Commit a95f6581 authored by Kurt Zeilenga's avatar Kurt Zeilenga
Browse files

Misc product/org/term updates

parent 9fdb9b6e
......@@ -4,7 +4,7 @@
H1: Building and Installing OpenLDAP Software
This chapter details how to build and install the {{ORG:OpenLDAP}}
This chapter details how to build and install the {{PRD:OpenLDAP}}
Software package including {{slapd}}(8), the stand-alone LDAP daemon
and {{slurpd}}(8), the stand-alone update replication daemon.
Building and installing OpenLDAP Software requires several steps:
......@@ -76,27 +76,10 @@ OpenLDAP Software will not be fully LDAPv3 compliant unless OpenLDAP's
{{EX:configure}} detects a usable OpenSSL installation.
H3: Kerberos Authentication Services
OpenLDAP clients and servers support Kerberos-based authentication
services.
In particular, OpenLDAP supports the {{TERM:SASL}}/{{TERM:GSSAPI}}
authentication mechanism using either {{PRD:Heimdal}} or
{{PRD:MIT Kerberos}} V packages.
If you desire to use Kerberos-based SASL/GSSAPI authentication,
you should install either Heimdal or MIT Kerberos V.
Heimdal Kerberos is available from {{URL:http://www.pdc.kth.se/heimdal/}}.
MIT Kerberos is available from {{URL:http://web.mit.edu/kerberos/www/}}.
Use of strong authentication services, such as those provided by
Kerberos, is highly recommended.
H3: {{TERM[expand]SASL}}
OpenLDAP clients and servers require installation of {{PRD:Cyrus}}'s
{{PRD:SASL}} libraries to provide {{TERM[expand]SASL}} services. Though
OpenLDAP clients and servers require installation of {{PRD:Cyrus SASL}}
libraries to provide {{TERM[expand]SASL}} services. Though
some operating systems may provide this library as part of the
base system or as an optional software component, Cyrus SASL
often requires separate installation.
......@@ -110,6 +93,23 @@ OpenLDAP Software will not be fully LDAPv3 compliant unless OpenLDAP's
configure detects a usable Cyrus SASL installation.
H3: {{TERM[expand]Kerberos}}
OpenLDAP clients and servers support {{TERM:Kerberos}} authentication
services. In particular, OpenLDAP supports the Kerberos V
{{TERM:GSS-API}} {{TERM:SASL}} authentication mechanism known as
the {{TERM:GSSAPI}} mechanism. This feature requires, in addition to
Cyrus SASL libraries, either {{PRD:Heimdal}} or {{PRD:MIT Kerberos}}
V libraries.
Heimdal Kerberos is available from {{URL:http://www.pdc.kth.se/heimdal/}}.
MIT Kerberos is available from {{URL:http://web.mit.edu/kerberos/www/}}.
Use of strong authentication services, such as those provided by
Kerberos, is highly recommended.
H3: Database Software
OpenLDAP's {{slapd}}(8) {{TERM:BDB}} and {{TERM:HDB}} primary database backends
......
......@@ -239,9 +239,9 @@ interesting features and capabilities include:
{{B:{{TERM[expand]SASL}}}}: {{slapd}} supports strong authentication
and data security (integrity and confidentiality) services through
the use of SASL. {{slapd}}'s SASL implementation utilizes {{PRD:Cyrus}}
{{PRD:SASL}} software which supports a number of mechanisms including
DIGEST-MD5, EXTERNAL, and GSSAPI.
the use of SASL. {{slapd}}'s SASL implementation utilizes {{PRD:Cyrus
SASL}} software which supports a number of mechanisms including
{{TERM:DIGEST-MD5}}, {{TERM:EXTERNAL}}, and {{TERM:GSSAPI}}.
