Man pages added in 2.4.21
This commit is contained in:
parent
19fc3e3fef
commit
902ced1e35
|
@ -0,0 +1,253 @@
|
|||
.\" OpenLDAP: pkg/ldap/doc/man/man1/ldapexop.1,v 1.1.2.2 2009/06/03 01:41:51 quanah Exp
|
||||
.\" This contribution is derived from OpenLDAP Software.
|
||||
.\" All of the modifications to OpenLDAP Software represented in this
|
||||
.\" contribution were developed by Peter Marschall <peter@adpm.de>.
|
||||
.\" I have not assigned rights and/or interest in this work to any party.
|
||||
.\"
|
||||
.\" Copyright 2009 Peter Marschall
|
||||
.\" Redistribution and use in source and binary forms, with or without
|
||||
.\" modification, are permitted only as authorized by the OpenLDAP Public License.
|
||||
.\"
|
||||
.\" A copy of this license is available in file LICENSE in the
|
||||
.\" top-level directory of the distribution or, alternatively, at
|
||||
.\" http://www.OpenLDAP.org/license.html.
|
||||
|
||||
.TH LDAPEXOP 1
|
||||
|
||||
.SH NAME
|
||||
ldapexop \- issue LDAP extended operations
|
||||
|
||||
.SH SYNOPSIS
|
||||
ldapexop
|
||||
[\c
|
||||
.BI \-d \ level\fR]
|
||||
[\c
|
||||
.BI \-D \ binddn\fR]
|
||||
[\c
|
||||
.BR \-e \ [ ! ] \fIext\fP [ =\fIextparam\fP ]]
|
||||
[\c
|
||||
.BI \-f \ file\fR]
|
||||
[\c
|
||||
.BI \-h \ host\fR]
|
||||
[\c
|
||||
.BI \-H \ URI\fR]
|
||||
[\c
|
||||
.BR \-I ]
|
||||
[\c
|
||||
.BR \-n ]
|
||||
[\c
|
||||
.BR \-N ]
|
||||
[\c
|
||||
.BI \-O \ security-properties\fR]
|
||||
[\c
|
||||
.BI \-o \ opt\fR[\fP = optparam\fR]]
|
||||
[\c
|
||||
.BI \-p \ port\fR]
|
||||
[\c
|
||||
.BR \-Q ]
|
||||
[\c
|
||||
.BI \-R \ realm\fR]
|
||||
[\c
|
||||
.BI \-U \ authcid\fR]
|
||||
[\c
|
||||
.BR \-v ]
|
||||
[\c
|
||||
.BR \-V ]
|
||||
[\c
|
||||
.BI \-w \ passwd\fR]
|
||||
[\c
|
||||
.BR \-W ]
|
||||
[\c
|
||||
.BR \-x ]
|
||||
[\c
|
||||
.BI \-X \ authzid\fR]
|
||||
[\c
|
||||
.BI \-y \ file\fR]
|
||||
[\c
|
||||
.BI \-Y \ mech\fR]
|
||||
[\c
|
||||
.BR \-Z [ Z ]]
|
||||
{\c
|
||||
.I oid
|
||||
|
|
||||
.BI oid: data
|
||||
|
|
||||
.BI oid:: b64data
|
||||
|
|
||||
.B whoami
|
||||
|
|
||||
.BI cancel \ cancel-id
|
||||
|
|
||||
.BI refresh \ DN \ \fR[\fIttl\fR]}
|
||||
|
||||
.SH DESCRIPTION
|
||||
ldapexop issues the LDAP extended operation specified by \fBoid\fP
|
||||
or one of the special keywords \fBwhoami\fP, \fBcancel\fP, or \fBrefresh\fP.
|
||||
|
||||
Additional data for the extended operation can be passed to the server using
|
||||
\fIdata\fP or base-64 encoded as \fIb64data\fP in the case of \fBoid\fP,
|
||||
or using the additional parameters in the case of the specially named extended
|
||||
operations above.
|
||||
|
||||
Please note that ldapexop behaves differently for the same extended operation
|
||||
when it was given as an OID or as a specialliy named operation:
|
||||
|
||||
Calling ldapexop with the OID of the \fBwhoami\fP (RFC 4532) extended operation
|
||||
.nf
|
||||
|
||||
ldapexop [<options>] 1.3.6.1.4.1.4203.1.11.3
|
||||
|
||||
.fi
|
||||
yields
|
||||
.nf
|
||||
|
||||
# extended operation response
|
||||
data:: <base64 encoded response data>
|
||||
|
||||
.fi
|
||||
while calling it with the keyword \fBwhoami\fP
|
||||
.nf
|
||||
|
||||
ldapexop [<options>] whoami
|
||||
|
||||
.fi
|
||||
results in
|
||||
.nf
|
||||
|
||||
dn:<client's identity>
|
||||
|
||||
.fi
|
||||
|
||||
|
||||
.SH OPTIONS
|
||||
.TP
|
||||
.BI \-d \ level
|
||||
Set the LDAP debugging level to \fIlevel\fP.
|
||||
.TP
|
||||
.BI \-D \ binddn
|
||||
Use the Distinguished Name \fIbinddn\fP to bind to the LDAP directory.
