Commit 1702758b authored by Quanah Gibson-Mount's avatar Quanah Gibson-Mount
Browse files

Pull down latest guide updates from HEAD

parent a0273e0f
......@@ -4,6 +4,262 @@
H1: LDAP Result Codes
Port "Appendix A. LDAP Result Codes" from rfc4511 and add a small explanation
in addition to current one for ldap*/slap* tools, with the aim of fending off simple, recurring
questions on the lists.
For the purposes of this guide, we have incorporated the standard LDAP result
codes from {{Appendix A. LDAP Result Codes}} of rfc4511. A copy of which can
be found in {{F:doc/rfc}} of the OpenLDAP source code.
We have expanded the description of each error in relation to the OpenLDAP
toolsets.
H2: Non-Error Result Codes
These result codes (called "non-error" result codes) do not indicate
an error condition:
> success (0),
> compareFalse (5),
> compareTrue (6),
> referral (10), and
> saslBindInProgress (14).
The {{success}}, {{compareTrue}}, and {{compareFalse}} result codes indicate
successful completion (and, hence, are referred to as "successful"
result codes).
The {{referral}} and {{saslBindInProgress}} result codes indicate the client
needs to take additional action to complete the operation.
H2: Result Codes
Existing LDAP result codes are described as follows:
H2: {{success (0)}}
Indicates the successful completion of an operation.
Note: this code is not used with the Compare operation. See {{SECT:compareFalse (5)}}
and {{SECT:compareTrue (6)}}.
H2: {{operationsError (1)}}
Indicates that the operation is not properly sequenced with
relation to other operations (of same or different type).
For example, this code is returned if the client attempts to
StartTLS [RFC4346] while there are other uncompleted operations
or if a TLS layer was already installed.
H2: {{protocolError (2)}}
Indicates the server received data that is not well-formed.
For Bind operation only, this code is also used to indicate
that the server does not support the requested protocol
version.
For Extended operations only, this code is also used to
indicate that the server does not support (by design or
configuration) the Extended operation associated with the
{{requestName}}.
For request operations specifying multiple controls, this may
be used to indicate that the server cannot ignore the order
of the controls as specified, or that the combination of the
specified controls is invalid or unspecified.
H2: {{timeLimitExceeded (3)}}
Indicates that the time limit specified by the client was
exceeded before the operation could be completed.
H2: {{sizeLimitExceeded (4)}}
Indicates that the size limit specified by the client was
exceeded before the operation could be completed.
H2: {{compareFalse (5)}}
Indicates that the Compare operation has successfully
completed and the assertion has evaluated to FALSE or
Undefined.
H2: {{compareTrue (6)}}
Indicates that the Compare operation has successfully
completed and the assertion has evaluated to TRUE.
H2: {{authMethodNotSupported (7)}}
Indicates that the authentication method or mechanism is not
supported.
H2: {{strongerAuthRequired (8)}}
Indicates the server requires strong(er) authentication in
order to complete the operation.
When used with the Notice of Disconnection operation, this
code indicates that the server has detected that an
established security association between the client and
server has unexpectedly failed or been compromised.
H2: {{referral (10)}}
Indicates that a referral needs to be chased to complete the
operation (see Section 4.1.10).
H2: {{adminLimitExceeded (11)}}
Indicates that an administrative limit has been exceeded.
H2: {{unavailableCriticalExtension (12)}}
Indicates a critical control is unrecognized (see Section
4.1.11).
H2: {{confidentialityRequired (13)}}
Indicates that data confidentiality protections are required.
H2: {{saslBindInProgress (14)}}
Indicates the server requires the client to send a new bind
request, with the same SASL mechanism, to continue the
authentication process (see Section 4.2).
H2: {{noSuchAttribute (16)}}
Indicates that the named entry does not contain the specified
attribute or attribute value.
H2: {{undefinedAttributeType (17)}}
Indicates that a request field contains an unrecognized
attribute description.
H2: {{inappropriateMatching (18)}}
Indicates that an attempt was made (e.g., in an assertion) to
use a matching rule not defined for the attribute type
concerned.
H2: {{constraintViolation (19)}}
Indicates that the client supplied an attribute value that
does not conform to the constraints placed upon it by the
data model.
For example, this code is returned when multiple values are
supplied to an attribute that has a SINGLE-VALUE constraint.
H2: {{attributeOrValueExists (20)}}
Indicates that the client supplied an attribute or value to
be added to an entry, but the attribute or value already
exists.
H2: {{invalidAttributeSyntax (21)}}
Indicates that a purported attribute value does not conform
to the syntax of the attribute.
H2: {{noSuchObject (32)}}
Indicates that the object does not exist in the DIT.
