html
 searchResultDone
 olcBdbConfig
-LDAPMod
 ldapmod
+LDAPMod
 olcHidden
 userPassword
 TLSRandFile
@@ -1171,10 +1184,10 @@ cacertdir
 queryid
 Warper
 XDEFS
-URL's
 urls
-postaladdress
+URL's
 postalAddress
+postaladdress
 passwd
 plugins
 george
@@ -1190,16 +1203,16 @@ LDAPModifying
 slapdconfig
 sysconfig
 dnSubtreeMatch
-olcSaslSecprops
 olcSaslSecProps
+olcSaslSecprops
 auditModify
 groupOfNames
 jensen
 reloadHint
 prepending
 olcGlobal
-matchingrule
 matchingRule
+matchingrule
 SmVuc
 MSSQL
 nisMailAlias
@@ -1214,9 +1227,9 @@ whsp
 realusers
 dnstyle
 suffixalias
-proxyattrset
-proxyAttrSet
 proxyAttrset
+proxyAttrSet
+proxyattrset
 pwdMustChange
 ldif
 bvfree
@@ -1230,8 +1243,9 @@ chown
 PRNGD
 LDAPRDN
 entryUUIDs
-proxyCache
+sambaPwdCanChange
 proxycache
+proxyCache
 SERATGCgaGBYWGDEjJR
 noanonymous
 accessee
@@ -1284,8 +1298,8 @@ passwdfile
 errMatchedDN
 everytime
 mkdep
-olcDbIndex
 olcDbindex
+olcDbIndex
 syntaxOID
 reqData
 databasetype
@@ -1334,11 +1348,12 @@ pagedResults
 saslBindInProgress
 bitstring
 ACLs
+suretecsystems
 berptr
 olcModuleLoad
 namingViolation
-attributeType
 attributetype
+attributeType
 auditModRDN
 cacert
 memberUid
@@ -1390,26 +1405,27 @@ preallocated
 syntaxes
 memberURL
 monitorRuntimeConfig
-binddn
-bindDN
 bindDn
+bindDN
+binddn
 methodp
-timelimitExceeded
 timeLimitExceeded
+timelimitExceeded
 pwdInHistory
 LTSTATIC
-requestor's
 requestors
+requestor's
 LDAPCONF
 saslauthd
 MKDEPFLAG
 gecos
 entryUUID
-GnuTLS
-GNUtls
 gnutls
+GNUtls
+GnuTLS
 postread
 timeval
+aaa
 DHAVE
 loopDetect
 caseIgnoreSubstringsMatch
@@ -1430,8 +1446,8 @@ entryTtl
 LDAPControl
 pwdMinLength
 ldapcompare
-readOnly
 readonly
+readOnly
 RANDFILE
 attrlist
 aci
@@ -1457,8 +1473,8 @@ Kumar
 AES
 bdb
 attributeOrValueExists
-ManageDsaIT
 manageDSAit
+ManageDsaIT
 bindpw
 monitorContainer
 pEntry
@@ -1470,8 +1486,8 @@ Blowfish
 mkln
 numericStringSubstringsMatch
 testgroup
-OpenSSL
 openssl
+OpenSSL
 ModName
 cacheable
 freeit
@@ -1480,8 +1496,8 @@ ber
 ali
 mandir
 changetype
-CA's
 CAs
+CA's
 typeA
 bvecfree
 ODBC
diff --git a/doc/guide/admin/overlays.sdf b/doc/guide/admin/overlays.sdf
index bd50c90bf1..61c5e884c8 100644
--- a/doc/guide/admin/overlays.sdf
+++ b/doc/guide/admin/overlays.sdf
@@ -316,12 +316,41 @@ H2: Constraints
 H3: Overview
 
 This overlay enforces a regular expression constraint on all values
-of specified attributes. It is used to enforce a more rigorous
-syntax when the underlying attribute syntax is too general.
+of specified attributes during an LDAP modify request that contains add or modify
+commands. It is used to enforce a more rigorous syntax when the underlying attribute 
+syntax is too general.
 
 
 H3: Constraint Configuration
-   
+
+Configuration via {{slapd.conf}}(5) would look like:
+
+>        overlay constraint
+>        constraint_attribute mail regex ^[:alnum:]+@mydomain.com$
+>        constraint_attribute title uri
+>        ldap:///dc=catalog,dc=example,dc=com?title?sub?(objectClass=titleCatalog)
+
+A specification like the above would reject any {{mail}} attribute which did not
+look like {{<alpha-numeric string>@mydomain.com}}.
+
+It would also reject any title attribute whose values were not listed in the 
+title attribute of any {{titleCatalog}} entries in the given scope.   
+
+An example for use with {{cn=config}}:
+
+>       dn: cn=module{0},cn=config
+>       changetype: modify
+>       add: olcModuleLoad
+>       olcModuleLoad: {1}constraint.la
+> 
+>       dn: olcOverlay=constraint,olcDatabase={1}hdb,cn=config
+>       changetype: add
+>       objectClass: olcOverlayConfig
+>       objectClass: olcConstraintConfig
+>       olcOverlay: constraint
+>       olcConstraintAttribute: mail regex ^[:alnum:]+@mydomain.com$
+>       olcConstraintAttribute: title uri ldap:///dc=catalog,dc=example,dc=com?title?sub?(objectClass=titleCatalog)
+
    
 H2: Dynamic Directory Services