From: Kurt Zeilenga Date: Sat, 19 Aug 2000 22:14:14 +0000 (+0000) Subject: Add descriptions for sasl options. X-Git-Tag: LDBM_PRE_GIANT_RWLOCK~2223 X-Git-Url: https://git.sur5r.net/?a=commitdiff_plain;h=3311d1ca8bc794670fd20d07e4ed66e61f5bcc05;p=openldap Add descriptions for sasl options. Clarify other options and re-order a bit. --- diff --git a/doc/man/man5/slapd.conf.5 b/doc/man/man5/slapd.conf.5 index 7aa76f764e..ee65060af2 100644 --- a/doc/man/man5/slapd.conf.5 +++ b/doc/man/man5/slapd.conf.5 @@ -70,7 +70,13 @@ actual text are shown in brackets <>. Grant access (specified by ) to a set of entries and/or attributes (specified by ) by one or more requestors (specified by ). -See Developer's FAQ (http://www.openldap.org/faq/) for details. +See the "OpenLDAP's Administrator's Guide" for details. +.TP +.B argsfile +The ( absolute ) name of a file that will hold the +.B slapd +server's command line options +if started without the debugging command line option. .HP .hy 0 .B attributetype (\ [NAME\ ] [OBSOLETE]\ @@ -128,19 +134,6 @@ feature. The default is 0. Read additional configuration information from the given file before continuing with the next line of the current file. .TP -.B pidfile -The ( absolute ) name of a file that will hold the -.B slapd -server's process ID ( see -.BR getpid (2) -) if started without the debugging command line option. -.TP -.B argsfile -The ( absolute ) name of a file that will hold the -.B slapd -server's command line options -if started without the debugging command line option. -.TP .B loglevel Specify the level at which debugging statements and operation statistics should be syslogged (currently logged to the @@ -209,12 +202,39 @@ in place of the numeric OID in objectclass and attribute definitions. The name can also be used with a suffix of the form ":xx" in which case the value "oid.xx" will be used. .TP +.B pidfile +The ( absolute ) name of a file that will hold the +.B slapd +server's process ID ( see +.BR getpid (2) +) if started without the debugging command line option. +.TP +.B password-hash +The to use for userPassword generation. One of +.BR {SSHA} , +.BR {SHA} , +.BR {SMD5} , +.BR {MD5} , +.BR {CRYPT} , +.BR {KERBEROS} , +.BR {SASL} , +and +.BR {UNIX} . +The default is +.BR {SSHA} . +.TP .B referral Specify the referral to pass back when .BR slapd (8) cannot find a local database to handle a request. If specified multiple times, each url is provided. .TP +.B sasl-realm +Used to specify Cyrus SASL realm. +.TP +.B sasl-secprops +Used to specify Cyrus SASL security properties. +.TP .B schemacheck { on | off } Turn schema checking on or off. The default is on. .TP @@ -324,17 +344,22 @@ See for more information. .TP .B rootdn -Specify the DN of an entry that is not subject to access control +Specify the distinguished name that is not subject to access control or administrative limit restrictions for operations on this database. +This DN may or may not be associated with an entry. An empty root +DN, the default, specifies no root access is to be granted. .TP .B rootpw Specify a password (or hash of the password) for the rootdn. This option accepts all RFC 2307 userPassword formats known to -the server including \fB{SSHA}\fP, \fB{SHA}\fP, \fB{SMD5}\fP, -\fB{MD5}\fP, \fB{CRYPT}\fP, and cleartext schemes. +the server (see +.B password-hash +desription) as well as cleartext. .BR slappasswd (8) may be used to generate a hash of a password. Cleartext -and \fB{CRYPT}\fP passwords are not recommended. +and \fB{CRYPT}\fP passwords are not recommended. The default +is empty imply authentication of the root DN is by other means +(e.g. SASL). Use of SASL is encouraged. .TP .B suffix Specify the DN suffix of queries that will be passed to this