H2: {{aliasProblem (33)}}
Indicates that an alias problem has occurred. For example,
the code may used to indicate an alias has been dereferenced
that names no object.
H2: {{invalidDNSyntax (34)}}
Indicates that an LDAPDN or RelativeLDAPDN field (e.g., search
base, target entry, ModifyDN newrdn, etc.) of a request does
not conform to the required syntax or contains attribute
values that do not conform to the syntax of the attribute's
type.
H2: {{aliasDereferencingProblem (36)}}
Indicates that a problem occurred while dereferencing an
alias. Typically, an alias was encountered in a situation
where it was not allowed or where access was denied.
H2: {{inappropriateAuthentication (48)}}
Indicates the server requires the client that had attempted
to bind anonymously or without supplying credentials to
provide some form of credentials.
H2: {{invalidCredentials (49)}}
Indicates that the provided credentials (e.g., the user's name
and password) are invalid.
H2: {{insufficientAccessRights (50)}}
Indicates that the client does not have sufficient access
rights to perform the operation.
H2: {{busy (51)}}
Indicates that the server is too busy to service the
operation.
H2: {{unavailable (52)}}
Indicates that the server is shutting down or a subsystem
necessary to complete the operation is offline.
H2: {{unwillingToPerform (53)}}
Indicates that the server is unwilling to perform the
operation.
H2: {{loopDetect (54)}}
Indicates that the server has detected an internal loop (e.g.,
while dereferencing aliases or chaining an operation).
H2: {{namingViolation (64)}}
Indicates that the entry's name violates naming restrictions.
H2: {{objectClassViolation (65)}}
Indicates that the entry violates object class restrictions.
H2: {{notAllowedOnNonLeaf (66)}}
Indicates that the operation is inappropriately acting upon a
non-leaf entry.
H2: {{notAllowedOnRDN (67)}}
Indicates that the operation is inappropriately attempting to
remove a value that forms the entry's relative distinguished
name.
H2: {{entryAlreadyExists (68)}}
Indicates that the request cannot be fulfilled (added, moved,
or renamed) as the target entry already exists.
H2: {{objectClassModsProhibited (69)}}
Indicates that an attempt to modify the object class(es) of
an entry's 'objectClass' attribute is prohibited.
For example, this code is returned when a client attempts to
modify the structural object class of an entry.
H2: {{affectsMultipleDSAs (71)}}
Indicates that the operation cannot be performed as it would
affect multiple servers (DSAs).
H2: {{other (80)}}
Indicates the server has encountered an internal error.
personal_ws-1.1 en 1451
personal_ws-1.1 en 1483
nattrsets
inappropriateAuthentication
api
......@@ -145,11 +145,14 @@ mkversion
objectClasses
objectclasses
searchResultReference
adminLimitExceeded
fmt
qdescrs
olcSuffix
objectClassModsProhibited
supportedControl
GHz
unavailableCriticalExtension
libpath
INADDR
compareDN
......@@ -157,6 +160,7 @@ sizelimit
unixODBC
APIs
blen
notAllowedOnNonLeaf
attrsOnly
attrsonly
slappasswd
......@@ -168,6 +172,7 @@ syncIdSet
olcTLSCipherSuite
username
sizeLimitExceeded
aliasProblem
subst
idl
chroot
......@@ -178,6 +183,7 @@ ZKKuqbEKJfKSXhUbHG
reqRespControls
TLSCertificateKeyFile
olcAccess
aliasDereferencingProblem
proxyTemplates
neverDerefaliases
RootDN
......@@ -199,8 +205,10 @@ dataflow
subentries
attrpair
balancer
entryAlreadyExists
BerkeleyDB's
singleLevel
notAllowedOnRDN
entryDN
dSAOperation
includedir
......@@ -296,6 +304,7 @@ newPasswdFile
ucdata
LLL
confdir
invalidCredentials
BerValues
olcDbLinearIndex
Elfrink
......@@ -484,12 +493,14 @@ searchAttrDN
cctrls
tcp
kadmin
undefinedAttributeType
strlen
spellcheck
ludpp
typedef
olcDbIDLcacheSize
ostring
toolsets
mwrscdx
SMD
UCD
......@@ -517,6 +528,7 @@ src
lastName
ufn
cron
RelativeLDAPDN
sql
pwdPolicyChecker
uid
......@@ -574,6 +586,7 @@ pwdPolicy
slapd
sasl
slapauth
affectsMultipleDSAs
MANCOMPRESS
octetStringOrderingStringMatch
updatedn
