From bdf02dde71e756494313f10bdf335720277754a0 Mon Sep 17 00:00:00 2001 From: Kurt Zeilenga Date: Wed, 12 Mar 2003 16:25:20 +0000 Subject: [PATCH] clarify "by anonymous auth" semantics --- doc/guide/admin/slapdconfig.sdf | 19 +++++++++++-------- 1 file changed, 11 insertions(+), 8 deletions(-) diff --git a/doc/guide/admin/slapdconfig.sdf b/doc/guide/admin/slapdconfig.sdf index b2b26fbf99..1b38b5fd40 100644 --- a/doc/guide/admin/slapdconfig.sdf +++ b/doc/guide/admin/slapdconfig.sdf @@ -771,11 +771,12 @@ This access directive grants read access to everyone. > by anonymous auth > by * read -This directive allows users to modify their own entries, allows -authenticate, and allows all others to read. Note that only the -first {{EX:by }} clause which matches applies. Hence, the -anonymous users are granted {{EX:auth}}, not {{EX:read}}. The last -clause could just as well have been "{{EX:by users read}}". +This directive allows the user to modify their entry, allows anonymous +to authentication against these entries, and allows all others to +read these entries. Note that only the first {{EX:by }} clause +which matches applies. Hence, the anonymous users are granted +{{EX:auth}}, not {{EX:read}}. The last clause could just as well +have been "{{EX:by users read}}". It is often desirable to restrict operations based upon the level of protection in place. The following shows how security strength @@ -788,10 +789,12 @@ factors (SSF) can be used. This directive allows users to modify their own entries if security protections have of strength 128 or better have been established, -allows simple authentication and read access when 64 or better -security protections have been established. +allows authentication access to anonymous users, and read access +when 64 or better security protections have been established. If +client has not establish sufficient security protections, the +implicit {{EX:by * none}} clause would be applied. -The following example shows the use of a regular expression +The following example shows the use of a style specifiers to select the entries by DN in two access directives where ordering is significant. -- 2.39.5