From db77cbdc3530b14ae4f4bac83d13716c37bb1501 Mon Sep 17 00:00:00 2001 From: Kurt Zeilenga Date: Fri, 14 Jun 2002 21:47:09 +0000 Subject: [PATCH] Misc formatting changes --- doc/guide/admin/intro.sdf | 6 +++--- doc/guide/admin/sasl.sdf | 18 +++++++++--------- doc/guide/admin/tls.sdf | 4 ++-- 3 files changed, 14 insertions(+), 14 deletions(-) diff --git a/doc/guide/admin/intro.sdf b/doc/guide/admin/intro.sdf index 74a02f0d92..bbc7f10200 100644 --- a/doc/guide/admin/intro.sdf +++ b/doc/guide/admin/intro.sdf @@ -43,8 +43,8 @@ contain is spread across many machines, all of which cooperate to provide the directory service. Typically a global service defines a uniform {{namespace}} which gives the same view of the data no matter where you are in relation to the data itself. The Internet -{{TERM[expand]DNS}} is an example of a globally distributed directory -service. +{{TERM[expand]DNS}} (DNS) is an example of a globally distributed +directory service. H2: What is LDAP? @@ -86,7 +86,7 @@ FT[align="Center"] Figure 1.1: LDAP directory tree (traditional naming) The tree may also be arranged based upon Internet domain names. This naming approach is becoming increasing popular as it allows -for directory services to be locating using the {{TERM[expand]DNS}}. +for directory services to be locating using the {{DNS}}. Figure 1.2 shows an example LDAP directory tree using domain-based naming. diff --git a/doc/guide/admin/sasl.sdf b/doc/guide/admin/sasl.sdf index 844ebeff58..dc33ea601d 100644 --- a/doc/guide/admin/sasl.sdf +++ b/doc/guide/admin/sasl.sdf @@ -494,11 +494,11 @@ telling what authorizations to deny. The value(s) in the two attributes are of the same form as the output of the replacement pattern of a {{EX:saslRegexp}} directive: -either a DN or an LDAP URL. For example, if a saslAuthzTo value is -a DN, that DN is one the authenticated user can authorize to. On -the other hand, if the {{EX:saslAuthzTo}} value is an LDAP URL, -the URL is used as an internal search of the LDAP database, and -the authenticated user can become ANY DN returned by the search. +either a DN or an LDAP URL. For example, if a {{EX:saslAuthzTo}} +value is a DN, that DN is one the authenticated user can authorize +to. On the other hand, if the {{EX:saslAuthzTo}} value is an LDAP +URL, the URL is used as an internal search of the LDAP database, +and the authenticated user can become ANY DN returned by the search. If an LDAP entry looked like: > dn: cn=WebUpdate,dc=example,dc=com @@ -537,8 +537,8 @@ identity of the form "u:" as an authorization rule. H4: Policy Configuration -The decision of which type of rules to use, saslAuthzFrom or -saslAuthzTo, will depend on the site's situation. For example, if +The decision of which type of rules to use, {{EX:saslAuthzFrom}} or +{{EX:saslAuthzTo}}, will depend on the site's situation. For example, if the set of people who may become a given identity can easily be written as a search filter, then a single destination rule could be written. If the set of people is not easily defined by a search @@ -554,8 +554,8 @@ for destination rules, or {{EX:both}} for both source and destination rules. Destination rules are extremely powerful. If ordinary users have -access to write the saslAuthzTo attribute in their own entries, then +access to write the {{EX:saslAuthzTo}} attribute in their own entries, then they can write rules that would allow them to authorize as anyone else. -As such, when using destination rules, the saslAuthzTo attribute +As such, when using destination rules, the {{EX:saslAuthzTo}} attribute should be protected with an ACL that only allows privileged users to set its values. diff --git a/doc/guide/admin/tls.sdf b/doc/guide/admin/tls.sdf index 067eebc9be..924b252879 100644 --- a/doc/guide/admin/tls.sdf +++ b/doc/guide/admin/tls.sdf @@ -18,9 +18,9 @@ see the {{PRD:OpenSSL}} documentation. H2: Server Certificates The DN of a server certificate must use the CN attribute -to name the server, and the CN must carry the server's +to name the server, and the {{EX:CN}} must carry the server's fully qualified domain name. Additional alias names and wildcards -may be present in the subjectAltName certificate extension. +may be present in the {{EX:subjectAltName}} certificate extension. More details on server certificate names are in {{REF:RFC2830}}. H2: Client Certificates -- 2.39.5