Commit e26ea91f authored by Quanah Gibson-Mount's avatar Quanah Gibson-Mount
Browse files

constraint overlay section complete.

parent ec03f6de
personal_ws-1.1 en 1492
personal_ws-1.1 en 1508
nattrsets
inappropriateAuthentication
api
......@@ -8,8 +8,8 @@ reqEnd
olcOverlayConfig
shoesize
olcTLSCACertificateFile
cdx
CGI
cdx
DCE
DAP
attributename
......@@ -20,8 +20,8 @@ kurt
authzID
authzid
authzId
ddd
DAs
ddd
userApplications
BNF
attrs
......@@ -32,8 +32,8 @@ ldapport
hallvard
ASN
acknowledgements
ava
Chu
ava
monitorCounter
del
DDR
......@@ -84,13 +84,13 @@ olcModulePath
maxentries
authc
seeAlso
searchBase
searchbase
searchBase
realnamingcontext
dns
DN's
DNs
dn's
DNs
DN's
dns
dereference
sortKey
authzTo
......@@ -148,8 +148,10 @@ adminLimitExceeded
searchResultReference
fmt
qdescrs
olcConstraintAttribute
olcSuffix
objectClassModsProhibited
numEntries
unavailableCriticalExtension
supportedControl
GHz
......@@ -159,8 +161,8 @@ compareDN
sizelimit
unixODBC
notAllowedOnNonLeaf
blen
APIs
blen
attrsOnly
attrsonly
slappasswd
......@@ -193,19 +195,20 @@ args
caseExactOrderingMatch
olcDbQuarantine
RELEASEDATE
basedn
baseDN
basedn
argv
gss
schemachecking
WhoAmI
whoami
WhoAmI
syslogd
dataflow
subentries
attrpair
balancer
entryAlreadyExists
suretec
BerkeleyDB's
notAllowedOnRDN
singleLevel
......@@ -244,8 +247,8 @@ ldd
localstatedir
sockbuf
PENs
IPv
ipv
IPv
ghenry
hyc
multimaster
......@@ -280,8 +283,8 @@ intermediateResponse
myOID
structuralObjectClass
integerMatch
OpenLDAP
openldap
OpenLDAP
moddn
rewriteEngine
AVAs
......@@ -300,8 +303,8 @@ bool
logins
jts
memberAttr
newPasswdFile
newpasswdfile
newPasswdFile
ucdata
LLL
confdir
......@@ -317,23 +320,26 @@ CThreads
structs
desc
LTCOMPILE
auditContext
bindmethod
sambaNTPassword
olcDbCheckpoint
addprinc
auditContainer
modme
refreshOnly
PIII
pwdPolicySubentry
supportedSASLMechanism
supportedSASLmechanism
supportedSASLMechanism
FIXME
realanonymous
caseExactMatch
olcSizeLimit
Bourne
attr
objectIdentifier
objectidentifier
objectIdentifier
refint
msgtype
OBJEXT
......@@ -384,8 +390,8 @@ Autoconf
alloc
PDU
OLF
inetOrgPerson
inetorgperson
inetOrgPerson
deleteoldrdn
monitorCounterObject
pid
......@@ -445,9 +451,9 @@ OTP
entrylimit
attrdescN
logold
PRD
sbi
pos
sbi
PRD
reqEntries
pre
bvals
......@@ -473,8 +479,8 @@ telephonenumber
telephoneNumber
DLDAP
peernamestyle
SHA
Sep
SHA
filename
rpath
argsfile
......@@ -504,8 +510,8 @@ olcDbIDLcacheSize
ostring
toolsets
mwrscdx
UCD
SMD
UCD
cancelled
crit
organizationalUnit
......@@ -517,8 +523,8 @@ TGT
modulepath
quickstart
mySNMP
UDP
tgz
UDP
RDBMs
rdbms
Matic
......@@ -538,9 +544,9 @@ olcDbConfig
refreshDone
ssf
replogfile
vec
TOC
rwm
TOC
vec
LDAPDN
compareAttrDN
endmacro
......@@ -548,18 +554,19 @@ tls
repl
monitoringslapd
referralsp
SRP
tmp
SRP
olcDbNosync
conns
SSL
PDkzODdASFxOQ
SRV
sss
rwx
sss
deallocators
Contribware
URLlist
olcConstraintConfig
str
subinitial
CSNs
......@@ -632,6 +639,7 @@ noSuchObject
params
groupnummer
searchEntryDN
titleCatalog
negttl
chainingPreferred
TABs
......@@ -675,11 +683,12 @@ groupstyle
ldapsearch
cp
displayName
bv
eg
bv
olcBackendConfig
fd
dn
fd
sambaPwdLastSet
LDAPSync
olcReplicationInterval
fG
......@@ -698,6 +707,7 @@ slurpd
logevels
IG
addDN
olcAuditlogFile
tbls
ldapmodify
kb
......@@ -813,8 +823,8 @@ ZZ
entryCSNs
dlopen
continuated
newSuperior
newsuperior
newSuperior
Preprocessor
XXLIBS
deallocate
......@@ -850,6 +860,7 @@ applicatio
nelems
liblutil
wrscdx
numResponses
scherr
internet
logfilter
......@@ -866,8 +877,8 @@ pwdSafeModify
contrib
FQDNs
bjorn
myLDAP
myldap
myLDAP
peercred
SNMP
myObjectClass
......@@ -887,8 +898,8 @@ ldapmodrdn
ldapbis
attributeoptions
serverID
memberof
memberOf
memberof
pseudorootpw
allmail
CFLAGS
......@@ -907,8 +918,8 @@ modifyAttrDN
dcedn
olcOverlay
exop
BerElement
berelement
BerElement
olcRootDN
octetString
SampleLDAP
......@@ -916,10 +927,11 @@ expr
allusersgroup
PostgreSQL
bvstr
logsuccess
filesystem
pathtest
objectclass
objectClass
objectclass
submatches
newrdn
armijo
......@@ -934,8 +946,8 @@ jane
syncuser
Masarati
LDAPSyntax
oldPasswdFile
oldpasswdfile
oldPasswdFile
reqDN
SSFs
ietf
......@@ -959,8 +971,8 @@ reqId
setspec
scanf
TLSv
distinguishedName
distinguishedname
distinguishedName
BerVarray
caseIgnoreSubstrin
ldapwhoami
......@@ -988,8 +1000,8 @@ slaptest
zeilenga
WebUpdate
numericoid
ChangeLog
changelog
ChangeLog
creatorsName
ascii
wahl
......@@ -1009,8 +1021,8 @@ simplebinddn
authcDN
TLSCipherSuite
supportedSASLMechanisms
rootDSE
rootdse
rootDSE
dsaparam
cachefree
UMich's
......@@ -1019,10 +1031,10 @@ schemadir
attribute's
extern
varchar
olcDbCachesize
olcDbCacheSize
authcID
olcDbCachesize
authcid
authcID
POSIX
hnPk
ldapext
......@@ -1043,8 +1055,8 @@ sasldb
somevalue
LIBRELEASE
randkey
StartTLS
starttls
StartTLS
LDAPSchemaExtensionItem
reqReferral
shtool
......@@ -1056,8 +1068,8 @@ subjectAltName
errObject
gsskrb
valsort
berval's
bervals
berval's
derefFindingBaseObj
checkpointed
keytab
......@@ -1080,8 +1092,8 @@ README
memcalloc
inet
saslargs
givenName
givenname
givenName
olcDbMode
pidfile
olcLimits
......@@ -1090,8 +1102,8 @@ tuple
superset
directoryString
ktadd
proxytemplate
proxyTemplate
proxytemplate
wildcards
monitoredObject
TTLs
......@@ -1105,8 +1117,8 @@ reqResult
impl
strongerAuthRequired
outvalue
returncode
returnCode
returncode
attributeDescription
attrval
dnssrv
......@@ -1126,24 +1138,25 @@ subdirectories
errlist
addpartial
slapdn
olcAuditLogConfig
uncached
ldapapiinfo
groupOfUniqueNames
dhparam
slapds
slapd's
slapds
inputfile
RDBMSes
wildcard
Locator
errABsObject
errAbsObject
errABsObject
SASL's
html
searchResultDone
olcBdbConfig
LDAPMod
ldapmod
LDAPMod
olcHidden
userPassword
TLSRandFile
......@@ -1171,10 +1184,10 @@ cacertdir
queryid
Warper
XDEFS
URL's
urls
postaladdress
URL's
postalAddress
postaladdress
passwd
plugins
george
......@@ -1190,16 +1203,16 @@ LDAPModifying
slapdconfig
sysconfig
dnSubtreeMatch
olcSaslSecprops
olcSaslSecProps
olcSaslSecprops
auditModify
groupOfNames
jensen
reloadHint
prepending
olcGlobal
matchingrule
matchingRule
matchingrule
SmVuc
MSSQL
nisMailAlias
......@@ -1214,9 +1227,9 @@ whsp
realusers
