From: Gavin Henry Date: Thu, 6 Mar 2008 17:05:55 +0000 (+0000) Subject: DDS Docs complete. X-Git-Tag: OPENLDAP_REL_ENG_2_4_9~20^2~113 X-Git-Url: https://git.sur5r.net/?a=commitdiff_plain;h=9b1498d3e31fe82b9e733200778bfa8878d569a5;p=openldap DDS Docs complete. --- diff --git a/doc/guide/admin/aspell.en.pws b/doc/guide/admin/aspell.en.pws index 1c3cc3c63d..086f7d98ea 100644 --- a/doc/guide/admin/aspell.en.pws +++ b/doc/guide/admin/aspell.en.pws @@ -1,1510 +1,1560 @@ -personal_ws-1.1 en 1509 -nattrsets -inappropriateAuthentication +personal_ws-1.1 en 1559 +commonName +Masarati +subjectAltName api -olcAttributeTypes BhY -reqEnd -olcOverlayConfig -shoesize -olcTLSCACertificateFile +olcSyncrepl +adamsom +adamson +CER +intermediateResponse +bjensen cdx CGI DCE DAP -attributename -lsei -dbconfig +chainingRequired arg -kurt -authzID -authzid -authzId ddd DAs -userApplications +TLSCACertificateFile BNF -attrs -mixin -wholeSubtree -chainingRequired -ldapport -hallvard +TLSEphemeralDHParamFile +ppolicy ASN -acknowledgements ava Chu -monitorCounter del +libexecdir DDR -testObject -OrgPerson -IGJlZ -olcUpdateref +numericoid +dsaschema ECC -deleteDN cli -ltdl -CAPI +DIB dev -serverctrls -olcDbDirectory -xvfB +reqNewSuperior +librewrite +memberof +memberOf BSI -modv -nonleaf -errCode -PhotoURI +updateref buf -cdef -monitorConnectionLocalAddress +changetype dir EGD +pwdMustChange +Debian dit -retoidp -ando +AlmostASearchRequest +EXEEXT edu -caseExactSubstringsMatch -bvstrdup -AUTHNAME -memrealloc -auditExtended -replog -ludp -metainformation +Heimdal +organizationalPerson +olcTimeLimit +CAPI +tokenization +INSTALLFLAGS CRL +reqcert CRP -olcReferral -XLDFLAGS -metadirectory +postread csn -siiiib -stateful -olcModulePath -maxentries -authc -seeAlso -searchBase -searchbase -realnamingcontext +xvfB +neverDerefaliases dns DN's DNs dn's -dereference -sortKey -authzTo -lossy +cdef +Helvetica +DOP +requestdata gcc +gecos +reqData CWD -lssl -organizationalRole +ando +reqDeleteOldRDN DSA -derefInSearching -pwdGraceUseTime +msgfree DSE -groupOfURLs -modrdn -ModRDN -modrDN -pwdFailureCountInterval -homePhone +keycol +dlopen eng -paramName -errUnsolicitedData -Heimdal +AttributeValue +attributevalue +DUA EOF -authz -XINCPATH -LTFINISH -plaintext -indices -reqAssertion -olcDbUri +inputfile +DSP +refreshDone dst +NOSYNC env -oplist -MirrorMode -mirrormode -objclass -Bint dup hdb +LDIFv +syslog +monitorTimestamp +subschemaSubentry +interoperate gid -stderr -caseIgnoreOrderingMatch -moduledir gif -jpegPhoto -lsasl -judgmentday -prepend -subentry -dbcache -mkversion -objectClasses -objectclasses -adminLimitExceeded -searchResultReference +memfree +struct +IAB fmt +SysNet olcConstraintAttribute -qdescrs -olcSuffix -objectClassModsProhibited -numEntries -unavailableCriticalExtension -supportedControl GHz -libpath -INADDR -compareDN -sizelimit -unixODBC -notAllowedOnNonLeaf -blen -APIs -attrsOnly -attrsonly -slappasswd -referralsPreferred -oids -OIDs -wBDARESEhgVG -syncIdSet -olcTLSCipherSuite -username -aliasProblem -sizeLimitExceeded -subst +Bint +memalloc +FSF +strtol idl -chroot +IDN +DESTDIR iff -auditDelete -numbits +contextCSN +auditModify +auditSearch +OpenLDAP +openldap +resultcode +resultCode +sysconfig +indices +blen +APIs +lresolv +Contribware +directoryString +database's +iscritical +gss ZKKuqbEKJfKSXhUbHG -reqRespControls -TLSCertificateKeyFile -olcAccess -aliasDereferencingProblem -proxyTemplates -neverDerefaliases -RootDN -rootdn -loglevel +invalidAttributeSyntax +subtree +Kartik +newparent +memcalloc +ing +filtertype +regcomp +ldapmodify +includedir +IPC +resync +ldapsearch +reqAttr +dynlist args -caseExactOrderingMatch -olcDbQuarantine -RELEASEDATE -basedn -baseDN +hardcoded argv -gss -schemachecking -WhoAmI -whoami -syslogd -dataflow -subentries -suretec -attrpair -balancer -entryAlreadyExists -BerkeleyDB's +kdz notAllowedOnRDN -singleLevel -entryDN -dSAOperation -includedir -inplace -LDAPAPIFeatureInfo -logbase -ldapmaster -ing -moduleload -IPC -Makefile -getpid -GETREALM -numericString -MANSECT -XXXX -domainstyle -bvarray -Choi -iscritical -subschema -slapindex -plugin -distinguishedNameMatch -derefAliases -baseObject -kdz -reqMod +hostport +StartTLS +starttls ldb -srcdir -pwdExpireWarning +servercredp ldd -localstatedir -sockbuf -PENs IPv ipv -ghenry hyc -multimaster -noop -DEFS joe -testAttr -syncrepl -pwdFailureTime -timestamp -whitespaces -ISP +bindmethods +armijo ldp -monitorInfo -PDUs -bjensen -newPasswd -irresponsive +ISP len -perl -dynlist -browseable -posixGroup -attrvalue -pers -retcode -rootpw -matchedDN -auditReadObject -idletimeout -intermediateResponse -myOID -structuralObjectClass -integerMatch -OpenLDAP -openldap -moddn -rewriteEngine -AVAs -accesslog -searchDN -reqOld +Choi +Clatworthy +scherr +virtualnamingcontext +ITU +XXXX +Stringprep +Apurva +labeledURI +DEFS MDn -aspell -TLSCACertificateFile +attrstyle +directoryOperation +creatorsName mem -peername -syncUUIDs -database's +oldPasswdFile +oldpasswdfile +uniqueMember krb -bool -logins +libpath +acknowledgements jts -memberAttr -newPasswdFile -newpasswdfile -ucdata +createTimestamp +MIB LLL -confdir -invalidCredentials -BerValues -olcDbLinearIndex -Elfrink -AUTOREMOVE -countp -realloc -bsize -CThreads -structs -desc -LTCOMPILE -auditContext -bindmethod -sambaNTPassword -olcDbCheckpoint -addprinc -auditContainer -modme -refreshOnly -PIII -pwdPolicySubentry -supportedSASLMechanism -supportedSASLmechanism -FIXME -realanonymous -caseExactMatch -olcSizeLimit -Bourne -attr -objectIdentifier -objectidentifier -refint -msgtype -OBJEXT +OpenSSL +openssl +LOF +AVAs +organizationalRole +initgroups +olcDbCachesize +olcDbCacheSize +ETCDIR +colaligns +olcReadOnly +olcReadonly +reqResult +LDAPMatchingRule +bool LRL -subtrees -realdnattr -entrymods -admittable -libtool's -dupbv -searchResultEntry +CPPFLAGS +schemadir +desc lud -modifyTimestamp -TLSEphemeralDHParamFile +newrdn LRU -syncprov -strvals -preread -auth +memvfree +dbtools nis -regexec -adamsom -objclasses -deallocation -strdup -gsMatch -adamson -UniqueName +rewriteRule +postoperation LVL -ppErrStr -DESTDIR oid -saslpasswd -interoperate -bindwhen -Solaris -oOjM msg -submatch -refreshAndPersist -monitorServer -attributeUsage -soelim -objectIdentiferMatch -olc +attr +caseExactOrderingMatch +Subbarao +aeeiib +oidlen +submatches PEM -Autoconf -alloc +olc OLF PDU -inetorgperson -inetOrgPerson -deleteoldrdn -monitorCounterObject +LDAPSchemaExtensionItem +auth +Pierangelo +authzFrom pid -CPAN -sharedstatedir +subdirectories OLP -LDFLAGS -dereferencing -allop -errcodep -xeXBkeFxlZ -accessor's -extendedop +pwdPolicyChecker +subst +singleLevel +cleartext +numattrsets +requestDN +caseExactSubstringsMatch +PKI ple NTP -reqSizeLimit -ORed +auditModRDN +checkpointing NUL -namingContexts num -reqAttrsOnly -ldappasswd -online -libdir -unindexed -ObjectClassDescription -attrdesc -jsmith -efgh -exopPasswdDN -ranlib -olcAttributeOptions -lineno -storages -nameAndOptionalUID +objectIdentifierMatch +sharedstatedir png -INCPATH -organizationalPerson -integerOrderingMatch +CPAN OSI -subschemaSubentry -cond -conf +extendedop +distinguishedName +distinguishedname +preinstalled rfc -bvec +LDAPCONF rdn -ECHOPROMPT -RDBM -subany -runningslapd -configs -datagram -crlcheck -conn -builddir +wZFQrDD OTP -entrylimit -attrdescN -logold +olcSizeLimit PRD sbi pos -reqEntries pre -bvals -unixusers -olcReadonly -olcReadOnly -pwdChangedTime -mySQL -DITs +stringal +retoidp sdf -suffixmassage -referralDN +efgh +accesslog sed -statslog -perror -ldapexop -bvecadd -distributedOperation +cond +qdescrs +modifyDN +conf +ldapmodrdn sel -versa +bvec TBC -telephonenumber -telephoneNumber -DLDAP -peernamestyle +stringbv SHA Sep -filename -rpath -argsfile ptr -INCDIR +conn pwd -dctree +DISP +newsup rnd -quanah -lastmod TCL -sprintf shm -logops -dnattr -subdir -searchAttrDN -cctrls +DITs tcp -kadmin -undefinedAttributeType -strlen -dynamicObject -spellcheck -ludpp -typedef -olcDbIDLcacheSize -ostring -toolsets -mwrscdx +INCPATH +RPC +myOID +supportedSASLMechanism +supportedSASLmechanism +realnamingcontext UCD SMD -cancelled -crit -organizationalUnit -lucyB +keytab +portnumber +uncached slp -rdns -CPUs +derefInSearching +UMich's TGT -modulepath -quickstart -mySNMP +numbits +sasldb +UCS +searchDN +keytbl UDP tgz -RDBMs -rdbms -Matic -qdstring -gunzip -librewrite +freemods +prepend +errText +groupnaam UFl src -lastName +matchedDN ufn -cron -RelativeLDAPDN +allusersgroup +FIXME sql -pwdPolicyChecker uid -olcDbConfig -refreshDone +crit +objectClassViolation ssf -replogfile +ldapfilter vec TOC rwm -LDAPDN -compareAttrDN -endmacro +pwdChangedTime tls -repl -monitoringslapd -referralsp +peernamestyle +xpasswd SRP tmp -olcDbNosync -conns SSL -PDkzODdASFxOQ +dupbv +CPUs SRV +entrymods sss rwx -deallocators -Contribware -olcConstraintConfig -URLlist +reqNewRDN +rebindproc +olcOverlayConfig str -subinitial -CSNs -sbin -dbtools -datasource -sbio -posp -errText -prepended -labeledURI -scdx -startup -const -wBDABALD -octetStringSubstringsStringMatch +syncIdSet +cron +accesslevel +accessor's +keyval +alloc +saslpasswd +README +maxentries ttl -bvalue -bvdup -stringa -stringb -hasSubordinates -oldPasswd +undefinedAttributeType +peercred sys -pwdPolicy -slapd -affectsMultipleDSAs -sasl -slapauth -MANCOMPRESS -octetStringOrderingStringMatch -updatedn -UpdateDN -slapdindex -searchFilter +allop +memberUid +CSNs +wildcards uri -slapi tty -liblunicode url -entryExpireTimestamp -priv -slapo +sortKey +XED UTF vlv -ctrl TXN -virtualnamingcontext -eatBlanks -slimit -ldaprc +auditExtended usr txt -proc -generalizedTime -loopback -unmassaged -mechs -freemods -initgroups -auditCompare +UTR +XER +olcDbIDLcacheSize +namespace +LDAPControl +dbconfig +olcAttributeOptions +dsaparam +searchResult +ctrl +ldapwhoami +extensibleObject +clientctrls +monitorServer +MANCOMPRESSSUFFIX +memberAttr +multiclassing +memberURL +pwdMaxFailure +pseudorootdn GDBM -DSAs +LIBRELEASE DSA's -dsaschema -compareFalse -resultCode -resultcode -noSuchObject -params -groupnummer -searchEntryDN -titleCatalog -negttl -chainingPreferred -TABs -retdatap -errAuxObject -postoperation -realself -olcPasswordHash -concat -debuglevel -addAttrDN -credp -ldaphost -pwdMaxFailure -octetStringMatch -extparam -auditWriteObject -colaligns -Diffie -offsite -attributevalue -AttributeValue -SIGTERM -MyCompany +DSAs +realloc +booleanMatch +compareTrue +mySQL +passwd +printf +idassert +rwxrwxrwx al -AAQSkZJRgABAAAAAQABAAD +realself cd -contextCSN ar -pthreads -monitorTimestamp +olcDatabaseConfig de -reqAuthzID -backend's -backends -requestName +derated +auditDelete cn -lcrypto -infodir -groupstyle -ldapsearch +versa cp -displayName bv eg -olcBackendConfig fd dn -sambaPwdLastSet -LDAPSync -olcReplicationInterval fG -gidNumber +DS fi -Instanstantiation +allmail du eq -FIPS +pwdAllowUserChange dx et eu +syncUUIDs hh -olcLogLevel -slurpd -logevels +regexec IG -olcAuditlogFile -addDN -tbls -ldapmodify +msgidp kb -syslog +organizationalUnit +Warper +logfilter io ip -dynacl -aXRoIGEgc -enum -slapdconf -reqFilter +referralsRequired ld -xyz -TLSCertificateFile -idassert -failover -kerberos -lookups +Matic +subfinal +pseudorootpw md +preread +pwdMinLength iZ -SysNet -BerValue -idlcachesize -struct -UCASE -errno -syslogged +ldapdelete +xyz +rdbms +RDBMs +extparam mk ng oc -invalidAttributeSyntax -errOp -pwdMaxAge -insufficientAccessRights -truelies +FIPS NL +logfiles mr -reindex -newentry ok mv -preinstalled -regex -saslmech +LTVERSION rc -config +realdn ou -policyDN sb -olcSyncrepl +enum +auditContext QN -strtol -runtime -NOSYNC -slapover +contrib RL -sockname -noSuchAttribute -MANCOMPRESSSUFFIX -makeinfo -coltags +errMatchedDN +auditContainer ro rp -EXEEXT -sockurl th sn ru UG ss -su +behera TP -reqMethod -XLIBS -PhotoObject +su +invalidCredentials tt -keycol -namingContext -rlookups -searchstack -NOECHOPROMPT -sldb +wildcard wi -AlmostASearchRequest +syslogd +newPasswd xf -param -MChAODQ -caseExactIA -Za +deallocation +whitespaces +retdatap +attrlist Vu -idlecachesize -objectClassViolation -allusers +Za +PDkzODdASFxOQ ws -errSleepTime -INSTALLFLAGS -pthread -pwdHistory +cacert +notAllowedOnNonLeaf +attrname +olcTLSCipherSuite x's -Debian -slen -errUnsolicitedOID -dyngroup -filtertype -rewriteRules -criticality -preoperation -smbk -subord -reqVersion -errp +octetStringMatch +mechs ZZ -entryCSNs -dlopen -continuated -newSuperior -newsuperior -Preprocessor -XXLIBS -deallocate -reqScope -llber -bitstringa -sbindir -apache's -noidlen -monitorContext -testrun -resync -fqdn -authPassword -LDAPMatchingRule -olcIdleTimeout -treedelete -auditAdd -reqSession -derated LDVERSION +testAttr +backend +backends +backend's +BerValues +Solaris +structs +reqTimeLimit +judgmentday +reqAuthzID +errp +ostring +policyDN +testObject +pwdMaxAge +binddn +bindDN +bindDn +distributedOperation +schemachecking +strvals +dataflow +robert +fqdn +admittable +Makefile IANA -olcDbSearchStack -bitstrings -rscdx -schemas -minssf -ldapadd -pseudorootdn -lldap -gssapi -applicatio -nelems -liblutil -wrscdx -numResponses -scherr -internet -logfilter -lutil -themself -libexec -dnpattern -proxying -reqType -Kartik -libexecdir -inetd -pwdSafeModify -contrib -FQDNs -bjorn -myLDAP -myldap -peercred -SNMP -myObjectClass -thru -olcLastMod -commonName -testTwo -olcFrontendConfig -LDAPObjectClass -attributeTypes -LTINSTALL -hostname -Symas -numattrsets -msgid -ldapmodrdn -ldapbis -attributeoptions -serverID -memberof -memberOf -pseudorootpw -allmail -CFLAGS -operationsError -substr -pwdAllowUserChange -rewriteRule -XXXXXXXXXX -credlen -departmentNumber -rewriteMap -logfile -vals -LDAPAVA -modifyAttrDN -dcedn -olcOverlay +localhost +offsite +bindir +olcUpdateref +bindwhen +UMLDAP +searchResultDone +MAXLEN +pwdInHistory +reqAttrsOnly +sysconfdir +searchResultReference +olcAttributeTypes +everytime +protocolError +errno +errOp +serverctrls +integerMatch +moduledir +dynstyle +bindpw +AUTHNAME +UniqueName +saslmech +pthreads +IEEE +regex +SIGINT +slappasswd +errABsObject +errAbsObject +ldapexop +objectIdentifier +objectidentifier +deallocators +mirrormode +MirrorMode +loopDetect +SIGHUP +authMethodNotSupported +IDNA +bvecfree +pwdLockoutDuration +attrset +displayName +subentry +reqScope +oldPasswd exop -BerElement -berelement -olcRootDN -octetString -SampleLDAP +filtercomp expr -allusersgroup -PostgreSQL -bvstr -logsuccess -filesystem -pathtest -objectclass -objectClass -submatches -newrdn -armijo -addBlanks -reqMessage +syntaxes +memrealloc +returncode +returnCode +OpenLDAP's exts -SSHA +bitstringa +caseIgnoreOrderingMatch +searchFilterAttrDN func -filterlist -modifyDN jane -syncuser -Masarati -LDAPSyntax -oldPasswdFile -oldpasswdfile -reqDN -SSFs +IESG +llber +attrval ietf -unwillingToPerform -oidlen -searchFilterAttrDN -CPPFLAGS -slapadd -Clatworthy -urldesc -substrings -Apurva -slapacl -multiclassing +olcSchemaConfig +bitstrings +bvalues +realdnattr +attrpair +affectsMultipleDSAs +Preprocessor +lastName +lldap +cachesize +slapauth +attributeType +attributetype +GSER +olcDbNosync +typedef +bjorn +datagram +strcasecmp +selfstyle +preoperation +FQDNs +exopPasswdDN +userid +subentries +monitoredObject +TLSVerifyClient +noidlen +LDAPNOINIT +pwdGraceAuthnLimit +hnPk +userPassword +noanonymous +LIBVERSION +Symas +dcedn +chroot +posixGroup +nretries +testgroup +ldaphost +frontend +proxying +organisations +rewriteMap monitoredInfo -LTLINK -addrdnvalues -KTNAME -ETCDIR +modrDN +ModRDN +modrdn +HREF +inline +multiproxy +reqSizeLimit +kerberos +loglevel +bvstrdup +reqReferral +rlookups +siiiib +LTSTATIC +timelimitExceeded +timeLimitExceeded +XKYnrjvGT +subtrees +unixODBC +hostnames +AutoConfig +libtool +submatch +reqDN +dnstyle +inet +schemas +pwdPolicySubentry reqId -setspec scanf -TLSv -distinguishedName -distinguishedname -BerVarray -caseIgnoreSubstrin -ldapwhoami -URLattr -generalizedTimeOrderingMatch -requestdata -timelimit -subr -cachesize -olcRootPW -SSLv -proxyOld -domainScope -LDAPMessage -LTVERSION -memalloc -refreshDeletes -BerkeleyDB -pathspec -uint -Poitou -whitespace -dynstyle -slaptest -zeilenga -WebUpdate -numericoid -ChangeLog -changelog -creatorsName -ascii -wahl -uniqueMember -slapcat -lwrap -ldapfilter -errDisconnect -sermersheim -rootdns -searchResult -libtool -servercredp -AttributeTypeDescription -LTFLAGS -simplebinddn -authcDN -TLSCipherSuite -supportedSASLMechanisms -rootDSE -rootdse -dsaparam -cachefree -UMich's -uidNumber -schemadir -attribute's -extern -varchar -olcDbCachesize -olcDbCacheSize -authcID -authcid -POSIX -hnPk -ldapext -authzFrom -Google -olcSchemaConfig -newsup -sbiod -XXXLIBS -LDAPBASE -Supr -olcDatabaseConfig -rwxrwxrwx -aeeiib -SUPs -reqStart -sasldb -somevalue -LIBRELEASE -randkey -StartTLS -starttls -LDAPSchemaExtensionItem -reqReferral -shtool -Pierangelo -attrstyle -backend -portnumber -subjectAltName -errObject -gsskrb -valsort -berval's -bervals -derefFindingBaseObj -checkpointed -keytab -groupnaam -frontend -sctrls -dbnum -olcLdapConfig -sessionlog -attrset -organizationPerson -entryCSN -strcast -kbyte -modifiersName -keytbl -olcHdbConfig -constraintViolation -README -memcalloc -inet -saslargs -givenName -givenname -olcDbMode -pidfile -olcLimits -memvfree -tuple -superset -directoryString -ktadd -proxytemplate -proxyTemplate -wildcards -monitoredObject -TTLs -LxsdLy -olcTimeLimit -stringal +olcBackend +TLSCACertificatePath +Arial init -Locators -bvalues -reqResult +runtime +onelevel impl -strongerAuthRequired -outvalue -returncode -returnCode -attributeDescription -attrval -dnssrv -ciphersuite -auditlog -reqControls -protocolError -notypes -myAttributeType -stringbv -keyval -calloc -chmod -Subbarao -setstyle -subdirectories -errlist -addpartial -slapdn -olcAuditLogConfig -uncached -ldapapiinfo -groupOfUniqueNames -dhparam -slapds -slapd's -inputfile -RDBMSes -wildcard -Locator -errABsObject -errAbsObject -SASL's +Autoconf +stderr +ascii +MANCOMPRESS +authPassword +attrdescN +aspell +allusers +statslog +alwaysDerefAliases +RELEASEDATE +olcModuleList +pwdSafeModify html -searchResultDone -olcBdbConfig -LDAPMod -ldapmod -olcHidden -userPassword -TLSRandFile -use'd -auditBind -requestDN -lockdetect -selfstyle -liblber -ERXRTc -printf -AutoConfig -localhost +multimaster +testrun +rewriteEngine +slapdindex +LTFINISH +olcOverlay lber -noprompt -databasenumber -hasSubordintes -URIs -denyop +serverID +numResponses lang -auditSearch -ldapdelete -reqTimeLimit -cacertdir -queryid -Warper -XDEFS -URL's -urls -postaladdress -postalAddress -passwd -plugins -george +POSIX +pathname +noSuchObject +proxyOld +BerElement +berelement +sbiod +plugin http -uppercased -Poobah -libldap -invalidDNSyntax +olcModuleLoad ldap ldbm -ursula -LDAPModifying -slapdconfig -sysconfig -dnSubtreeMatch -olcSaslSecprops -olcSaslSecProps -auditModify -groupOfNames -jensen -reloadHint -prepending -olcGlobal -matchingrule -matchingRule -SmVuc -MSSQL -nisMailAlias -hostnames -ctrlp -lltdl -ctrls -rewriter -secprops -namespace -whsp -realusers -dnstyle -suffixalias -proxyattrset -proxyAttrSet -proxyAttrset -pwdMustChange -ldif -bvfree -sleeptime -pwdCheckQuality -msgidp -confidentialityRequired -pwdAttribute -authMethodNotSupported -chown -PRNGD -LDAPRDN -entryUUIDs -sambaPwdCanChange -proxyCache -proxycache -SERATGCgaGBYWGDEjJR -noanonymous +numericStringSubstringsMatch +internet +storages +WhoAmI +whoami +criticality +addBlanks +logins +syncrepl +dbnum +operationsError +homePhone +testTwo +ldif +entryAlreadyExists +plaintext +errDisconnect +username accessee -createTimestamp -nretries -auditAbandon -LDAPAttributeType -logdb -procs -realdn -alwaysDerefAliases -ppolicy +LDAPURLDesc +ISOC +IRTF jpeg -functionalities -pcache -caseIgnoreMatch -sysconfdir -checkpointing -rebindproc -dryrun -noplain -exattrs +ktadd +tuple +refint +makeinfo +chmod +auditWriteObject Jong -ldaptcl -proxied -firstName -accesslevel -login +setspec +syncprov +dctree +hallvard +cctrls +debuglevel +dSAOperation +datadir +slapadd +reqFilter +CThreads +slapacl +requestName +randkey +Cryptosystem +groupOfNames +themself +jsmith +filesystems +lineno +SASL's +lockdetect +addrdnvalues +Hyuk rewriteContext -dcObject -newparent -numericStringMatch -TLSVerifyClient -subtree -multi +soelim +slapdconfig +entrylimit +departmentNumber immSupr +pidfile +online +logold +proxyattrset +proxyAttrSet +proxyAttrset +crlcheck +olcBdbConfig +kadmin +mech +slapcat +insufficientAccessRights +XDEFS +olcDbLinearIndex +MKDEPFLAG +rootdns +caseExactIA +notypes +numericStringMatch +octothorpe +lltdl +rootDSE +rootdse +logops +rewriter +chown +attributeUsage +slapdconf +olcDbUri +subany +Authorizaiton +bvalue manpage -assciated -wZFQrDD -serverctrlsp -onelevel -abcd -reqcert -referralsRequired -Hyuk -olcServerID -reqDerefAliases +olcLimits +PRNGD +BerVarray +abcdefgh +matchingrule +matchingRule +modifiersName +inetOrgPerson +inetorgperson +secprops +logdb +postaladdress +postalAddress +quanah +ManageDsaIT +manageDSAit +subinitial +procs +varchar +RDBMSes +XLDFLAGS +caseExactMatch +urldesc +liblutil +olcObjectIdentifier +subdir +suffixmassage +auditAdd +pwdMinAge +olcModulePath +URLattr +reqSession +login +RetCodes +userApplications +NDBM newSuperiorDN -passwdfile -errMatchedDN -everytime +browseable +auditBind +setstyle +newSuperior +newsuperior +concat +realanonymous +invalue +refreshOnly +filesystem +Naur +unwillingToPerform +PhotoURI +MyCompany mkdep -olcDbIndex -olcDbindex -syntaxOID -reqData -databasetype -woid -numericStringOrderingMatch -clientctrls -inappropriateMatching -RetCodes -ldapc -pwdAccountLockedTime -attrtype -LIBVERSION +idlcachesize +irresponsive +readOnly +readonly +CLDAP proto -endif -logfiles -reqNewRDN -ldapi -notoc -matcheddnp mkdir -mech -pwdMinAge -ldaps -userCertificate -LDAPv -IPsec -tokenization -olcModuleList -robert -generalizedTimeMatch -UMLDAP -OpenLDAP's -lookup +peername +pwdFailureTime +compareDN +reqVersion +negttl +logevels +AAQSkZJRgABAAAAAQABAAD +strcast +failover +constraintViolation +cacheable +sambaPwdCanChange +errCode +queryid +olcReferral +dynacl +mkln +structuralObjectClass +proxyAuthz +config +IDSET +ODBC +searchFilter +wholeSubtree +SASLprep +nisMailAlias +attributeDescription +groupnummer +lsei +kurt +OrgPerson +generalizedTime +filename +pwdCheckQuality +methodp +Verdana +deref +proxied +endmacro +backload +ECHOPROMPT +bvarray +ltdl +slapdconfigfile +modv +ObjectClassDescription +truelies +slurpd +basename +groupOfUniqueNames +DHAVE +ludp +entryUUID +ldapapiinfo +SampleLDAP +compareAttrDN +lssl +newentry +applicatio +addpartial +confdir +entryDN +pwdFailureCountInterval +XXXLIBS +Kumar +LTHREAD +distinguishedNameMatch +timestamp +UUIDs +olcDbCheckpoint +LTINSTALL +gssapi +continuated +localstatedir +devel +errcodep +Elfrink +olcPidFile +attribute's +pPasswd +metadirectory +assciated +myObjectClass +OIDs +oids +sermersheim +chainingPreferred +CFLAGS +minssf +ModName +attrs +typeA +objclasses +typeB +nelems +subord +namingViolation +inappropriateAuthentication +mixin +syntaxOID +olcTLSCACertificateFile +IGJlZ +TLSCipherSuite +auditlog +runningslapd +myLDAP +myldap +configs +datasource +refreshAndPersist +authc +PENs +referralDN +noop +errObject +XXLIBS +reqAssertion +PDUs +baseObject +bvecadd +perl +inplace +lossy +pers +authz +pwdReset +wrscdx +adminLimitExceeded +LDAPMessage +serverctrlsp +simplebinddn +nonleaf +compareFalse +lsasl +caseIgnoreSubstringsMatch +AUTOREMOVE +searchResultEntry +PIII +olcDbShmKey +substr +reqRespControls +XXXXXXXXXX +MANSECT +bindmethod +KTNAME +referralsp +pwdExpireWarning +suretecsystems +timeval +LTLINK +gsMatch +attributeTypes +pwdCheckModule +olcDatabase +PKCS +syncuser +oOjM +extern +dcObject +supportedControl +addprinc +logbase +filterlist +generalizedTimeMatch +Google +sessionlog +balancer +NSSR +PKIX +urandom +derefFindingBaseObj +Poitou +dereferencing +dereferenced +ORed +caseIgnoreSubstrin +superset +Locators +qdstring +olcAccess +dereferences +shoesize +monitorContext +RDBM +PostgreSQL +ppErrStr +olcFrontendConfig +aliasDereferencingProblem +gsskrb +unindexed +whitespace +seeAlso +monitorRuntimeConfig +olcAuditlogFile +namingContexts +referralAttrDN +idlecachesize +moddn +calloc +LDFLAGS +attributeOrValueExists +olcHdbConfig +bsize +auditObject +dnssrv +dynamicObject +objectclass +objectClass +sizeLimitExceeded +reqControls +modme +shtool +aXRoIGEgc +rdns +modifyTimestamp +objectIdentiferMatch +sleeptime +derefAliases +pagedResults +denyop +sctrls +ldapport +octetString +repl +ERXRTc +LxsdLy +lastmod +integerOrderingMatch +searchEntryDN +pwdLockout +sbin +olcSuffix +sbio +posp +TLSCertificateKeyFile +george +LDAPSyntax +apache's +scdx +attrtype +msgtype +pathtest +ldapcompare +coltags +sasl +unixusers +bvfree +xeXBkeFxlZ +priv +proxyTemplates +bvals +givenName +givenname +jensen +auditReadObject +proc +unavailableCriticalExtension +slapdn +noSuchAttribute +retcode +slapds +slapd's +DLDAP +TABs +dyngroup +pathspec +domainstyle +requestoid +rpath +Blowfish +dryrun +Poobah +searchable +SDSE +olcDbDirectory +ludpp +spellcheck +logsuccess +lucyB +entryUUIDs +reqEntries +sockbuf +olcSaslSecprops +olcSaslSecProps +dnSubtreeMatch +conns +pcache +ChangeLog +changelog +ursula +monitorConnectionLocalAddress +requestor's +requestors +TLSCertificateFile +pwdPolicy +infodir +suretec +tbls +const +bvdup +mkversion +olcDbSearchStack +numericStringOrderingMatch +checkpointed +strongerAuthRequired +treedelete +olcObjectClasses +berptr +errSleepTime +substrings +slapd +sambaNTPassword +slapi +lcrypto +slapo +mwrscdx +credlen +deleteDN +substring +prepending +sldb +credp +numEntries +searchBase +searchbase +berval +slen +lookup +databasetype +rewriteRules +smbk +userCertificate +entryCSN +errAuxObject +replogfile +reloadHint +moduleload +hasSubordinates +contextp +LDAPModifying +nameAndOptionalUID +addDN +berval's +bervals +passwdfile +reqDerefAliases +authcDN +groupstyle +cancelled +stateful +proxytemplate +proxyTemplate +entryExpireTimestamp +referralsPreferred +authcID +authcid +AuthcId +MChAODQ +lookups +GnuTLS +GNUtls +gnutls +LTONLY +SNMP +timelimit +UCASE +thru +saslauthd +logpurge +SMTP +srvtab +ldapadd +sprintf +monitorCounterObject +Instanstantiation +olcDbConfig +olcLastMod +vals +param +matcheddnp +malloc +XLIBS +freeit +invalidDNSyntax +zeilenga +addAttrDN +syncdata +attrsonly +attrsOnly +numericString +libexec +entryCSNs +noprompt +LTCOMPILE +ldapbis +SSHA +mandir +RXER +SSFs +octetStringOrderingStringMatch +auditCompare +pEntry +endblock +LDAPAVA +startup +olcReplicationInterval +TLSv +libtool's +slapindex +rscdx +dhparam +subr +SSLv +SIGTERM +liblunicode +uint +stringa +reindex +stringb +lutil +inetd +SERATGCgaGBYWGDEjJR +wahl +olcDbQuarantine +reqEnd +modifyAttrDN +monitorContainer +searchstack +cachefree +errUnsolicitedOID +WebUpdate +RelativeLDAPDN +URLlist +monitorInfo +argsfile +attrvalue +deallocate +msgid +modulepath +logfile +Supr +inappropriateMatching +SUPs +myAttributeType +BerValue +basedn +baseDN +bvstr +replog +databasenumber +subschema +PhotoObject +INADDR +pthread +errlist +olcDbIndex +olcDbindex +ldapext +caseIgnoreMatch +suffixalias +sbindir +gidNumber +LDAPSync +bitstring +objclass +oplist +LDAPObjectClass +sockurl +somevalue +getpid +monitorIsShadow +confidentialityRequired +groupOfURLs +preallocated +hostname +TTLs +attrdesc +ghenry +reqType +slapover +BerkeleyDB's +attributename +lwrap +reqStart +errUnsolicitedData +objectclasses +objectClasses +countp +dereference +sizelimit +use'd +rootdn +RootDN +LTFLAGS +Bourne +URIs +pwdAttribute +uppercased +cacertdir +ciphersuite +URL's +urls +olcAuditLogConfig +reqMod +pwdHistory +entryTtl +olcIdleTimeout +TLSRandFile +unmassaged +LDAPMod +ldapmod +srcdir +whsp +exattrs +reqOld +kbyte +monitorCounter +quickstart +olcConstraintConfig +UUID +rootpw +veryclean +syslogged +olcRootDN +idletimeout +sockname +telephoneNumber +telephonenumber +objectClassModsProhibited +nattrsets +saslargs +OBJEXT +LDAPAttributeType +newPasswdFile +newpasswdfile +boolean +liblber +ucdata +toolsets +builddir +builtin +Locator +ldapmaster +libldap +refreshDeletes +aliasProblem +eMail +outvalue +LDAPRDN +olcBackendConfig +wBDABALD +libdir +deleteoldrdn +abcd +olcRootPW +dnattr +AttributeTypeDescription +strdup +domainScope +prepended +saslBindInProgress +olcDbMode +selfwrite +olcLdapConfig +pwdGraceUseTime +titleCatalog +woid +organizationPerson +ldaptcl +INCDIR +ACDF +realusers +ranlib +eatBlanks +reqMessage +paramName +ctrlp +freebuf +ctrls +firstName ABNF -olcDbShmKey -pwdLockoutDuration -TLSCACertificatePath -ldapuri -ldapurl +dnpattern +perror +MSSQL +SmVuc ACIs -behera -olcObjectIdentifier -endblock -proxyAuthz -pagedResults -saslBindInProgress -bitstring +errmsgp +authzDN +gunzip +jpegPhoto +supportedSASLMechanisms ACLs -suretecsystems -berptr -olcModuleLoad -namingViolation -attributeType -attributetype -auditModRDN -cacert -memberUid -freebuf -IDSET -pwdGraceAuthnLimit -invalue -XKYnrjvGT -srvtab -referralAttrDN -requestoid -basename -substring -booleanMatch +reqMethod +authzId +authzid +authzID +hasSubordintes +proxyCache +proxycache +slaptest +olcLogLevel +LDAPDN +XINCPATH +monitoringslapd babs -pPasswd -msgfree -slapdconfigfile -olcDatabase -builtin -hardcoded -SIGINT -MAXLEN -xpasswd -cleartext -extensibleObject -pwdLockout -SIGHUP -reqDeleteOldRDN -reqAttr -subfinal -berval -octothorpe -LTONLY -filesystems -urandom -NDBM -abcdefgh -olcBackend -errmsgp -boolean -updateref -regcomp -contextp -filtercomp -LDAPNOINIT -deref -preallocated -syntaxes -memberURL -monitorRuntimeConfig -binddn -bindDN -bindDn -methodp -timelimitExceeded -timeLimitExceeded -pwdInHistory -LTSTATIC -requestor's -requestors -LDAPCONF -saslauthd -MKDEPFLAG -gecos -entryUUID -GnuTLS -GNUtls -gnutls -postread -timeval -aaa -DHAVE -loopDetect -caseIgnoreSubstringsMatch -monitorIsShadow -syncdata -BDB's -olcPidFile -hostport -backload -bindir -olcObjectClasses -auditObject -LDIFv -strcasecmp -LTHREAD -dereferenced -entryTtl -LDAPControl -pwdMinLength -ldapcompare -readOnly -readonly +DSAIT +olcHidden +mySNMP +metainformation +BerkeleyDB +ldapuri +auditAbandon RANDFILE -attrlist +ldapurl +strlen +pwdAccountLockedTime +searchAttrDN +dbcache +sambaPwdLastSet +wBDARESEhgVG +multi +aaa +ldaprc +UpdateDN +updatedn +LDAPBASE +LDAPAPIFeatureInfo +authzTo +valsort +plugins +Diffie +ldappasswd +olcGlobal +ABI aci -directoryOperation -compareTrue -selfwrite -pwdReset +endif +unescaped acl -attrname ADH -searchable -bindmethods -logpurge -reqNewSuperior -multiproxy -dereferences -datadir -malloc -UUIDs -veryclean -userid -Kumar +olcPasswordHash +ldapc +loopback +ldapi +BDB's +GETREALM +functionalities +noplain +NOECHOPROMPT AES +ldaps +notoc bdb -attributeOrValueExists -ManageDsaIT -manageDSAit -bindpw -monitorContainer -pEntry +LDAPv +IPsec +olcServerID +BCP baz -memfree -lresolv -objectIdentifierMatch -Blowfish -mkln -numericStringSubstringsMatch -testgroup -OpenSSL -openssl -ModName -cacheable -freeit -pathname +params +generalizedTimeOrderingMatch +octetStringSubstringsStringMatch ber +slimit ali -mandir -changetype +attributeoptions +uidNumber CA's CAs -typeA -bvecfree -ODBC -typeB -unescaped -devel -pwdCheckModule -LDAPURLDesc -authzDN +namingContext diff --git a/doc/guide/admin/overlays.sdf b/doc/guide/admin/overlays.sdf index e12f5d732b..640f6dd0fb 100644 --- a/doc/guide/admin/overlays.sdf +++ b/doc/guide/admin/overlays.sdf @@ -347,7 +347,7 @@ H2: Dynamic Directory Services H3: Overview -The {{dds}} overlay to {{slapd}}(8) implements dynamic objects as per RFC 2589. +The {{dds}} overlay to {{slapd}}(8) implements dynamic objects as per {{REF:RFC2589}}. The name {{dds}} stands for Dynamic Directory Services. It allows to define dynamic objects, characterized by the {{dynamicObject}} objectClass. @@ -362,62 +362,70 @@ deletion, so clients should not count on it. H3: Dynamic Directory Service Configuration -A usage of dynamic objects might beto implement dynamic meetings; in this case, +A usage of dynamic objects might be to implement dynamic meetings; in this case, all the participants to the meeting are allowed to refresh the meeting object, but only the creator can delete it (otherwise it will be deleted when the TTL expires). If we add the overlay to an example database, specifying a Max TTL of 1 day, a min of 10 seconds, with a default TTL of 1 hour. We'll also specify an interval -of 5 seconds between expiration checks and a tolerance of 1 second (lifetime of -a dynamic object will be {{B:entryTtl + tolerance}}. +of 120 (less than 60s might be too small) seconds between expiration checks and a +tolerance of 5 second (lifetime of a dynamic object will be {{entryTtl + tolerance}}). > overlay dds > dds-max-ttl 1d > dds-min-ttl 10s > dds-default-ttl 1h -> dds-interval 5s -> dds-tolerance 1s +> dds-interval 120s +> dds-tolerance 5s -So let's create an entry using: +and add an index: -> dn: cn=Dynamic,dc=example,dc=com -> objectClass: inetOrgPerson -> objectClass: dynamicObject -> cn: Dynamic Object -> sn: Object +> entryExpireTimestamp -MORE coming. +Create a meeting is as simple as adding the following: +> dn: cn=OpenLDAP Documentation Meeting,ou=Meetings,dc=example,dc=com +> objectClass: groupOfNames +> objectClass: dynamicObject +> cn: OpenLDAP Documentation Meeting +> member: uid=ghenry,ou=People,dc=example,dc=com +> member: uid=hyc,ou=People,dc=example,dc=com H4: Dynamic Directory Service ACLs -Allow users to start a meeting and to join it; restrict refresh to the {{B:member}}s; +Allow users to start a meeting and to join it; restrict refresh to the {{member}}; restrict delete to the creator: > access to attrs=userPassword > by self write > by * read > -> access to dn.base="cn=Meetings,dc=example,dc=com" +> access to dn.base="ou=Meetings,dc=example,dc=com" > attrs=children > by users write > -> access to dn.onelevel="cn=Meetings,dc=example,dc=com" +> access to dn.onelevel="ou=Meetings,dc=example,dc=com" > attrs=entry > by dnattr=creatorsName write > by * read > -> access to dn.onelevel="cn=Meetings,dc=example,dc=com" +> access to dn.onelevel="ou=Meetings,dc=example,dc=com" > attrs=participant > by dnattr=creatorsName write > by users selfwrite > by * read > -> access to dn.onelevel="cn=Meetings,dc=example,dc=com" +> access to dn.onelevel="ou=Meetings,dc=example,dc=com" > attrs=entryTtl > by dnattr=member manage > by * read +In simple terms, the user who created the {{OpenLDAP Documentation Meeting}} can add new attendees, +refresh the meeting using (basically complete control): + +> ldapexop -x -H ldap://ldaphost "refresh" "cn=OpenLDAP Documentation Meeting,ou=Meetings,dc=example,dc=com" "120" -D "uid=ghenry,ou=People,dc=example,dc=com" -W + +Any user can join the meeting, but not add another attendee, but they can refresh the meeting. The ACLs above are quite straight forward to understand. H2: Dynamic Groups @@ -907,7 +915,7 @@ H3: Overview Overlays can be stacked, which means that more than one overlay can be instantiated for each database, or for the frontend. -As a consequence, each overlay's function is called, if defined, +As a consequence, each overlays function is called, if defined, when overlay execution is invoked. Multiple overlays are executed in reverse order (it's a stack, all in all) with respect to their definition in slapd.conf (5), or with respect