{{B:{{TERM[expand]TLS}}}}: {{slapd}} supports certificate-based
authentication and data security (integrity and confidentiality)
......@@ -286,7 +286,7 @@ well-defined {{TERM:C}} {{TERM:API}}, you can write your own
customized modules which extend {{slapd}} in numerous ways. Also,
a number of {{programmable database}} modules are provided. These
allow you to expose external data sources to {{slapd}} using popular
programming languages ({{PRD:Perl}}, {{shell}}, {{PRD:SQL}}, and
programming languages ({{PRD:Perl}}, {{shell}}, {{SQL}}, and
{{PRD:TCL}}).
{{B:Threads}}: {{slapd}} is threaded for high performance. A single
......
......@@ -59,7 +59,7 @@ U-Mich LDAP document: {{The SLAPD and SLURPD Administrators Guide}}.
P2[notoc] Amendments
Suggested enhancements and corrections to this document should
be submitted using the {{ORG:OpenLDAP}}
be submitted using the {{PRD:OpenLDAP}}
{{{{TERM[expand]ITS}}}} ({{URL: http://www.openldap.org/its/}}).
......
......@@ -24,7 +24,7 @@ feature, allowing them to authenticate themselves and then switch
their identity to that of another user or service.
This chapter assumes you have read {{Cyrus SASL for System
Administrators}}, provided with the {{PRD:Cyrus}} {{PRD:SASL}}
Administrators}}, provided with the {{PRD:Cyrus SASL}}
package (in {{FILE:doc/sysadmin.html}}) and have a working Cyrus
SASL installation. You should use the Cyrus SASL {{EX:sample_client}}
and {{EX:sample_server}} to test your SASL installation before
......
......@@ -76,9 +76,10 @@ confidentiality protection. OpenLDAP supports negotiation of
See the {{SECT:Using TLS}} chapter for more information. StartTLS
is the standard track mechanism.
A number of {{TERM[expand]SASL}} (SASL) mechanisms, such as DIGEST-MD5
and {{TERM:GSSAPI}}, also provide data integrity and confidentiality
protection. See the {{SECT:Using SASL}} chapter for more information.
A number of {{TERM[expand]SASL}} (SASL) mechanisms, such as
{{TERM:DIGEST-MD5}} and {{TERM:GSSAPI}}, also provide data integrity
and confidentiality protection. See the {{SECT:Using SASL}} chapter
for more information.
H3: Security Strength Factors
......
......@@ -102,7 +102,7 @@ ________________<BR>
Name|Long|Jump
ANSI|American National Standards Institute|http://www.ansi.org/
BSI|British Standards Institute|http://www.bsa-global.com/
Cyrus|Project Cyrus|http://asg.web.cmu.edu/cyrus/
Cyrus|Project Cyrus|http://cyrusimap.web.cmu.edu/
FSF|Free Software Foundation|http://www.fsf.org/
GNU|GNU Not Unix Project|http://www.gnu.org/
IAB|Internet Architecture Board|http://www.iab.org/
......@@ -114,10 +114,9 @@ ISO|International Standards Organisation|http://www.iso.org/
ITU|International Telephone Union|http://www.itu.int/
OLF|OpenLDAP Foundation|http://www.openldap.org/foundation/
OLP|OpenLDAP Project|http://www.openldap.org/project/
OpenLDAP|OpenLDAP Project|http://www.openldap.org/
OpenSSL|OpenSSL Project|http://www.openssl.org/
RFC|RFC Editor|http://www.rfc-editor.org/
Oracle|Oracle|http://www.oracle.com/
RFC Editor|RFC Editor|http://www.rfc-editor.org/
Oracle|Oracle Corporation|http://www.oracle.com/
UM|University of Michigan|http://www.umich.edu/
UMLDAP|University of Michigan LDAP Team|http://www.umich.edu/~dirsvcs/ldap/ldap.html
!endblock
......@@ -126,18 +125,18 @@ UMLDAP|University of Michigan LDAP Team|http://www.umich.edu/~dirsvcs/ldap/ldap.
