Misc updates

d0a77750 · Kurt Zeilenga · c22e91c4 · d0a77750 · d0a77750 · d0a77750
Commit d0a77750 authored 23 years ago by Kurt Zeilenga
--- a/doc/guide/admin/intro.sdf
+++ b/doc/guide/admin/intro.sdf
@@ -285,8 +285,7 @@ reasonable defaults, making your job much easier.
 {{slapd}} also has its limitations, of course.  The main LDBM
 database backend does not handle range queries or negation queries
-very well.  These features and more will be coming in a future
+very well.
-release.
 H2: What is slurpd and what can it do?

--- a/doc/guide/admin/master.sdf
+++ b/doc/guide/admin/master.sdf
@@ -33,6 +33,9 @@ PB:
 !include "config.sdf"; chapter
 PB:
+!include "security.sdf"; chapter
+PB:
 !include "install.sdf"; chapter
 PB:

--- a/doc/guide/admin/preface.sdf
+++ b/doc/guide/admin/preface.sdf
@@ -9,7 +9,7 @@ P1: Preface
 # document's copyright
 P2[notoc] Copyright
-Copyright 1998-2000, The {{ORG[expand]OLF}}, {{All Rights Reserved}}.
+Copyright 1998-2001, The {{ORG[expand]OLF}}, {{All Rights Reserved}}.
 Copyright 1992-1996, Regents of the {{ORG[expand]UM}}, {{All Rights Reserved}}.
@@ -17,6 +17,7 @@ Copyright 1992-1996, Regents of the {{ORG[expand]UM}}, {{All Rights Reserved}}.
 P2[notoc] Scope of this Document
 This document provides a guide for installing OpenLDAP 2.1 Software
+({{URL:http://www.openldap.org/software/}})
 on {{TERM:UNIX}} (and UNIX-like) systems.  The document is aimed at
 experienced system administrators but who may not have prior experience
 operating {{TERM:LDAP}}-based directory software.
@@ -44,8 +45,9 @@ The {{ORG[expand]OLP}} is comprised of a team of volunteers.  This document
 would not be possible without their contribution of time and energy.
 The OpenLDAP Project would also like to thank the {{ORG[expand]UMLDAP}}
-for building the foundation of LDAP software and information
+for building the foundation of LDAP software and information to
-to which OpenLDAP Software is built upon.
+which OpenLDAP Software is built upon.  This document is based upon
+U-Mich LDAP document: {{The SLAPD and SLURPD Administrators Guide}}.
 P2[notoc] Amendments

--- a/doc/guide/admin/quickstart.sdf
+++ b/doc/guide/admin/quickstart.sdf
 # $OpenLDAP$
-# Copyright 1999-2000, The OpenLDAP Foundation, All Rights Reserved.
+# Copyright 1999-2001, The OpenLDAP Foundation, All Rights Reserved.
 # COPYING RESTRICTIONS APPLY, see COPYRIGHT.
 H1: A Quick-Start Guide
@@ -17,9 +17,10 @@ OpenLDAP Software FAQ).
 If you intend to run OpenLDAP seriously, you should review the all
 of this document before attempt to install the software.
-Note: This quick start guide does not use strong authentication nor
+Note: This quick start guide does not use strong authentication
-any privacy and integrity protection services.  These services are
+nor any integrity or confidential protection services.  These
-described in other chapters of the OpenLDAP Administrator's Guide.
+services are described in other chapters of the OpenLDAP Administrator's
+Guide.
 .{{S: }}
@@ -265,10 +266,12 @@ backend arrangements, etc.
 Note that by default, the {{slapd}}(8) database grants {{read access
 to everybody}} excepting the {{super-user}} (as specified by the
-{{EX:rootdn}} configuration directive).  It is highly recommended that
+{{EX:rootdn}} configuration directive).  It is highly recommended
-you establish controls to restrict access to authorized users.  Access
+that you establish controls to restrict access to authorized users.
-controls are discussed in the {{SECT:Access Control}} section of the
+Access controls are discussed in the {{SECT:Access Control}} section
-{{SECT:The slapd Configuration File}} chapter.
+of the {{SECT:The slapd Configuration File}} chapter.  You are also
+encouraged to read {{SECT:Security Considerations}}, {{SECT:Using
+SASL}} and {{SECT:Using TLS}} sections.
 The following chapters provide more detailed information on making,
 installing, and running {{slapd}}(8).
--- a/doc/guide/admin/slapdconfig.sdf
+++ b/doc/guide/admin/slapdconfig.sdf
@@ -663,36 +663,35 @@ to grant specific permissions.
 H3: Access Control Evaluation
-When evaluating whether some requester should be given
+When evaluating whether some requester should be given access to
-access to an entry and/or attribute, slapd compares the entry
+an entry and/or attribute, slapd compares the entry and/or attribute
-and/or attribute to the {{EX:<what>}} selectors given in the
+to the {{EX:<what>}} selectors given in the configuration file.
-configuration file. Access directives local to the current
+For each entry, access control provided in the database which holds
-database are examined first, followed by global access
+the entry (or the first database if not held in any database) apply
-directives. Within this priority, access directives are
+first, followed by the global access directivies.  Within this
-examined in the order in which they appear in the config file.
+priority, access directives are examined in the order in which they
-Slapd stops with the first {{EX:<what>}} selector that matches the
+appear in the config file.  Slapd stops with the first {{EX:<what>}}
-entry and/or attribute. The corresponding access directive is
+selector that matches the entry and/or attribute. The corresponding
-the one slapd will use to evaluate access.
+access directive is the one slapd will use to evaluate access.
-Next, slapd compares the entity requesting access to the
+Next, slapd compares the entity requesting access to the {{EX:<who>}}
-{{EX:<who>}} selectors within the access directive selected above
+selectors within the access directive selected above in the order
-in the order in which they appear. It stops with the first {{EX:<who>}}
+in which they appear. It stops with the first {{EX:<who>}} selector
-selector that matches the requester. This determines the
+that matches the requester. This determines the access the entity
-access the entity requesting access has to the entry and/or
+requesting access has to the entry and/or attribute.
-attribute.
 Finally, slapd compares the access granted in the selected
-{{EX:<access>}} clause to the access requested by the client. If it
+{{EX:<access>}} clause to the access requested by the client. If
-allows greater or equal access, access is granted. Otherwise,
+it allows greater or equal access, access is granted. Otherwise,
 access is denied.
-The order of evaluation of access directives makes their
+The order of evaluation of access directives makes their placement
-placement in the configuration file important. If one access
+in the configuration file important. If one access directive is
-directive is more specific than another in terms of the entries
+more specific than another in terms of the entries it selects, it
-it selects, it should appear first in the config file. Similarly, if
+should appear first in the config file. Similarly, if one {{EX:<who>}}
-one {{EX:<who>}} selector is more specific than another it should
+selector is more specific than another it should come first in the
-come first in the access directive. The access control
+access directive. The access control examples given below should
-examples given below should help make this clear.
+help make this clear.
@@ -809,10 +808,9 @@ means that queries not local to one of the databases defined
 below will be referred to the LDAP server running on the
 standard port (389) at the host {{EX:root.openldap.org}}.
-Line 4 is a global access control.  It is used only if
+Line 4 is a global access control.  It applies to all
-no database access controls match or when the target
+entries (after any applicable database-specific access
-objects are not under the control of any database (such as
+controls).
-the Root DSE).
 The next section of the configuration file defines an LDBM
 backend that will handle queries for things in the
@@ -851,40 +849,41 @@ E: 30.		by self write
 E: 31.		by dn="cn=Admin,dc=example,dc=com" write
 E: 32.		by * read
-Line 5 is a comment. The start of the database definition is
+Line 5 is a comment. The start of the database definition is marked
-marked by the database keyword on line 6. Line 7 specifies
+by the database keyword on line 6. Line 7 specifies the DN suffix
-the DN suffix for queries to pass to this database. Line 8
+for queries to pass to this database. Line 8 specifies the directory
-specifies the directory in which the database files will live.
+in which the database files will live.
-Lines 9 and 10 identify the database "super user" entry and
+Lines 9 and 10 identify the database "super user" entry and associated
-associated password. This entry is not subject to access
+password. This entry is not subject to access control or size or
-control or size or time limit restrictions.
+time limit restrictions.
 Lines 11 through 18 are for replication. Line 11 specifies the
-replication log file (where changes to the database are logged
+replication log file (where changes to the database are logged \-
-\- this file is written by slapd and read by slurpd). Lines 12 
+this file is written by slapd and read by slurpd). Lines 12 through
-through 14 specify the hostname and port for a replicated
+14 specify the hostname and port for a replicated host, the DN to
-host, the DN to bind as when performing updates, the bind
+bind as when performing updates, the bind method (simple) and the
-method (simple) and the credentials (password) for the
+credentials (password) for the binddn. Lines 15 through 18 specify
-binddn. Lines 15 through 18 specify a second replication site.
+a second replication site.  See the {{SECT:Replication with slurpd}}
-See the {{SECT:Replication with slurpd}} chapter for more
+chapter for more information on these directives.
-information on these directives.
+Lines 20 through 22 indicate the indexes to maintain for various
-Lines 20 through 22 indicate the indexes to maintain for
+attributes.
-various attributes.
+Lines 24 through 32 specify access control for entries in the this
-Lines 24 through 32 specify access control for entries in the
+database.  As this is the first database, the controls also apply
-database. For all entries, the {{EX:userPassword}} attribute is
+to entries not held in any database (such as the Root DSE).  For
-writable by the entry itself and by the "admin" entry.  It may be
+all applicable entries, the {{EX:userPassword}} attribute is writable
-used for authentication/authorization purposes, but is otherwise
+by the entry itself and by the "admin" entry.  It may be used for
-not readable.  All other attributes are writable by the entry and
+authentication/authorization purposes, but is otherwise not readable.
-the "admin" entry, but may be read by authenticated users.
+All other attributes are writable by the entry and the "admin"
+entry, but may be read by authenticated users.
-The next section of the example configuration file defines
-another LDBM database. This one handles queries involving
+The next section of the example configuration file defines another
-the {{EX:dc=example,dc=net}} subtree.  Note that without
+LDBM database. This one handles queries involving the
-line 38, the read access would be allowed due to the
+{{EX:dc=example,dc=net}} subtree.  Note that without line 38, the
-global access rule at line 4.
+read access would be allowed due to the global access rule at line
+4.
 E: 33.	# ldbm definition for example.net
 E: 34.	database ldbm

--- a/doc/guide/plain.sdf
+++ b/doc/guide/plain.sdf
 # $OpenLDAP$
-# Copyright 1999-2000, The OpenLDAP Foundation, All Rights Reserved.
+# Copyright 1999-2001, The OpenLDAP Foundation, All Rights Reserved.
 # COPYING RESTRICTIONS APPLY, see COPYRIGHT.
 # template for plain documents
@@ -12,7 +12,7 @@
 !endmacro
 !macro HTML_FOOTER
 {{INLINE:<FONT COLOR="#808080" FACE="Arial,Verdana,Helvetica" SIZE="1">}}
-{{INLINE:<B>______________<BR><SMALL>}}
+{{INLINE:<B>________________<BR><SMALL>}}
 [[c]]  Copyright 2001,
 {{INLINE:<A HREF="/foundation/">OpenLDAP Foundation</A>}},
 {{EMAIL: info@OpenLDAP.org}}

--- a/doc/guide/preamble.sdf
+++ b/doc/guide/preamble.sdf
 # $OpenLDAP$
-# Copyright 1999-2000, The OpenLDAP Foundation, All Rights Reserved.
+# Copyright 1999-2001, The OpenLDAP Foundation, All Rights Reserved.
 # COPYING RESTRICTIONS APPLY, see COPYRIGHT.
 #
@@ -53,7 +53,7 @@
 	!block inline; expand
 <P>
 <FONT COLOR="#808080" FACE="Arial,Verdana,Helvetica" SIZE="1"><B>
-______________<BR>
+________________<BR>
 <SMALL>&copy; Copyright 2001, <A HREF="http://www.OpenLDAP.org/foundation/">OpenLDAP Foundation</A>, <A HREF="mailto:info@OpenLDAP.org">info@OpenLDAP.org</A></SMALL></B></FONT>
 	!endblock
@@ -89,7 +89,7 @@ ______________<BR>
 	!block inline; expand
 <P>
 <FONT COLOR="#808080" FACE="Arial,Verdana,Helvetica" SIZE="1"><B>
-______________<BR>
+________________<BR>
 <SMALL>&copy; Copyright 2001, <A HREF="http://www.OpenLDAP.org/foundation/">OpenLDAP Foundation</A>, <A HREF="mailto:info@OpenLDAP.org">info@OpenLDAP.org</A></SMALL></B></FONT>
 	!endblock

--- a/doc/guide/release/copyright.sdf
+++ b/doc/guide/release/copyright.sdf
@@ -12,7 +12,7 @@ H1: OpenLDAP Software Copyright Notices
 H2: OpenLDAP Copyright Notice
-[[copyright]] 1998-2000 The OpenLDAP Foundation, Redwood City, California, USA
+[[copyright]] 1998-2001 The OpenLDAP Foundation, Redwood City, California, USA
 All rights reserved.
 Redistribution and use in source and binary forms are permitted