From 64fcd8b04341b78692f3997e8351689525c139dc Mon Sep 17 00:00:00 2001 From: Kurt Zeilenga Date: Mon, 9 Sep 2002 00:47:01 +0000 Subject: [PATCH] Add note about "children" to access controls section. Clarify cut-n-past in quickstart. --- doc/guide/admin/quickstart.sdf | 9 +++++---- doc/guide/admin/slapdconfig.sdf | 14 +++++++++----- 2 files changed, 14 insertions(+), 9 deletions(-) diff --git a/doc/guide/admin/quickstart.sdf b/doc/guide/admin/quickstart.sdf index 0960a5fffe..c82b3fea80 100644 --- a/doc/guide/admin/quickstart.sdf +++ b/doc/guide/admin/quickstart.sdf @@ -218,10 +218,11 @@ in the {{slapd}}(8) manual page and the ..{{EX:objectclass: organizationalRole}} ..{{EX:cn: Manager}} -. Be sure to replace {{EX:}} and {{EX:}} with the appropriate domain -components of your domain name. {{EX:}} should be replaced -with the name of your organization. If you cut and paste, be sure -to trim any leading and trailing whitespace from the example. +. Be sure to replace {{EX:}} and {{EX:}} with the +appropriate domain components of your domain name. {{EX:}} should be replaced with the name of your organization. +When you cut and paste, be sure to trim any leading and trailing +whitespace from the example. ..{{EX:dn: dc=example,dc=com}} ..{{EX:objectclass: dcObject}} diff --git a/doc/guide/admin/slapdconfig.sdf b/doc/guide/admin/slapdconfig.sdf index 3e8c0850d2..66ce3cf42d 100644 --- a/doc/guide/admin/slapdconfig.sdf +++ b/doc/guide/admin/slapdconfig.sdf @@ -627,11 +627,15 @@ selector: > attrs= -Access to the entry itself must be granted or denied using the -special attribute name "{{EX:entry}}". Note that giving access to an -attribute is not enough; access to the entry itself through the -{{EX:entry}} attribute is also required. The complete examples at -the end of this section should help clear things up. +There are two special {{psuedo}} attributes {{EX:entry}} and +{{EX:children}}. To read (and hence return) an target entry, the +subject must have {{EX:read}} access to the target's {{entry}} +attribute. To add or delete an entry, the subject must have +{{EX:write}} access to the entry's parent's {{EX:children}} attribute. +To rename an entry, the subject must have {{EX:write}} access to +both the old parent's and new parent's {{EX:children}} attributes. +The complete examples at the end of this section should help clear +things up. Lastly, there is a special entry selector {{EX:"*"}} that is used to select any entry. It is used when no other {{EX:}} -- 2.39.5