s/saslregex/sasl-regex/

Other minor updates

doc/man/man5/slapd.conf.5

@@ -235,13 +235,6 @@ in place of the numeric OID in objectclass and attribute definitions. The
 name can also be used with a suffix of the form ":xx" in which case the
 value "oid.xx" will be used.
 .TP
-.B pidfile <filename>
-The ( absolute ) name of a file that will hold the 
-.B slapd
-server's process ID ( see
-.BR getpid (2)
-) if started without the debugging command line option.
-.TP
 .B password-hash <hash>
 The <hash> to use for userPassword generation.  One of
 .BR {SSHA} ,
@@ -256,6 +249,13 @@ and
 The default is
 .BR {SSHA} .
 .TP
+.B pidfile <filename>
+The ( absolute ) name of a file that will hold the 
+.B slapd
+server's process ID ( see
+.BR getpid (2)
+) if started without the debugging command line option.
+.TP
 .B referral <url>
 Specify the referral to pass back when
 .BR slapd (8)
@@ -288,54 +288,10 @@ set conditions within a particular database).
 .B sasl-host <fqdn>
 Used to specify the fully qualified domain name used for SASL processing.
 .TP
-.B sasl-realm <string>
-Used to specify Cyrus SASL realm.
-.TP
-.B sasl-secprops <properties>
-Used to specify Cyrus SASL security properties.
-The
-.B none
-flag (without any other properities) causes the flag properites
-defaults ("noanonymous,noplain") to be cleared.
-The
-.B noplain
-flag disables mechanisms susceptible to simple passive attacks.
-The
-.B noactive
-flag disables mechanisms susceptible to active attacks.
-The
-.B nodict
-flag disables mechanisms susceptible to passive dictionary attacks.
-The
-.B noanonyous
-flag disables mechanisms which support anonymous login.
-The
-.B forwardsec
-flag require forward secrecy between sessions.
-The
-.B passcred
-require mechanisms which pass client credentials (and allow
-mechanisms which can pass credentials to do so).
-The
-.B minssf=<factor> 
-property specifies the minimum acceptable
-.I security strength factor
-as an integer approximate to effective key length used for
-encryption.  0 (zero) implies no protection, 1 implies integrity
-protection only, 56 allows DES or other weak ciphers, 112
-allows triple DES and other strong ciphers, 128 allows RC4,
-Blowfish and other modern strong ciphers.  The default is 0.
-The
-.B maxssf=<factor> 
-property specifies the maximum acceptable
-.I security strength factor
-as an integer (see minssf description).  The default is INT_MAX.
-The
-.B maxbufsize=<factor> 
-property specifies the maximum security layer receive buffer
-size allowed.  0 disables security layers.  The default is 65536.
+.B sasl-realm <realm>
+Specify SASL realm.  Default is empty.
 .TP
-.B saslregexp <match> <replace>
+.B sasl-regexp <match> <replace>
 Used by the SASL authorization mechanism to convert a SASL authenticated 
 username to an LDAP DN. When an authorization request is received, the SASL 
 .B USERNAME, REALM, 
@@ -360,7 +316,7 @@ regular expression that are enclosed in parenthesis, e.g.
 .RS
 .RS
 .TP
-.B uid=(.*)+realm=.*
+.B uid=(.*)\\\\+realm=.*
 
 .RE
 .RE
@@ -381,7 +337,7 @@ The replaced SASL name can be either a DN or an LDAP URI. If the latter, the sla
 server will use the URI to search its own database, and if the search returns 
 exactly one entry, the SASL name is replaced by the DN of that entry.
 Multiple 
-.B saslregexp 
+.B sasl-regexp 
 options can be given in the configuration file to allow for multiple matching 
 and replacement patterns. The matching patterns are checked in the order they 
 appear in the file, stopping at the first successful match.
@@ -392,6 +348,50 @@ and it will appear in SASL names that include a REALM, be careful to escape the
 plus sign with a double backslash \\\\+ to remove the character's special meaning.
 .RE
 .TP
+.B sasl-secprops <properties>
+Used to specify Cyrus SASL security properties.
+The
+.B none
+flag (without any other properities) causes the flag properites
+default, "noanonymous,noplain", to be cleared.
+The
+.B noplain
+flag disables mechanisms susceptible to simple passive attacks.
+The
+.B noactive
+flag disables mechanisms susceptible to active attacks.
+The
+.B nodict
+flag disables mechanisms susceptible to passive dictionary attacks.
+The
+.B noanonyous
+flag disables mechanisms which support anonymous login.
+The
+.B forwardsec
+flag require forward secrecy between sessions.
+The
+.B passcred
+require mechanisms which pass client credentials (and allow
+mechanisms which can pass credentials to do so).
+The
+.B minssf=<factor> 
+property specifies the minimum acceptable
+.I security strength factor
+as an integer approximate to effective key length used for
+encryption.  0 (zero) implies no protection, 1 implies integrity
+protection only, 56 allows DES or other weak ciphers, 112
+allows triple DES and other strong ciphers, 128 allows RC4,
+Blowfish and other modern strong ciphers.  The default is 0.
+The
+.B maxssf=<factor> 
+property specifies the maximum acceptable
+.I security strength factor
+as an integer (see minssf description).  The default is INT_MAX.
+The
+.B maxbufsize=<factor> 
+property specifies the maximum security layer receive buffer
+size allowed.  0 disables security layers.  The default is 65536.
+.TP
 .B schemacheck { on | off }
 Turn schema checking on or off. The default is on.
 .TP
@@ -446,12 +446,6 @@ Turn schema checking on or off. The default is on.
 Specify the maximum number of entries to return from a search operation.
 The default size limit is 500.
 .TP
-.B sasl-realm <realm>
-Specify SASL realm.  Default is empty.
-.TP
-.B sasl-secprops <props>
-Cyrus SASL security properties.  Default is "noanonymous,noplain".
-.TP
 .B srvtab <filename>
 Specify the srvtab file in which the kerberos keys necessary for
 authenticating clients using kerberos can be found. This option is only

servers/slapd/config.c

@@ -313,7 +313,9 @@ read_config( const char *fname )
 				global_realm = ch_strdup( cargv[1] );
 			}
 
-		} else if ( !strcasecmp( cargv[0], "saslregexp" ) ) {
+		} else if ( !strcasecmp( cargv[0], "sasl-regexp" ) 
+			|| !strcasecmp( cargv[0], "saslregexp" ) )
+		{
 			int rc;
 			if ( cargc != 3 ) {
 				Debug( LDAP_DEBUG_ANY,