From: Kurt Zeilenga Date: Wed, 28 Aug 2002 01:16:25 +0000 (+0000) Subject: Clean up filters X-Git-Tag: NO_SLAP_OP_BLOCKS~1150 X-Git-Url: https://git.sur5r.net/?a=commitdiff_plain;h=4ef042fee478acb46bc215f2f5ae24ba3dcba8e5;p=openldap Clean up filters --- diff --git a/doc/guide/admin/sasl.sdf b/doc/guide/admin/sasl.sdf index 2e91d069ba..4e33a2580d 100644 --- a/doc/guide/admin/sasl.sdf +++ b/doc/guide/admin/sasl.sdf @@ -483,10 +483,10 @@ statements of the form: > uid=(.*),cn=digest-md5,cn=auth > ldap:///dc=customers,dc=example,dc=com??sub?(&(uid=$1)(objectClass=person)) -Note that the explicitly-named realms are handled first, to avoid the -realm name becoming part of the UID. Note also the limitation of -matches to those entries with objectClass=person to avoid matching -other entries that happen to refer to the UID. +Note that the explicitly-named realms are handled first, to avoid +the realm name becoming part of the UID. Note also the limitation +of matches to those entries with {{EX:(objectClass=person)}} to +avoid matching other entries that happen to refer to the UID. See {{slapd.conf}}(5) for more detailed information. @@ -657,7 +657,7 @@ source rule like would allow that authenticated user to authorize to any DN that matches the regular expression pattern given. This regular expression comparison can be evaluated much faster than an LDAP search for -"uid=*". +{{EX:(uid=*)}}. Also note that the values in an authorization rule must be one of the two forms: an LDAP URL or a DN (with or without regular expression @@ -665,6 +665,7 @@ characters). Anything that does not begin with "ldap://" is taken as a DN. It is not permissable to enter another authorization identity of the form "u:" as an authorization rule. + H4: Policy Configuration The decision of which type of rules to use, {{EX:saslAuthzFrom}}