From a031f0c638c45f28064b48dd9fe859ef554a9c5b Mon Sep 17 00:00:00 2001 From: Kurt Zeilenga Date: Fri, 9 Jun 2006 17:20:38 +0000 Subject: [PATCH] Update RFC references --- doc/guide/admin/intro.sdf | 13 +++++++------ doc/guide/admin/proxycache.sdf | 2 +- doc/guide/admin/sasl.sdf | 2 +- doc/guide/admin/schema.sdf | 10 +++++----- doc/guide/admin/slapdconf2.sdf | 13 +++++++------ doc/guide/admin/slapdconfig.sdf | 10 +++++----- doc/guide/admin/tls.sdf | 3 ++- doc/guide/preamble.sdf | 24 +++++++++++++----------- doc/man/man1/ldapdelete.1 | 2 +- doc/man/man1/ldapsearch.1 | 4 ++-- doc/man/man3/ldap.3 | 18 +++++++++--------- doc/man/man3/ldap_bind.3 | 4 ++-- doc/man/man3/ldap_get_dn.3 | 8 ++++---- doc/man/man3/ldap_schema.3 | 8 ++++---- doc/man/man3/ldap_search.3 | 4 ++-- doc/man/man3/ldap_url.3 | 4 ++-- doc/man/man5/slapd-dnssrv.5 | 2 +- doc/man/man5/slapd.access.5 | 2 +- doc/man/man5/slapd.conf.5 | 16 ++++++++-------- doc/man/man5/slapo-pcache.5 | 2 +- doc/man/man5/slapo-ppolicy.5 | 10 +++++----- doc/man/man8/slappasswd.8 | 4 ++-- 22 files changed, 85 insertions(+), 80 deletions(-) diff --git a/doc/guide/admin/intro.sdf b/doc/guide/admin/intro.sdf index 26722e1e14..9960d05d5e 100644 --- a/doc/guide/admin/intro.sdf +++ b/doc/guide/admin/intro.sdf @@ -52,10 +52,11 @@ H2: What is LDAP? it is a lightweight protocol for accessing directory services, specifically {{TERM:X.500}}-based directory services. LDAP runs over {{TERM:TCP}}/{{TERM:IP}} or other connection oriented transfer -services. The nitty-gritty details of LDAP are defined in -{{REF:RFC2251}} "The Lightweight Directory Access Protocol (v3)" -and other documents comprising the technical specification -{{REF:RFC3377}}. This section gives an overview of LDAP from a +services. LDAP is an {{ORG:IETF}} Standard Track protocol and is +specified as detailed in "Lightweight Directory Access Protocol +(LDAP) Technical Specification Road Map" {{REF:RFC4510}}. + +This section gives an overview of LDAP from a user's perspective. {{What kind of information can be stored in the directory?}} The @@ -107,8 +108,8 @@ concatenating the names of its ancestor entries. For example, the entry for Barbara Jensen in the Internet naming example above has an RDN of {{EX:uid=babs}} and a DN of {{EX:uid=babs,ou=People,dc=example,dc=com}}. The full DN format -is described in {{REF:RFC2253}}, "Lightweight Directory Access -Protocol (v3): UTF-8 String Representation of Distinguished Names." +is described in {{REF:RFC4514}}, "LDAP: String Representation of +Distinguished Names." {{How is the information accessed?}} LDAP defines operations for interrogating and updating the directory. Operations are provided diff --git a/doc/guide/admin/proxycache.sdf b/doc/guide/admin/proxycache.sdf index d510dd3b75..5fd2b3420f 100644 --- a/doc/guide/admin/proxycache.sdf +++ b/doc/guide/admin/proxycache.sdf @@ -36,7 +36,7 @@ is stored in main memory. A template is a prototype for generating LDAP search requests. Templates are described by a prototype search filter and a list of attributes which are required in queries generated from the template. -The representation for prototype filter is similar to RFC 2254, +The representation for prototype filter is similar to {{REF:RFC4515}}, except that the assertion values are missing. Examples of prototype filters are: (sn=),(&(sn=)(givenname=)) which are instantiated by search filters (sn=Doe) and (&(sn=Doe)(givenname=John)) respectively. diff --git a/doc/guide/admin/sasl.sdf b/doc/guide/admin/sasl.sdf index cdd0cca4b3..c6c5f359bc 100644 --- a/doc/guide/admin/sasl.sdf +++ b/doc/guide/admin/sasl.sdf @@ -5,7 +5,7 @@ H1: Using SASL OpenLDAP clients and servers are capable of authenticating via the {{TERM[expand]SASL}} ({{TERM:SASL}}) framework, which is detailed -in {{REF:RFC2222}}. This chapter describes how to make use of +in {{REF:RFC4422}}. This chapter describes how to make use of SASL in OpenLDAP. There are several industry standard authentication mechanisms that diff --git a/doc/guide/admin/schema.sdf b/doc/guide/admin/schema.sdf index a2d519ac78..93f8712a08 100644 --- a/doc/guide/admin/schema.sdf +++ b/doc/guide/admin/schema.sdf @@ -173,10 +173,10 @@ H3: Attribute Type Specification The {{attributetype}} directive is used to define a new attribute type. The directive uses the same Attribute Type Description -(as defined in {{REF:RFC2252}}) used by the attributeTypes +(as defined in {{REF:RFC4512}}) used by the attributeTypes attribute found in the subschema subentry, e.g.: -E: attributetype <{{REF:RFC2252}} Attribute Type Description> +E: attributetype <{{REF:RFC4512}} Attribute Type Description> where Attribute Type Description is defined by the following {{TERM:BNF}}: @@ -346,10 +346,10 @@ H3: Object Class Specification The {{objectclasses}} directive is used to define a new object class. The directive uses the same Object Class Description -(as defined in {{REF:RFC2252}}) used by the objectClasses +(as defined in {{REF:RFC4512}}) used by the objectClasses attribute found in the subschema subentry, e.g.: -E: objectclass <{{REF:RFC2252}} Object Class Description> +E: objectclass <{{REF:RFC4512}} Object Class Description> where Object Class Description is defined by the following {{TERM:BNF}}: @@ -403,7 +403,7 @@ and {{EX:givenName}} and allows {{EX:myPhoto}}. !if 0 H2: Transferring Schema -Since the {{slapd.conf}}(5) schema directives use {{REF:RFC2252}} +Since the {{slapd.conf}}(5) schema directives use {{REF:RFC4512}} format values, you can extract schema elements published by any LDAPv3 server and easily construct directives for use with {{slapd}}(8). diff --git a/doc/guide/admin/slapdconf2.sdf b/doc/guide/admin/slapdconf2.sdf index b67916bac6..b02f5d28a2 100644 --- a/doc/guide/admin/slapdconf2.sdf +++ b/doc/guide/admin/slapdconf2.sdf @@ -323,14 +323,14 @@ in underneath. Schema entries must have the {{EX:olcSchemaConfig}} objectClass. -H4: olcAttributeTypes: <{{REF:RFC2252}} Attribute Type Description> +H4: olcAttributeTypes: <{{REF:RFC4512}} Attribute Type Description> This directive defines an attribute type. Please see the {{SECT:Schema Specification}} chapter for information regarding how to use this directive. -H4: olcObjectClasses: <{{REF:RFC2252}} Object Class Description> +H4: olcObjectClasses: <{{REF:RFC4512}} Object Class Description> This directive defines an object class. Please see the {{SECT:Schema Specification}} chapter for @@ -561,8 +561,9 @@ the rootdn (when the rootdn is set to a DN within the database). > olcRootPW: secret -It is also permissible to provide a hash of the password in RFC 2307 -form. {{slappasswd}}(8) may be used to generate the password hash. +It is also permissible to provide a hash of the password in +{{REF:RFC2307}} form. {{slappasswd}}(8) may be used to generate +the password hash. \Example: @@ -1063,7 +1064,7 @@ the target entry's {{normalized DN}}. (The second form is not discussed further in this document.) The third form is used to select entries which are within the requested scope of DN. The is a string representation of the Distinguished Name, as -described in {{REF:RFC2253}}. +described in {{REF:RFC4514}}. The scope can be either {{EX:base}}, {{EX:one}}, {{EX:subtree}}, or {{EX:children}}. Where {{EX:base}} matches only the entry with @@ -1093,7 +1094,7 @@ Entries may also be selected using a filter: > to filter= where is a string representation of an LDAP -search filter, as described in {{REF:RFC2254}}. For example: +search filter, as described in {{REF:RFC4515}}. For example: > to filter=(objectClass=person) diff --git a/doc/guide/admin/slapdconfig.sdf b/doc/guide/admin/slapdconfig.sdf index 091473e464..5302618f4c 100644 --- a/doc/guide/admin/slapdconfig.sdf +++ b/doc/guide/admin/slapdconfig.sdf @@ -105,7 +105,7 @@ access control policy, {{EX:access to * by * read}}, allows all both authenticated and anonymous users read access. -H4: attributetype <{{REF:RFC2252}} Attribute Type Description> +H4: attributetype <{{REF:RFC4512}} Attribute Type Description> This directive defines an attribute type. Please see the {{SECT:Schema Specification}} chapter @@ -172,7 +172,7 @@ logged. E: loglevel 256 -H4: objectclass <{{REF:RFC2252}} Object Class Description> +H4: objectclass <{{REF:RFC4512}} Object Class Description> This directive defines an object class. Please see the {{SECT:Schema Specification}} chapter for @@ -378,7 +378,7 @@ the rootdn (when the rootdn is set to a DN within the database). > rootpw secret -It is also permissible to provide hash of the password in RFC 2307 +It is also permissible to provide hash of the password in {{REF:RFC2307}} form. {{slappasswd}}(8) may be used to generate the password hash. \Example: @@ -643,7 +643,7 @@ the target entry's {{normalized DN}}. (The second form is not discussed further in this document.) The third form is used to select entries which are within the requested scope of DN. The is a string representation of the Distinguished Name, as -described in {{REF:RFC2253}}. +described in {{REF:RFC4514}}. The scope can be either {{EX:base}}, {{EX:one}}, {{EX:subtree}}, or {{EX:children}}. Where {{EX:base}} matches only the entry with @@ -673,7 +673,7 @@ Entries may also be selected using a filter: > to filter= where is a string representation of an LDAP -search filter, as described in {{REF:RFC2254}}. For example: +search filter, as described in {{REF:RFC4515}}. For example: > to filter=(objectClass=person) diff --git a/doc/guide/admin/tls.sdf b/doc/guide/admin/tls.sdf index ee42e34cf5..c0dd8f8dab 100644 --- a/doc/guide/admin/tls.sdf +++ b/doc/guide/admin/tls.sdf @@ -7,6 +7,7 @@ OpenLDAP clients and servers are capable of using the {{TERM[expand]TLS}} ({{TERM:TLS}}) framework to provide integrity and confidentiality protections and to support LDAP authentication using the {{TERM:SASL}} EXTERNAL mechanism. +TLS is defined in {{REF:RFC4346}}. H2: TLS Certificates @@ -23,7 +24,7 @@ The DN of a server certificate must use the CN attribute to name the server, and the {{EX:CN}} must carry the server's fully qualified domain name. Additional alias names and wildcards may be present in the {{EX:subjectAltName}} certificate extension. -More details on server certificate names are in {{REF:RFC2830}}. +More details on server certificate names are in {{REF:RFC4513}}. H3: Client Certificates diff --git a/doc/guide/preamble.sdf b/doc/guide/preamble.sdf index cb33677466..a623896e50 100644 --- a/doc/guide/preamble.sdf +++ b/doc/guide/preamble.sdf @@ -207,24 +207,26 @@ X.509|X.509 Public Key and Attribute Certificate Frameworks !block references; data Reference|Status|Document|Jump RFC2079|PS|Definition of an X.500 Attribute Type and an Object Class to Hold Uniform Resource Identifers|http://www.rfc-editor.org/rfc/rfc2079.txt -RFC2222|PS|Simple Authentication and Security Layer|http://www.rfc-editor.org/rfc/rfc2222.txt -RFC2251|PS|Lightweight Directory Access Protocol (v3)|http://www.rfc-editor.org/rfc/rfc2251.txt -RFC2252|PS|LDAPv3: Attribute Syntax Definitions|http://www.rfc-editor.org/rfc/rfc2252.txt -RFC2253|PS|LDAPv3: UTF-8 String Representation of Distinguished Names|http://www.rfc-editor.org/rfc/rfc2253.txt -RFC2254|PS|The String Representation of LDAP Search Filters|http://www.rfc-editor.org/rfc/rfc2254.txt -RFC2255|PS|The LDAP URL Format|http://www.rfc-editor.org/rfc/rfc2255.txt -RFC2256|PS|A Summary of the X.500(96) User Schema for use with LDAPv3|http://www.rfc-editor.org/rfc/rfc2256.txt RFC2296|PS|Use of Language Codes in LDAP|http://www.rfc-editor.org/rfc/rfc2296.txt +RFC2307|X|An Approach for Using LDAP as a Network Information Service|http://www.rfc-editor.org/rfc/rfc2307.txt RFC2798|INFO|Definition of the inetOrgPerson LDAP Object Class|http://www.rfc-editor.org/rfc/rfc2798.txt -RFC2829|PS|Authentication Methods for LDAP|http://www.rfc-editor.org/rfc/rfc2829.txt -RFC2830|PS|LDAPv3: Extension for Transport Layer Security|http://www.rfc-editor.org/rfc/rfc2830.txt RFC2831|PS|Using Digest Authentication as a SASL Mechanism|http://www.rfc-editor.org/rfc/rfc2831.txt RFC2849|PS|The LDAP Data Interchange Format|http://www.rfc-editor.org/rfc/rfc2849.txt RFC3088|X|OpenLDAP Root Service|http://www.rfc-editor.org/rfc/rfc3088.txt RFC3296|PS|Named Subordinate References in LDAP|http://www.rfc-editor.org/rfc/rfc3296.txt -RFC3377|PS|Lightweight Directory Access Protocol (v3): Technical Specification|http://www.rfc-editor.org/rfc/rfc3377.txt -RFC3383|BCP|Internet Assigned Numbers Authority (IANA) Considerations for the Lightweight Directory Access Protocol (LDAP)|http://www.rfc-editor.org/rfc/rfc3383.txt RFC3384|INFO|Lightweight Directory Access Protocol (version 3) Replication Requirements|http://www.rfc-editor.org/rfc/rfc3384.txt RFC3494|INFO|Lightweight Directory Access Protocol version 2 (LDAPv2) to Historic Status|http://www.rfc-editor.org/rfc/rfc3494.txt RFC4013|PS|SASLprep: Stringprep Profile for User Names and Passwords +RFC4346|PS|The Transport Layer Security (TLS) Protocol, Version 1.1|http://www.rfc-editor.org/rfc/rfc4346.txt +RFC4422|PS|Simple Authentication and Security Layer (SASL)|http://www.rfc-editor.org/rfc/rfc4422.txt +RFC4510|PS|Lightweight Directory Access Protocol (LDAP) Technical Specification Roadmap|http://www.rfc-editor.org/rfc/rfc4510.txt +RFC4511|PS|Lightweight Directory Access Protocol (LDAP): The Protocol|http://www.rfc-editor.org/rfc/rfc4512.txt +RFC4512|PS|Lightweight Directory Access Protocol (LDAP): Directory Information Models|http://www.rfc-editor.org/rfc/rfc4512.txt +RFC4513|PS|Lightweight Directory Access Protocol (LDAP): Authentication Methods and Security Mechanisms|http://www.rfc-editor.org/rfc/rfc4513.txt +RFC4514|PS|Lightweight Directory Access Protocol (LDAP): String Representation of Distinguished Names|http://www.rfc-editor.org/rfc/rfc4514.txt +RFC4515|PS|Lightweight Directory Access Protocol (LDAP): String Representation of Search Filters|http://www.rfc-editor.org/rfc/rfc4515.txt +RFC4516|PS|Lightweight Directory Access Protocol (LDAP): Uniform Resource Locator|http://www.rfc-editor.org/rfc/rfc4516.txt +RFC4517|PS|Lightweight Directory Access Protocol (LDAP): Syntaxes and Matching Rules|http://www.rfc-editor.org/rfc/rfc4517.txt +RFC4518|PS|Lightweight Directory Access Protocol (LDAP): Internationalized String Preparation|http://www.rfc-editor.org/rfc/rfc4518.txt +RFC4519|PS|Lightweight Directory Access Protocol (LDAP): Schema for User Applications|http://www.rfc-editor.org/rfc/rfc4519.txt !endblock diff --git a/doc/man/man1/ldapdelete.1 b/doc/man/man1/ldapdelete.1 index 5a8d7c4649..cd6575a9d5 100644 --- a/doc/man/man1/ldapdelete.1 +++ b/doc/man/man1/ldapdelete.1 @@ -66,7 +66,7 @@ library call. opens a connection to an LDAP server, binds, and deletes one or more entries. If one or more \fIDN\fP arguments are provided, entries with those Distinguished Names are deleted. Each \fIDN\fP should be provided -using the LDAPv3 string representation as defined in RFC 2253. +using the LDAPv3 string representation as defined in RFC 4514. If no \fIdn\fP arguments are provided, a list of DNs is read from standard input (or from \fIfile\fP if the -f flag is used). diff --git a/doc/man/man1/ldapsearch.1 b/doc/man/man1/ldapsearch.1 index 401535617c..da7df18ecb 100644 --- a/doc/man/man1/ldapsearch.1 +++ b/doc/man/man1/ldapsearch.1 @@ -90,7 +90,7 @@ library call. .B ldapsearch opens a connection to an LDAP server, binds, and performs a search using specified parameters. The \fIfilter\fP should conform to -the string representation for search filters as defined in RFC 2254. +the string representation for search filters as defined in RFC 4515. If not provided, the default filter, (objectClass=*), is used. .LP If @@ -239,7 +239,7 @@ Specify general extensions with -e and search extensions with -E. General extensions: .nf - [!]assert= (an RFC 2254 Filter) + [!]assert= (an RFC 4515 Filter) [!]authzid= ("dn:" or "u:") [!]manageDSAit [!]noop diff --git a/doc/man/man3/ldap.3 b/doc/man/man3/ldap.3 index b06a4b88bb..57a6f8be4e 100644 --- a/doc/man/man3/ldap.3 +++ b/doc/man/man3/ldap.3 @@ -14,12 +14,12 @@ OpenLDAP LDAP (libldap, -lldap) .fi .SH DESCRIPTION .LP -The Lightweight Directory Access Protocol (LDAP) (RFC 3377) provides +The Lightweight Directory Access Protocol (LDAP) (RFC 4510) provides access to X.500 directory services. These services may be stand\-alone or part of a distributed directory service. This client API supports -LDAP over TCP (RFC2251), LDAP over TLS/SSL, and LDAP over IPC (UNIX -domain sockets). This API supports SASL (RFC2829) and Start TLS -(RFC2830) as well as a number of protocol extensions. This API is +LDAP over TCP (RFC 4511), LDAP over TLS/SSL, and LDAP over IPC (UNIX +domain sockets). This API supports SASL (RFC 4513) and Start TLS +(RFC 4513) as well as a number of protocol extensions. This API is loosely based upon IETF/LDAPEXT C LDAP API draft specification, a (orphaned) work in progress. .LP @@ -65,9 +65,9 @@ Errors can be interpreted by calling .BR ldap_err2string (3). .SH LDAP versions This library supports version 3 of the Lightweight Directory Access -Protocol (LDAPv3) as defined in RFC 3377. It also supports a variant +Protocol (LDAPv3) as defined in RFC 4510. It also supports a variant of version 2 of LDAP as defined by U-Mich LDAP and, to some degree, -RFC 1777. Version 2 (all variants) should be viewed as obsolete. +RFC 1777. Version 2 (all variants) are considered obsolete. Version 3 should be used instead. .LP For backwards compatibility reasons, the library defaults to version 2. @@ -81,15 +81,15 @@ All character string input/output is expected to be/is UTF\-8 encoded Unicode (version 3.2). .LP Distinguished names (DN) (and relative distinguished names (RDN) to -be passed to the LDAP routines should conform to RFC 2253 UTF\-8 +be passed to the LDAP routines should conform to RFC 4514 UTF\-8 string representation. .LP Search filters to be passed to the search routines are to be -constructed by hand and should conform to RFC 2254 UTF\-8 +constructed by hand and should conform to RFC 4515 UTF\-8 string representation. .LP LDAP URL are to be passed to routines are expected to conform -to RFC 2255 syntax. The +to RFC 4516 format. The .BR ldap_url (3) routines can be used to work with LDAP URLs. .SH DISPLAYING RESULTS diff --git a/doc/man/man3/ldap_bind.3 b/doc/man/man3/ldap_bind.3 index 34b6a23846..81bfc88e23 100644 --- a/doc/man/man3/ldap_bind.3 +++ b/doc/man/man3/ldap_bind.3 @@ -226,8 +226,8 @@ The bind method must be synchronous. .BR ldap_open (3), .BR ldap_set_option (3), .BR ldap_url_parse (3) -.B RFC 2222 -(http://www.ietf.org), +.B RFC 4422 +(http://www.rfc-editor.org), .B Cyrus SASL (http://asg.web.cmu.edu/sasl/) .SH ACKNOWLEDGEMENTS diff --git a/doc/man/man3/ldap_get_dn.3 b/doc/man/man3/ldap_get_dn.3 index bb176b5fe1..12f7ae6dce 100644 --- a/doc/man/man3/ldap_get_dn.3 +++ b/doc/man/man3/ldap_get_dn.3 @@ -41,8 +41,8 @@ char *ldap_dn2ad_canonical( const char * dn ) These routines allow LDAP entry names (Distinguished Names, or DNs) to be obtained, parsed, converted to a user-friendly form, and tested. A DN has the form described in -RFC 2253 "Lightweight Directory Access Protocol (v3): -UTF-8 String Representation of Distinguished Names". +RFC 4414 "Lightweight Directory Access Protocol (LDAP): +String Representation of Distinguished Names". .LP The .B ldap_get_dn() @@ -91,7 +91,7 @@ can be either or .B LDAP_AVA_BINARY, the latter meaning that the value is BER/DER encoded and thus must -be represented as, quoting from RFC 2253, " ... an +be represented as, quoting from RFC 4514, " ... an octothorpe character ('#' ASCII 35) followed by the hexadecimal representation of each of the bytes of the BER encoding of the X.500 AttributeValue." @@ -107,7 +107,7 @@ can be LDAP_DN_FORMAT_DCE .fi -which defines what DN syntax is expected (according to RFC 2253, +which defines what DN syntax is expected (according to RFC 4514, RFC 1779 and DCE, respectively). The format can be \fIOR\fPed to the flags .LP diff --git a/doc/man/man3/ldap_schema.3 b/doc/man/man3/ldap_schema.3 index 13518a7aa6..d6e5ab49f3 100644 --- a/doc/man/man3/ldap_schema.3 +++ b/doc/man/man3/ldap_schema.3 @@ -117,13 +117,13 @@ char * ldap_scherr2str(code) int code; .SH DESCRIPTION These routines are used to parse schema definitions in the syntax -defined in RFC 2252 into structs and handle these structs. These +defined in RFC 4512 into structs and handle these structs. These routines handle four kinds of definitions: syntaxes, matching rules, attribute types and object classes. For each definition kind, four routines are provided. .LP .B ldap_str2xxx() -takes a definition in RFC 2252 format in argument +takes a definition in RFC 4512 format in argument .IR s as a NUL-terminated string and returns, if possible, a pointer to a newly allocated struct of the appropriate kind. The caller is @@ -145,7 +145,7 @@ is a bit mask of parsing options controlling the relaxation of the syntax recognized. The following values are defined: .TP .B LDAP_SCHEMA_ALLOW_NONE -strict parsing according to RFC 2252. +strict parsing according to RFC 4512. .TP .B LDAP_SCHEMA_ALLOW_NO_OID permit definitions that do not contain an initial OID. @@ -278,7 +278,7 @@ return a canonical name for the definition. .LP Routines .B ldap_xxx2str() -return a string representation in the format described by RFC 2252 of +return a string representation in the format described by RFC 4512 of the struct passed in the argument. The string is a newly allocated string that must be freed by the caller. These routines may return NULL if no memory can be allocated for the string. diff --git a/doc/man/man3/ldap_search.3 b/doc/man/man3/ldap_search.3 index 0f398ea66b..2477583e90 100644 --- a/doc/man/man3/ldap_search.3 +++ b/doc/man/man3/ldap_search.3 @@ -107,7 +107,7 @@ BNF: .LP The '~=' construct is used to specify approximate matching. The representation for and are as -described