[Date Prev][Date Next] [Chronological] [Thread] [Top]

(ITS#8742) slapd.conf/slapd-config divergence



Full_Name: Quanah Gibson-Mount
Version: HEAD
OS: N/A
URL: ftp://ftp.openldap.org/incoming/
Submission from: (NULL) (47.208.148.239)


The slapd.conf(5) and slapd-config(5) man pages have some significant divergence
that need fixing.

Examples:

slapd.conf(5):
Used by the authentication framework to convert simple user names,
such as provided by SASL subsystem, or extracted from certificates
in case of cert-based SASL EXTERNAL, or provided within the RFC 4370
"proxied authorization" control, to an LDAP DN used for
authorization purposes.  Note that the resulting DN need not refer
to an existing entry to be considered valid.  When an authorization
request is received from the SASL subsystem, the SASL

slapd-config(5):
Used by the authentication framework to convert simple user names,
such as provided by SASL subsystem, to an LDAP DN used for
authorization purposes.  Note that the resultant DN need not refer
to an existing entry to be considered valid.  When an authorization
request is received from the SASL subsystem, the SASL



slapd.conf(5):
.B concurrency <integer>
Specify a desired level of concurrency.  Provided to the underlying
thread system as a hint.  The default is not to provide any hint.


slapd-config(5):
.B olcConcurrency: <integer>
Specify a desired level of concurrency.  Provided to the underlying
thread system as a hint.  The default is not to provide any hint. This setting
is only meaningful on some platforms where there is not a one to one
correspondence between user threads and kernel threads.


slapd.conf(5)
.B proxy_authz_non_critical
disables acceptance of the proxied authorization control (RFC4370)
when criticality is FALSE.
.B dontusecopy_non_critical
disables acceptance of the dontUseCopy control (a work in progress)
when criticality is FALSE.

slapd-config(5):
These options are not listed

slapd.conf(5) and slapd-config(5) have
index_substr_if_minlen/index_substr_if_maxlen in opposite order in the man page

slapd.conf(5):
.B ldapsyntax "(\ <oid>\
 [DESC\ <description>]\
 [X\-SUBST <substitute-syntax>]\ )"
.RS
Specify an LDAP syntax using the LDAPv3 syntax defined in RFC 4512.
The slapd parser extends the RFC 4512 definition by allowing string
forms as well as numeric OIDs to be used for the syntax OID.
(See the
.B objectidentifier
description.)
The slapd parser also honors the
.B X\-SUBST
extension (an OpenLDAP-specific extension), which allows one to use the
.B ldapsyntax
statement to define a non-implemented syntax along with another syntax,
the extension value
.IR substitute-syntax ,
as its temporary replacement.
The
.I substitute-syntax
must be defined.
This allows one to define attribute types that make use of non-implemented
syntaxes
using the correct syntax OID.
Unless
.B X\-SUBST
is used, this configuration statement would result in an error,
since no handlers would be associated to the resulting syntax structure.
.RE


slapd-config(5):
Section missing