From 797efdf7304ecc3ef22affd23fb787827395254a Mon Sep 17 00:00:00 2001 From: Pierangelo Masarati Date: Fri, 8 Apr 2005 22:52:23 +0000 Subject: [PATCH] further fulfilment of ITS#3639 --- doc/man/man5/slapd-ldap.5 | 72 +++++++++------------------------------ doc/man/man5/slapd-meta.5 | 16 +++++++++ 2 files changed, 32 insertions(+), 56 deletions(-) diff --git a/doc/man/man5/slapd-ldap.5 b/doc/man/man5/slapd-ldap.5 index 9c5c5b0b1e..cd7c81314c 100644 --- a/doc/man/man5/slapd-ldap.5 +++ b/doc/man/man5/slapd-ldap.5 @@ -267,33 +267,6 @@ connection did. if start TLS failed. .RE - - - -.TP -.\".B suffixmassage -.\"DNs ending with in a request are changed to end with before sending the request to the remote server, and in the results are changed back to before returning -.\"them to the client. -.\"The field must be defined as a valid suffix -.\"for the current database. -.\".TP -.\".B map "{attribute | objectclass} [ | *] { | *}" -.\"Map attribute names and object classes from the foreign server to -.\"different values on the local slapd. -.\"The reason is that some attributes might not be part of the local -.\"slapd's schema, some attribute names might be different but serve the -.\"same purpose, etc. -.\"If local or foreign name is `*', the name is preserved. -.\"If local name is omitted, the foreign name is removed. -.\"Unmapped names are preseved if both local and foreign name are `*', -.\"and removed if local name is omitted and foreign name is `*'. -.\".TP -.\".B rewrite* -.\"The rewrite options are described in the "REWRITING" section of the -.\".BR slapd-meta (5) -.\"manual page. .TP .B suffixmassage, map, rewrite* These directives are no longer supported by back-ldap; their @@ -307,35 +280,22 @@ recognizes them and automatically instantiates the .B rwm overlay if available and not instantiated yet. This behavior may change in the future. -.\".SH EXAMPLES -.\"The following directives map the object class `groupOfNames' to -.\"the object class `groupOfUniqueNames' and the attribute type -.\"`member' to the attribute type `uniqueMember': -.\".LP -.\".RS -.\".nf -.\"map objectclass groupOfNames groupOfUniqueNames -.\"map attribute uniqueMember member -.\".fi -.\".RE -.\".LP -.\"This presents a limited attribute set from the foreign -.\"server: -.\".LP -.\".RS -.\".nf -.\"map attribute cn * -.\"map attribute sn * -.\"map attribute manager * -.\"map attribute description * -.\"map attribute * -.\".fi -.\".RE -.\".LP -.\"These lines map cn, sn, manager, and description to themselves, and -.\"any other attribute gets "removed" from the object before it is sent -.\"to the client (or sent up to the LDAP server). This is obviously a -.\"simplistic example, but you get the point. + +.SH ACCESS CONTROL +The +.B ldap +backend does not honor all ACL semantics as described in +.BR slapd.access (5). +In general, access checking is delegated to the remote server(s). +Only +.B read (=r) +access to the +.B entry +pseudo-attribute and to the other attribute values of the entries +returned by the +.B search +operation is honored, which is performed by the frontend. + .SH PROXY CACHE OVERLAY The proxy cache overlay allows caching of LDAP search requests (queries) in a local database. diff --git a/doc/man/man5/slapd-meta.5 b/doc/man/man5/slapd-meta.5 index 4b796d3760..1916b6905d 100644 --- a/doc/man/man5/slapd-meta.5 +++ b/doc/man/man5/slapd-meta.5 @@ -740,6 +740,22 @@ been written: .fi .LP with the advantage of saving one rewrite pass ...) + +.SH ACCESS CONTROL +The +.B meta +backend does not honor all ACL semantics as described in +.BR slapd.access (5). +In general, access checking is delegated to the remote server(s). +Only +.B read (=r) +access to the +.B entry +pseudo-attribute and to the other attribute values of the entries +returned by the +.B search +operation is honored, which is performed by the frontend. + .SH PROXY CACHE OVERLAY The proxy cache overlay allows caching of LDAP search requests (queries) in a local database. -- 2.39.5