in RFC 2254. In addition, can be a single * +described in RFC 4515. In addition, can be a single * to achieve an attribute existence test, or can contain text and *'s interspersed to achieve substring matching. .LP @@ -115,7 +115,7 @@ For example, the filter "(mail=*)" will find any entries that have a mail attribute. The filter "(mail=*@terminator.rs.itd.umich.edu)" will find any entries that have a mail attribute ending in the specified string. To put parentheses in a filter, escape them with a backslash '\\' -character. See RFC 2254 for a more complete description of allowable +character. See RFC 4515 for a more complete description of allowable filters. .LP \fIAttrs\fP is a null-terminated array of attribute types to return diff --git a/doc/man/man3/ldap_url.3 b/doc/man/man3/ldap_url.3 index 89dfcd4e50..74973dc16e 100644 --- a/doc/man/man3/ldap_url.3 +++ b/doc/man/man3/ldap_url.3 @@ -37,7 +37,7 @@ typedef struct ldap_url_desc { ldap_free_urldesc( LDAPURLDesc *ludp ) .SH DESCRIPTION These routines support the use of LDAP URLs (Uniform Resource Locators) -as detailed in RFC 2255. LDAP URLs look like this: +as detailed in RFC 4516. LDAP URLs look like this: .nf \fBldap://\fP\fIhostport\fP\fB/\fP\fIdn\fP[\fB?\fP\fIattrs\fP[\fB?\fP\fIscope\fP[\fB?\fP\fIfilter\fP[\fB?\fP\fIexts\fP]]]] @@ -80,7 +80,7 @@ a call to .SH SEE ALSO .BR ldap (3) .LP -.B The LDAP URL Format, RFC 2255, +.B LDAP: Uniform Resource Locator, RFC 4516, Tim Howes and Mark Smith, December 1997. .SH ACKNOWLEDGEMENTS .B OpenLDAP diff --git a/doc/man/man5/slapd-dnssrv.5 b/doc/man/man5/slapd-dnssrv.5 index 67f9ba1007..b3989e3af6 100644 --- a/doc/man/man5/slapd-dnssrv.5 +++ b/doc/man/man5/slapd-dnssrv.5 @@ -26,7 +26,7 @@ In fact, this backend only implements the .B search operation when the .B manageDSAit -control (RFC3296) is used, otherwise for every operation a referral, +control (RFC 3296) is used, otherwise for every operation a referral, whenever appropriate, or an error is returned. Currently, there is no means to condition the returning of the referral by means of ACLs; no access control is implemented, except for diff --git a/doc/man/man5/slapd.access.5 b/doc/man/man5/slapd.access.5 index 091cd9a8f1..bf3f7f22eb 100644 --- a/doc/man/man5/slapd.access.5 +++ b/doc/man/man5/slapd.access.5 @@ -194,7 +194,7 @@ The regex form of the pattern does not (yet) support UTF\-8. .LP The statement .B filter= -selects the entries based on a valid LDAP filter as described in RFC 2254. +selects the entries based on a valid LDAP filter as described in RFC 4515. A filter of .B (objectClass=*) is implied if no diff --git a/doc/man/man5/slapd.conf.5 b/doc/man/man5/slapd.conf.5 index c0b0058dc6..e513d4af2c 100644 --- a/doc/man/man5/slapd.conf.5 +++ b/doc/man/man5/slapd.conf.5 @@ -133,8 +133,8 @@ a trailing `-') matches all options starting with that name, as well as the option with the range name sans the trailing `-'. That is, `x-foo-bar-' matches `x-foo-bar' and `x-foo-bar-baz'. -RFC 2251 reserves options beginning with `x-' for private experiments. -Other options should be registered with IANA, see RFC 3383 section 3.4. +RFC 4520 reserves options beginning with `x-' for private experiments. +Other options should be registered with IANA, see RFC 4520 section 3.5. OpenLDAP also has the `binary' option built in, but this is a transfer option, not a tagging option. .HP @@ -153,8 +153,8 @@ option, not a tagging option. [NO\-USER\-MODIFICATION]\ [USAGE\ ]\ )" .RS -Specify an attribute type using the LDAPv3 syntax defined in RFC 2252. -The slapd parser extends the RFC 2252 definition by allowing string +Specify an attribute type using the