......@@ -607,6 +620,7 @@ freemods
initgroups
auditCompare
GDBM
DSAs
DSA's
dsaschema
compareFalse
......@@ -651,6 +665,7 @@ de
reqAuthzID
backend's
backends
requestName
cn
lcrypto
infodir
......@@ -709,9 +724,11 @@ syslogged
mk
ng
oc
invalidAttributeSyntax
errOp
pwdMaxAge
truelies
insufficientAccessRights
NL
mr
reindex
......@@ -735,6 +752,7 @@ slapover
RL
sockname
MANCOMPRESSSUFFIX
noSuchAttribute
makeinfo
coltags
ro
......@@ -764,9 +782,10 @@ xf
param
MChAODQ
caseExactIA
Vu
Za
Vu
idlecachesize
objectClassViolation
ws
errSleepTime
INSTALLFLAGS
......@@ -1049,6 +1068,7 @@ kbyte
modifiersName
keytbl
olcHdbConfig
constraintViolation
README
memcalloc
inet
......@@ -1076,6 +1096,7 @@ Locators
bvalues
reqResult
impl
strongerAuthRequired
outvalue
returnCode
returncode
......@@ -1085,6 +1106,7 @@ dnssrv
ciphersuite
auditlog
reqControls
protocolError
notypes
myAttributeType
stringbv
......@@ -1153,6 +1175,7 @@ http
uppercased
Poobah
libldap
invalidDNSyntax
ldap
ldbm
ursula
......@@ -1192,7 +1215,9 @@ bvfree
sleeptime
pwdCheckQuality
msgidp
confidentialityRequired
pwdAttribute
authMethodNotSupported
chown
PRNGD
LDAPRDN
......@@ -1259,6 +1284,7 @@ databasetype
woid
numericStringOrderingMatch
clientctrls
inappropriateMatching
RetCodes
ldapc
pwdAccountLockedTime
......@@ -1297,10 +1323,12 @@ olcObjectIdentifier
endblock
proxyAuthz
pagedResults
saslBindInProgress
bitstring
ACLs
berptr
olcModuleLoad
namingViolation
attributetype
attributeType
auditModRDN
......@@ -1357,6 +1385,7 @@ bindDn
bindDN
binddn
methodp
timeLimitExceeded
timelimitExceeded
pwdInHistory
LTSTATIC
......@@ -1373,6 +1402,7 @@ GnuTLS
postread
timeval
DHAVE
loopDetect
caseIgnoreSubstringsMatch
monitorIsShadow
syncdata
......@@ -1397,6 +1427,7 @@ RANDFILE
attrlist
aci
directoryOperation
compareTrue
selfwrite
pwdReset
acl
......@@ -1416,6 +1447,7 @@ userid
Kumar
AES
bdb
attributeOrValueExists
manageDSAit
ManageDsaIT
bindpw
......
......@@ -14,7 +14,7 @@ entries, depending on your requirements). This method works for
database types which support updates.
The second method of database creation is to do it off-line using
special utilities provided with slapd. This method is best if you
special utilities provided with {{slapd}}(8). This method is best if you
have many thousands of entries to create, which would take an
unacceptably long time using the LDAP method, or if you want to
ensure the database is not accessed while it is being created. Note
......
......@@ -125,10 +125,15 @@ install it yourself.
{{PRD:Berkeley DB}} is available from {{ORG[expand]Oracle}}'s Berkeley DB
download page
{{URL: http://www.oracle.com/technology/software/products/berkeley-db/index.html}}. There are several versions available. Generally, the most recent
release (with published patches) is recommended. This package is required
{{URL: http://www.oracle.com/technology/software/products/berkeley-db/index.html}}.
There are several versions available. Generally, the most recent
release (with published patches) is recommended. This package is required
if you wish to use the {{TERM:BDB}} or {{TERM:HDB}} database backends.
Note: Please see {{SECT:Recommended OpenLDAP Software Dependency Versions}} for
more information.
H3: Threads
......
......@@ -112,6 +112,9 @@ definitions:
> mode="self"
> chain-tls start
> chain-return-error TRUE
Add this below your {{syncrepl}} statement:
> updateref "ldap://ldapmaster.example.com/"
The {{B:chain-tls}} statement enables TLS from the slave to the ldap master.
......
......@@ -623,7 +623,8 @@ H4: Mirror Node Configuration
This is the same as the {{SECT:Set up the provider slapd}} section, referencing
{{SECT:delta-syncrepl replication}} if using {{delta-syncrepl}}.
Here's a specific cut down example:
Here's a specific cut down example using {{SECT:LDAP Sync Replication}} in
{{refreshAndPersist}} mode ({{delta-syncrepl}} can be used also):
MirrorMode node 1:
......
Supports Markdown
0% or .
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment