From fdbcfbe59805891c0651d7b4e1575a537fd5de04 Mon Sep 17 00:00:00 2001 From: Pierangelo Masarati Date: Wed, 7 Dec 2005 17:57:35 +0000 Subject: [PATCH] document idle-timeout; cleanup --- doc/man/man5/slapd-ldap.5 | 17 ++++++++++------- doc/man/man5/slapd-meta.5 | 17 +++++++++++++++++ 2 files changed, 27 insertions(+), 7 deletions(-) diff --git a/doc/man/man5/slapd-ldap.5 b/doc/man/man5/slapd-ldap.5 index b683085b0b..a56e1a0926 100644 --- a/doc/man/man5/slapd-ldap.5 +++ b/doc/man/man5/slapd-ldap.5 @@ -93,21 +93,19 @@ internally used by the proxy to collect info related to access control. The identity defined by this directive, according to the properties associated to the authentication method, is supposed to have read access on the target server to attributes used on the proxy for ACL checking. -The -.B secprops -field is currently ignored. There is no risk of giving away such values; they are only used to check permissions. The default is to use -.BR simple , -with empty binddn and credentials, +.BR simple +bind, with empty \fIbinddn\fP and \fIcredentials\fP, which means that the related operations will be performed anonymously. .B This identity is by no means implicitly used by the proxy .B when the client connects anonymously. -See the +The .B idassert-bind -feature instead. +feature, instead, in some cases can be crafted to implement that behavior, +which is \fIintrinsically unsafe and should be used with extreme care\fP. This directive obsoletes .BR acl-authcDN , and @@ -334,6 +332,11 @@ Note: if the timelimit is exceeded, the operation is abandoned; the protocol does not provide any means to rollback the operation, so the client will not know if the operation eventually succeeded or not. +.TP +.B idle-timeout