LDAPv3 syntax defined in RFC 4512. +The slapd parser extends the RFC 4512 definition by allowing string forms as well as numeric OIDs to be used for the attribute OID and attribute syntax OID. (See the @@ -432,8 +432,8 @@ disallows the StartTLS operation if authenticated (see also [MAY\ ]\ [NOT\ ]\ )" .RS -Specify an DIT Content Rule using the LDAPv3 syntax defined in RFC 2252. -The slapd parser extends the RFC 2252 definition by allowing string +Specify an DIT Content Rule using the LDAPv3 syntax defined in RFC 4512. +The slapd parser extends the RFC 4512 definition by allowing string forms as well as numeric OIDs to be used for the attribute OID and attribute syntax OID. (See the @@ -637,8 +637,8 @@ the path is colon-separated but this depends on the operating system. [{ ABSTRACT | STRUCTURAL | AUXILIARY }]\ [MUST\ ] [MAY\ ] )" .RS -Specify an objectclass using the LDAPv3 syntax defined in RFC 2252. -The slapd parser extends the RFC 2252 definition by allowing string +Specify an objectclass using the LDAPv3 syntax defined in RFC 4512. +The slapd parser extends the RFC 4512 definition by allowing string forms as well as numeric OIDs to be used for the object class OID. (See the .B diff --git a/doc/man/man5/slapo-pcache.5 b/doc/man/man5/slapo-pcache.5 index 66891d3de2..89ef6424d0 100644 --- a/doc/man/man5/slapo-pcache.5 +++ b/doc/man/man5/slapo-pcache.5 @@ -24,7 +24,7 @@ are saved in the cache for use in future queries. A template is defined by a filter string and an index identifying a set of attributes. The \fBtemplate string\fP for a query can be obtained by -removing assertion values from the RFC 2254 representation of its search +removing assertion values from the RFC 4515 representation of its search filter. A query belongs to a template if its template string and set of projected attributes correspond to a cacheable template. Examples of template strings are \fB(mail=)\fP, \fB(|(sn=)(cn=))\fP, diff --git a/doc/man/man5/slapo-ppolicy.5 b/doc/man/man5/slapo-ppolicy.5 index 060446794f..4f59db302f 100644 --- a/doc/man/man5/slapo-ppolicy.5 +++ b/doc/man/man5/slapo-ppolicy.5 @@ -623,7 +623,7 @@ time "#" syntaxOID "#" length "#" data time= .RS 4 -generalizedTimeString as specified in section 6.14 of [RFC2252] +GeneralizedTime as specified in section 3.3.13 of [RFC4517] .RE .P @@ -631,13 +631,13 @@ syntaxOID = numericoid .RS 4 This is the string representation of the dotted-decimal OID that defines the syntax used to store the password. numericoid is -described in section 4.1 of [RFC2252]. +described in section 1.4 of [RFC4512]. .RE -length = numericstring +length = NumericString .RS 4 -The number of octets in the data. numericstring is described in -section 4.1 of [RFC2252]. +The number of octets in the data. NumericString is described in +section 3.3.23 of [RFC4517]. .RE data = diff --git a/doc/man/man8/slappasswd.8 b/doc/man/man8/slappasswd.8 index 9750da398a..ae1fe61f72 100644 --- a/doc/man/man8/slappasswd.8 +++ b/doc/man/man8/slappasswd.8 @@ -138,7 +138,7 @@ Omit the trailing newline; useful to pipe the credentials into a command. .SH LIMITATIONS The practice storing hashed passwords in userPassword violates -Standard Track (RFC 2256) schema specifications and may hinder +Standard Track (RFC 4519) schema specifications and may hinder interoperability. A new attribute type, authPassword, to hold hashed passwords has been defined (RFC 3112), but is not yet implemented in @@ -160,7 +160,7 @@ were clear text passwords. .BR slapd (8) .BR slapd.conf (5) .B RFC 2307 -.B RFC 2256 +.B RFC 4519 .B RFC 3112 .LP "OpenLDAP Administrator's Guide" (http://www.OpenLDAP.org/doc/admin/) -- 2.39.5