From: Quanah Gibson-Mount Date: Sun, 22 Nov 2009 21:31:59 +0000 (+0000) Subject: minimal documentation of olcAuthIDRewrite X-Git-Tag: OPENLDAP_REL_ENG_2_4_20~9 X-Git-Url: https://git.sur5r.net/?a=commitdiff_plain;h=29e6931cbaaba47f29f9b2d7b27278ce19181a2f;p=openldap minimal documentation of olcAuthIDRewrite minimal documentation of authid-rewrite* stuff --- diff --git a/doc/man/man5/slapd-config.5 b/doc/man/man5/slapd-config.5 index 24d00bb490..555ae7c6f2 100644 --- a/doc/man/man5/slapd-config.5 +++ b/doc/man/man5/slapd-config.5 @@ -172,6 +172,22 @@ Other options should be registered with IANA, see RFC 4520 section 3.5. OpenLDAP also has the `binary' option built in, but this is a transfer option, not a tagging option. .TP +.B olcAuthIDRewrite: +Used by the authentication framework to convert simple user names +to an LDAP DN used for authorization purposes. +Its purpose is analogous to that of +.BR olcAuthzRegexp +(see below). +The +.B rewrite\-rule +is a set of rules analogous to those described in +.BR slapo\-rwm (5) +for data rewriting (after stripping the \fIrwm\-\fP prefix). +.B olcAuthIDRewrite +and +.B olcAuthzRegexp +should not be intermixed. +.TP .B olcAuthzPolicy: Used to specify which rules to use for Proxy Authorization. Proxy authorization allows a client to authenticate to the server using one diff --git a/doc/man/man5/slapd.conf.5 b/doc/man/man5/slapd.conf.5 index ff4242e19d..5fe511964c 100644 --- a/doc/man/man5/slapd.conf.5 +++ b/doc/man/man5/slapd.conf.5 @@ -162,6 +162,21 @@ attribute syntax OID. description.) .RE .TP +.B authid\-rewrite +Used by the authentication framework to convert simple user names +to an LDAP DN used for authorization purposes. +Its purpose is analogous to that of +.BR authz-regexp +(see below). +The prefix \fIauthid\-\fP is followed by a set of rules analogous +to those described in +.BR slapo\-rwm (5) +for data rewriting (replace the \fIrwm\-\fP prefix with \fIauthid\-\fP). +.B authid\-rewrite +and +.B authz\-regexp +rules should not be intermixed. +.TP .B authz\-policy Used to specify which rules to use for Proxy Authorization. Proxy authorization allows a client to authenticate to the server using one