From: Julio Sánchez Fernández Date: Tue, 18 Jul 2000 10:30:54 +0000 (+0000) Subject: Put the complete syntax for access control, unexplained yet. X-Git-Tag: LDBM_PRE_GIANT_RWLOCK~2424 X-Git-Url: https://git.sur5r.net/?a=commitdiff_plain;h=6ef8617b52af6e332e32cdbb6b1ac6f48d221904;p=openldap Put the complete syntax for access control, unexplained yet. --- diff --git a/doc/guide/admin/slapdconfig.sdf b/doc/guide/admin/slapdconfig.sdf index c1b3b900f4..5f3e61be44 100644 --- a/doc/guide/admin/slapdconfig.sdf +++ b/doc/guide/admin/slapdconfig.sdf @@ -72,7 +72,7 @@ arguments that should be replaced by actual text are shown in brackets <>. -H4: access to [ by ]+ +H4: access to [ by ]+ This option grants access (specified by ) to a set of entries and/or attributes (specified by ) by one or @@ -549,18 +549,30 @@ access configuration file directive. The general form of an access line is: E: ::= access to -E: [ by ]+ -E: ::= * | [ dn= ] [ filter= ] -E: [ attrs= ] -E: ::= * | self | dn= | addr= | -E: domain= | dnattr= -E: ::= [self]none | [self]compare | [self]search -E: | [self]read | [self]write +E: [ by ]+ +E: ::= * | [ dn[.]= ] [ filter= ] +E: [ attrs= ] +E: ::= regex | base | one | subtree | children +E: ::= | , +E: ::= | entry | children +E: ::= [ * | anonymous | users | self | dn[.]= ] +E: [ dnattr= ] +E: [ group[/[/][.]]= ] +E: [ peername[.]= ] [ sockname[.]= ] +E: [ domain[.]= ] [ sockurl[.]= ] +E: [ set= ] +E: [ aci= ] +E: ::= regex | exact | base | one | subtree | children +E: ::= regex | exact +E: ::= [self]{|} +E: ::= none | auth | compare | search | read | write +E: ::= {=|+|-}{w|r|s|c|x}+ +E: ::= [ stop | continue | break ] where the part selects the entries and/or attributes to which the access applies, the part specifies which entities are granted access, and the part specifies -the access granted. Multiple pairs are +the access granted. Multiple triplets are supported, allowing many entities to be granted different access to the same set of entries and attributes.