dnstyle
suffixalias
proxyattrset
proxyAttrSet
proxyAttrset
proxyAttrSet
proxyattrset
pwdMustChange
ldif
bvfree
......@@ -1230,8 +1243,9 @@ chown
PRNGD
LDAPRDN
entryUUIDs
proxyCache
sambaPwdCanChange
proxycache
proxyCache
SERATGCgaGBYWGDEjJR
noanonymous
accessee
......@@ -1284,8 +1298,8 @@ passwdfile
errMatchedDN
everytime
mkdep
olcDbIndex
olcDbindex
olcDbIndex
syntaxOID
reqData
databasetype
......@@ -1334,11 +1348,12 @@ pagedResults
saslBindInProgress
bitstring
ACLs
suretecsystems
berptr
olcModuleLoad
namingViolation
attributeType
attributetype
attributeType
auditModRDN
cacert
memberUid
......@@ -1390,26 +1405,27 @@ preallocated
syntaxes
memberURL
monitorRuntimeConfig
binddn
bindDN
bindDn
bindDN
binddn
methodp
timelimitExceeded
timeLimitExceeded
timelimitExceeded
pwdInHistory
LTSTATIC
requestor's
requestors
requestor's
LDAPCONF
saslauthd
MKDEPFLAG
gecos
entryUUID
GnuTLS
GNUtls
gnutls
GNUtls
GnuTLS
postread
timeval
aaa
DHAVE
loopDetect
caseIgnoreSubstringsMatch
......@@ -1430,8 +1446,8 @@ entryTtl
LDAPControl
pwdMinLength
ldapcompare
readOnly
readonly
readOnly
RANDFILE
attrlist
aci
......@@ -1457,8 +1473,8 @@ Kumar
AES
bdb
attributeOrValueExists
ManageDsaIT
manageDSAit
ManageDsaIT
bindpw
monitorContainer
pEntry
......@@ -1470,8 +1486,8 @@ Blowfish
mkln
numericStringSubstringsMatch
testgroup
OpenSSL
openssl
OpenSSL
ModName
cacheable
freeit
......@@ -1480,8 +1496,8 @@ ber
ali
mandir
changetype
CA's
CAs
CA's
typeA
bvecfree
ODBC
......
......@@ -316,12 +316,41 @@ H2: Constraints
H3: Overview
This overlay enforces a regular expression constraint on all values
of specified attributes. It is used to enforce a more rigorous
syntax when the underlying attribute syntax is too general.
of specified attributes during an LDAP modify request that contains add or modify
commands. It is used to enforce a more rigorous syntax when the underlying attribute
syntax is too general.
H3: Constraint Configuration
Configuration via {{slapd.conf}}(5) would look like:
> overlay constraint
> constraint_attribute mail regex ^[:alnum:]+@mydomain.com$
> constraint_attribute title uri
> ldap:///dc=catalog,dc=example,dc=com?title?sub?(objectClass=titleCatalog)
A specification like the above would reject any {{mail}} attribute which did not
look like {{<alpha-numeric string>@mydomain.com}}.
It would also reject any title attribute whose values were not listed in the
title attribute of any {{titleCatalog}} entries in the given scope.
An example for use with {{cn=config}}:
> dn: cn=module{0},cn=config
> changetype: modify
> add: olcModuleLoad
> olcModuleLoad: {1}constraint.la
>
> dn: olcOverlay=constraint,olcDatabase={1}hdb,cn=config
> changetype: add
> objectClass: olcOverlayConfig
> objectClass: olcConstraintConfig
> olcOverlay: constraint
> olcConstraintAttribute: mail regex ^[:alnum:]+@mydomain.com$
> olcConstraintAttribute: title uri ldap:///dc=catalog,dc=example,dc=com?title?sub?(objectClass=titleCatalog)
H2: Dynamic Directory Services
......
Supports Markdown
0% or .
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment