From 4ef042fee478acb46bc215f2f5ae24ba3dcba8e5 Mon Sep 17 00:00:00 2001 From: Kurt Zeilenga Date: Wed, 28 Aug 2002 01:16:25 +0000 Subject: [PATCH] Clean up filters --- doc/guide/admin/sasl.sdf | 11 ++++++----- 1 file changed, 6 insertions(+), 5 deletions(-) diff --git a/doc/guide/admin/sasl.sdf b/doc/guide/admin/sasl.sdf index 2e91d069ba..4e33a2580d 100644 --- a/doc/guide/admin/sasl.sdf +++ b/doc/guide/admin/sasl.sdf @@ -483,10 +483,10 @@ statements of the form: > uid=(.*),cn=digest-md5,cn=auth > ldap:///dc=customers,dc=example,dc=com??sub?(&(uid=$1)(objectClass=person)) -Note that the explicitly-named realms are handled first, to avoid the -realm name becoming part of the UID. Note also the limitation of -matches to those entries with objectClass=person to avoid matching -other entries that happen to refer to the UID. +Note that the explicitly-named realms are handled first, to avoid +the realm name becoming part of the UID. Note also the limitation +of matches to those entries with {{EX:(objectClass=person)}} to +avoid matching other entries that happen to refer to the UID. See {{slapd.conf}}(5) for more detailed information. @@ -657,7 +657,7 @@ source rule like would allow that authenticated user to authorize to any DN that matches the regular expression pattern given. This regular expression comparison can be evaluated much faster than an LDAP search for -"uid=*". +{{EX:(uid=*)}}. Also note that the values in an authorization rule must be one of the two forms: an LDAP URL or a DN (with or without regular expression @@ -665,6 +665,7 @@ characters). Anything that does not begin with "ldap://" is taken as a DN. It is not permissable to enter another authorization identity of the form "u:" as an authorization rule. + H4: Policy Configuration The decision of which type of rules to use, {{EX:saslAuthzFrom}} -- 2.39.5