Name|Jump
Berkeley DB|http://www.oracle.com/database/berkeley-db/db/index.html
CVS|http://www.cvshome.org/
Cyrus|http://asg.web.cmu.edu/cyrus/
Cyrus:http://cyrusimap.web.cmu.edu/generalinfo.html
Cyrus SASL|http://asg.web.cmu.edu/sasl/sasl-library.html
GNU|http://www.gnu.org/software/
GDBM|http://www.gnu.org/software/gdbm/
Heimdal|http://www.pdc.kth.se/heimdal/
MIT Kerberos|http://web.mit.edu/kerberos/www/
OpenLDAP|http://www.openldap.org/software/
OpenLDAP|http://www.openldap.org/
OpenSSL|http://www.openssl.org/
Perl|http://www.perl.org/
SASL|http://asg.web.cmu.edu/sasl/sasl-library.html
SQL|http://www.jcc.com/SQLPages/jccs_sql.htm
TCL|http://www.tcl.tk/
UMLDAP|University of Michigan LDAP|http://www.umich.edu/~dirsvcs/ldap/ldap.html
SDF|http://search.cpan.org/src/IANC/sdf-2.001/doc/catalog.html
UMLDAP|http://www.umich.edu/~dirsvcs/ldap/ldap.html
!endblock
# Internet and X.500 terms
......@@ -164,20 +163,22 @@ BCP|Best Current Practice
BDB|Berkeley DB
BER|Basic Encoding Rules
BNF|Backus-Naur Form
C|The C Programming Language
CA|Certificate Authority
CCITT|International Telegraph and Telephone Consultative Committee
CER|Canonical Encoding Rules
CLDAP|Connection-less LDAP
CN|Common Name
CRL|Certificate Revocation List
COSINE|Co-operation and Open Systems Interconnection in Europe
CRAM-MD5|SASL MD5 Challedge/Response Authentication Mechanism
CRL|Certificate Revocation List
C|The C Programming Language
DACD|Directory Access Control Domain
DAP|Directory Access Protocol
DC|Domain Component
DER|Distinguished Encoding Rules
DES|Data Encryption Standard
DIB|Directory Information Base
DIGEST-MD5|SASL Digest MD5 Authentication Mechanism
DISP|Directory Information Shadowing Protocol
DIT|Directory Information Tree
DMD|Directory Management Domain
......@@ -191,11 +192,13 @@ DSE|DSA-specific Entry
DSP|Directory System Protocol
DS|Draft Standard
DUA|Directory User Agent
EXTERNAL|SASL External Authentication Mechanism
FAQ|Frequently Asked Questions
FTP|File Transfer Protocol
FYI|For Your Information
GSER|Generic String Encoding Rules
GSSAPI|Generic Security Service Application Program Interface
GSS-API|Generic Security Service Application Program Interface
GSSAPI|SASL Kerberos V GSS-API Authentication Mechanism
HDB|Heirarchial Database
HOB|Hierarchical Operational Binding
I-D|Internet-Draft
......@@ -228,15 +231,17 @@ OTP|One Time Password
PDU|Protocol Data Unit
PEM|Privacy Enhanced eMail
PKCS|Public Key Cryptosystem
PKI|Public Key Infrastructure
PKIX|Public Key Infrastructure X.509
PKI|Public Key Infrastructure
PLAIN|SASL Plaintext Password Authentication Mechanism
PRDMD|Private Directory Management Domain
PS|Proposed Standard
RDN|Relative Distinguished Name
RFC|Request for Comment
RFC|Request for Comments
RHOB|Relative Hierarchical Operational Binding
RXER|Robust XML Encoding Rules
SASL|Simple Authentication and Security Layer
SDF|Simple Document Format
SDSE|Shadowed DSE
SHA1|Secure Hash Algorithm 1
SMTP|Simple Mail Transfer Protocol
......
Supports Markdown
0% or .
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment