Misc updates

d0a77750 · Kurt Zeilenga · c22e91c4 · d0a77750 · d0a77750 · d0a77750
Commit d0a77750 authored 23 years ago by Kurt Zeilenga
--- a/doc/guide/admin/intro.sdf
+++ b/doc/guide/admin/intro.sdf
@@ -285,8 +285,7 @@ reasonable defaults, making your job much easier.

 {{slapd}} also has its limitations, of course.  The main LDBM
 database backend does not handle range queries or negation queries
-very well.  These features and more will be coming in a future
-release.
+very well.


 H2: What is slurpd and what can it do?

--- a/doc/guide/admin/master.sdf
+++ b/doc/guide/admin/master.sdf
@@ -33,6 +33,9 @@ PB:
 !include "config.sdf"; chapter
 PB:

+!include "security.sdf"; chapter
+PB:
+
 !include "install.sdf"; chapter
 PB:


--- a/doc/guide/admin/preface.sdf
+++ b/doc/guide/admin/preface.sdf
@@ -9,7 +9,7 @@ P1: Preface
 # document's copyright
 P2[notoc] Copyright

-Copyright 1998-2000, The {{ORG[expand]OLF}}, {{All Rights Reserved}}.
+Copyright 1998-2001, The {{ORG[expand]OLF}}, {{All Rights Reserved}}.

 Copyright 1992-1996, Regents of the {{ORG[expand]UM}}, {{All Rights Reserved}}.

@@ -17,6 +17,7 @@ Copyright 1992-1996, Regents of the {{ORG[expand]UM}}, {{All Rights Reserved}}.
 P2[notoc] Scope of this Document

 This document provides a guide for installing OpenLDAP 2.1 Software
+({{URL:http://www.openldap.org/software/}})
 on {{TERM:UNIX}} (and UNIX-like) systems.  The document is aimed at
 experienced system administrators but who may not have prior experience
 operating {{TERM:LDAP}}-based directory software.
@@ -44,8 +45,9 @@ The {{ORG[expand]OLP}} is comprised of a team of volunteers.  This document
 would not be possible without their contribution of time and energy.

 The OpenLDAP Project would also like to thank the {{ORG[expand]UMLDAP}}
-for building the foundation of LDAP software and information
-to which OpenLDAP Software is built upon.
+for building the foundation of LDAP software and information to
+which OpenLDAP Software is built upon.  This document is based upon
+U-Mich LDAP document: {{The SLAPD and SLURPD Administrators Guide}}.


 P2[notoc] Amendments

--- a/doc/guide/admin/quickstart.sdf
+++ b/doc/guide/admin/quickstart.sdf
 # $OpenLDAP$
-# Copyright 1999-2000, The OpenLDAP Foundation, All Rights Reserved.
+# Copyright 1999-2001, The OpenLDAP Foundation, All Rights Reserved.
 # COPYING RESTRICTIONS APPLY, see COPYRIGHT.

 H1: A Quick-Start Guide
@@ -17,9 +17,10 @@ OpenLDAP Software FAQ).
 If you intend to run OpenLDAP seriously, you should review the all
 of this document before attempt to install the software.

-Note: This quick start guide does not use strong authentication nor
-any privacy and integrity protection services.  These services are
-described in other chapters of the OpenLDAP Administrator's Guide.
+Note: This quick start guide does not use strong authentication
+nor any integrity or confidential protection services.  These
+services are described in other chapters of the OpenLDAP Administrator's
+Guide.


 .{{S: }}
@@ -265,10 +266,12 @@ backend arrangements, etc.

 Note that by default, the {{slapd}}(8) database grants {{read access
 to everybody}} excepting the {{super-user}} (as specified by the
-{{EX:rootdn}} configuration directive).  It is highly recommended that
-you establish controls to restrict access to authorized users.  Access
-controls are discussed in the {{SECT:Access Control}} section of the
-{{SECT:The slapd Configuration File}} chapter.
+{{EX:rootdn}} configuration directive).  It is highly recommended
+that you establish controls to restrict access to authorized users.
+Access controls are discussed in the {{SECT:Access Control}} section
+of the {{SECT:The slapd Configuration File}} chapter.  You are also
+encouraged to read {{SECT:Security Considerations}}, {{SECT:Using
+SASL}} and {{SECT:Using TLS}} sections.

 The following chapters provide more detailed information on making,
 installing, and running {{slapd}}(8).
--- a/doc/guide/admin/slapdconfig.sdf
+++ b/doc/guide/admin/slapdconfig.sdf
@@ -663,36 +663,35 @@ to grant specific permissions.

 H3: Access Control Evaluation

-When evaluating whether some requester should be given
-access to an entry and/or attribute, slapd compares the entry
-and/or attribute to the {{EX:<what>}} selectors given in the
-configuration file. Access directives local to the current
-database are examined first, followed by global access
-directives. Within this priority, access directives are
-examined in the order in which they appear in the config file.
-Slapd stops with the first {{EX:<what>}} selector that matches the
-entry and/or attribute. The corresponding access directive is
-the one slapd will use to evaluate access.
-
-Next, slapd compares the entity requesting access to the
-{{EX:<who>}} selectors within the access directive selected above
-in the order in which they appear. It stops with the first {{EX:<who>}}
-selector that matches the requester. This determines the
-access the entity requesting access has to the entry and/or
-attribute.
+When evaluating whether some requester should be given access to
+an entry and/or attribute, slapd compares the entry and/or attribute
+to the {{EX:<what>}} selectors given in the configuration file.
+For each entry, access control provided in the database which holds
+the entry (or the first database if not held in any database) apply
+first, followed by the global access directivies.  Within this
+priority, access directives are examined in the order in which they
+appear in the config file.  Slapd stops with the first {{EX:<what>}}
+selector that matches the entry and/or attribute. The corresponding
+access directive is the one slapd will use to evaluate access.
+
+Next, slapd compares the entity requesting access to the {{EX:<who>}}
+selectors within the access directive selected above in the order
+in which they appear. It stops with the first {{EX:<who>}} selector
+that matches the requester. This determines the access the entity
+requesting access has to the entry and/or attribute.

 Finally, slapd compares the access granted in the selected
-{{EX:<access>}} clause to the access requested by the client. If it
-allows greater or equal access, access is granted. Otherwise,
+{{EX:<access>}} clause to the access requested by the client. If
+it allows greater or equal access, access is granted. Otherwise,
 access is denied.

-The order of evaluation of access directives makes their
-placement in the configuration file important. If one access
-directive is more specific than another in terms of the entries
-it selects, it should appear first in the config file. Similarly, if
-one {{EX:<who>}} selector is more specific than another it should
-come first in the access directive. The access control
-examples given below should help make this clear.
+The order of evaluation of access directives makes their placement
+in the configuration file important. If one access directive is
+more specific than another in terms of the entries it selects, it
+should appear first in the config file. Similarly, if one {{EX:<who>}}
+selector is more specific than another it should come first in the
+access directive. The access control examples given below should
+help make this clear.



@@ -809,10 +808,9 @@ means that queries not local to one of the databases defined
 below will be referred to the LDAP server running on the
 standard port (389) at the host {{EX:root.openldap.org}}.

-Line 4 is a global access control.  It is used only if
-no database access controls match or when the target
-objects are not under the control of any database (such as
-the Root DSE).
+Line 4 is a global access control.  It applies to all
+entries (after any applicable database-specific access
+controls).

 The next section of the configuration file defines an LDBM
 backend that will handle queries for things in the
@@ -851,40 +849,41 @@ E: 30.		by self write
 E: 31.		by dn="cn=Admin,dc=example,dc=com" write
 E: 32.		by * read

-Line 5 is a comment. The start of the database definition is
-marked by the database keyword on line 6. Line 7 specifies
-the DN suffix for queries to pass to this database. Line 8
-specifies the directory in which the database files will live.
+Line 5 is a comment. The start of the database definition is marked
+by the database keyword on line 6. Line 7 specifies the DN suffix
+for queries to pass to this database. Line 8 specifies the directory
+in which the database files will live.

-Lines 9 and 10 identify the database "super user" entry and
-associated password. This entry is not subject to access
-control or size or time limit restrictions.
+Lines 9 and 10 identify the database "super user" entry and associated
+password. This entry is not subject to access control or size or
+time limit restrictions.

 Lines 11 through 18 are for replication. Line 11 specifies the
-replication log file (where changes to the database are logged
-\- this file is written by slapd and read by slurpd). Lines 12 
-through 14 specify the hostname and port for a replicated
-host, the DN to bind as when performing updates, the bind
-method (simple) and the credentials (password) for the
-binddn. Lines 15 through 18 specify a second replication site.
-See the {{SECT:Replication with slurpd}} chapter for more
-information on these directives.
-
-Lines 20 through 22 indicate the indexes to maintain for
-various attributes.
-
-Lines 24 through 32 specify access control for entries in the
-database. For all entries, the {{EX:userPassword}} attribute is
-writable by the entry itself and by the "admin" entry.  It may be
-used for authentication/authorization purposes, but is otherwise
-not readable.  All other attributes are writable by the entry and
-the "admin" entry, but may be read by authenticated users.
-
-The next section of the example configuration file defines
-another LDBM database. This one handles queries involving
-the {{EX:dc=example,dc=net}} subtree.  Note that without
-line 38, the read access would be allowed due to the
-global access rule at line 4.
+replication log file (where changes to the database are logged \-
+this file is written by slapd and read by slurpd). Lines 12 through
+14 specify the hostname and port for a replicated host, the DN to
+bind as when performing updates, the bind method (simple) and the
+credentials (password) for the binddn. Lines 15 through 18 specify
+a second replication site.  See the {{SECT:Replication with slurpd}}
+chapter for more information on these directives.
+
+Lines 20 through 22 indicate the indexes to maintain for various
+attributes.
+
+Lines 24 through 32 specify access control for entries in the this
+database.  As this is the first database, the controls also apply
+to entries not held in any database (such as the Root DSE).  For
+all applicable entries, the {{EX:userPassword}} attribute is writable
+by the entry itself and by the "admin" entry.  It may be used for
+authentication/authorization purposes, but is otherwise not readable.
+All other attributes are writable by the entry and the "admin"
+entry, but may be read by authenticated users.
+
+The next section of the example configuration file defines another
+LDBM database. This one handles queries involving the
+{{EX:dc=example,dc=net}} subtree.  Note that without line 38, the
+read access would be allowed due to the global access rule at line
+4.

 E: 33.	# ldbm definition for example.net
 E: 34.	database ldbm

--- a/doc/guide/plain.sdf
+++ b/doc/guide/plain.sdf
 # $OpenLDAP$
-# Copyright 1999-2000, The OpenLDAP Foundation, All Rights Reserved.
+# Copyright 1999-2001, The OpenLDAP Foundation, All Rights Reserved.
 # COPYING RESTRICTIONS APPLY, see COPYRIGHT.

 # template for plain documents
@@ -12,7 +12,7 @@
 !endmacro
 !macro HTML_FOOTER
 {{INLINE:<FONT COLOR="#808080" FACE="Arial,Verdana,Helvetica" SIZE="1">}}
-{{INLINE:<B>______________<BR><SMALL>}}
+{{INLINE:<B>________________<BR><SMALL>}}
 [[c]]  Copyright 2001,
 {{INLINE:<A HREF="/foundation/">OpenLDAP Foundation</A>}},
 {{EMAIL: info@OpenLDAP.org}}

--- a/doc/guide/preamble.sdf
+++ b/doc/guide/preamble.sdf
 # $OpenLDAP$
-# Copyright 1999-2000, The OpenLDAP Foundation, All Rights Reserved.
+# Copyright 1999-2001, The OpenLDAP Foundation, All Rights Reserved.
 # COPYING RESTRICTIONS APPLY, see COPYRIGHT.
 
 #
@@ -53,7 +53,7 @@
 	!block inline; expand
 <P>
 <FONT COLOR="#808080" FACE="Arial,Verdana,Helvetica" SIZE="1"><B>
-______________<BR>
+________________<BR>
 <SMALL>&copy; Copyright 2001, <A HREF="http://www.OpenLDAP.org/foundation/">OpenLDAP Foundation</A>, <A HREF="mailto:info@OpenLDAP.org">info@OpenLDAP.org</A></SMALL></B></FONT>

 	!endblock
@@ -89,7 +89,7 @@ ______________<BR>
 	!block inline; expand
 <P>
 <FONT COLOR="#808080" FACE="Arial,Verdana,Helvetica" SIZE="1"><B>
-______________<BR>
+________________<BR>
 <SMALL>&copy; Copyright 2001, <A HREF="http://www.OpenLDAP.org/foundation/">OpenLDAP Foundation</A>, <A HREF="mailto:info@OpenLDAP.org">info@OpenLDAP.org</A></SMALL></B></FONT>

 	!endblock

--- a/doc/guide/release/copyright.sdf
+++ b/doc/guide/release/copyright.sdf
@@ -12,7 +12,7 @@ H1: OpenLDAP Software Copyright Notices

 H2: OpenLDAP Copyright Notice

-[[copyright]] 1998-2000 The OpenLDAP Foundation, Redwood City, California, USA
+[[copyright]] 1998-2001 The OpenLDAP Foundation, Redwood City, California, USA
 All rights reserved.

 Redistribution and use in source and binary forms are permitted