|
||||
.TP
|
||||
.BR \-e \ [ ! ] \fIext\fP [ =\fIextparam\fP ]
|
||||
Specify general extensions. \'!\' indicates criticality.
|
||||
.nf
|
||||
[!]assert=<filter> (RFC 4528; a RFC 4515 Filter string)
|
||||
[!]authzid=<authzid> (RFC 4370; "dn:<dn>" or "u:<user>")
|
||||
[!]chaining[=<resolveBehavior>[/<continuationBehavior>]]
|
||||
one of "chainingPreferred", "chainingRequired",
|
||||
"referralsPreferred", "referralsRequired"
|
||||
[!]manageDSAit (RFC 3296)
|
||||
[!]noop
|
||||
ppolicy
|
||||
[!]postread[=<attrs>] (RFC 4527; comma-separated attr list)
|
||||
[!]preread[=<attrs>] (RFC 4527; comma-separated attr list)
|
||||
[!]relax
|
||||
abandon, cancel, ignore (SIGINT sends abandon/cancel,
|
||||
or ignores response; if critical, doesn't wait for SIGINT.
|
||||
not really controls)
|
||||
.fi
|
||||
.TP
|
||||
.BI \-f \ file
|
||||
Read operations from \fIfile\fP.
|
||||
.TP
|
||||
.BI \-h \ host
|
||||
Specify the host on which the ldap server is running.
|
||||
Deprecated in favor of \fB\-H\fP.
|
||||
.TP
|
||||
.BI \-H \ URI
|
||||
Specify URI(s) referring to the ldap server(s); only the protocol/host/port
|
||||
fields are allowed; a list of URI, separated by whitespace or commas
|
||||
is expected.
|
||||
.TP
|
||||
.BI \-I
|
||||
Enable SASL Interactive mode. Always prompt. Default is to prompt
|
||||
only as needed.
|
||||
.TP
|
||||
.BI \-n
|
||||
Show what would be done but don't actually do it.
|
||||
Useful for debugging in conjunction with \fB\-v\fP.
|
||||
.TP
|
||||
.BI \-N
|
||||
Do not use reverse DNS to canonicalize SASL host name.
|
||||
.TP
|
||||
.BI \-O \ security-properties
|
||||
Specify SASL security properties.
|
||||
.TP
|
||||
.BI \-o \ opt\fR[\fP = optparam\fR]
|
||||
Specify general options:
|
||||
.nf
|
||||
nettimeout=<timeout> (in seconds, or "none" or "max")
|
||||
.fi
|
||||
.TP
|
||||
.BI \-p \ port
|
||||
Specify the TCP port where the ldap server is listening.
|
||||
Deprecated in favor of \fB\-H\fP.
|
||||
.TP
|
||||
.BI \-Q
|
||||
Enable SASL Quiet mode. Never prompt.
|
||||
.TP
|
||||
.BI \-R \ realm
|
||||
Specify the realm of authentication ID for SASL bind. The form of the realm
|
||||
depends on the actual SASL mechanism used.
|
||||
.TP
|
||||
.BI \-U \ authcid
|
||||
Specify the authentication ID for SASL bind. The form of the ID
|
||||
depends on the actual SASL mechanism used.
|
||||
.TP
|
||||
.BI \-v
|
||||
Run in verbose mode, with many diagnostics written to standard output.
|
||||
.TP
|
||||
.BI \-V
|
||||
Print version info and usage message.
|
||||
If\fB\-VV\fP is given, only the version information is printed.
|
||||
.TP
|
||||
.BI \-w \ passwd
|
||||
Use \fIpasswd\fP as the password for simple authentication.
|
||||
.TP
|
||||
.BI \-W
|
||||
Prompt for simple authentication.
|
||||
This is used instead of specifying the password on the command line.
|
||||
.TP
|
||||
.BI \-x
|
||||
Use simple authentication instead of SASL.
|
||||
.TP
|
||||
.BI \-X \ authzid
|
||||
Specify the requested authorization ID for SASL bind.
|
||||
.I authzid
|
||||
must be one of the following formats:
|
||||
.BI dn: "<distinguished name>"
|
||||
or
|
||||
.BI u: <username>
|
||||
.TP
|
||||
.BI \-y \ file
|
||||
Use complete contents of \fIfile\fP as the password for
|
||||
simple authentication.
|
||||
.TP
|
||||
.BI \-Y \ mech
|
||||
Specify the SASL mechanism to be used for authentication.
|
||||
Without this option, the program will choose the best mechanism the server knows.
|
||||
.TP
|
||||
.BR \-Z [ Z ]
|
||||
Issue StartTLS (Transport Layer Security) extended operation.
|
||||
Giving it twice (\fB\-ZZ\fP) will require the operation to be successful.
|
||||
|
||||
.SH DIAGNOSTICS
|
||||
Exit status is zero if no errors occur.
|
||||
Errors result in a non-zero exit status and
|
||||
a diagnostic message being written to standard error.
|
||||
|
||||
.SH "SEE ALSO"
|
||||
.BR ldap_extended_operation_s (3)
|
||||
|
||||
.SH AUTHOR
|
||||
This manual page was written by Peter Marschall
|
||||
based on \fBldapexop\fP's usage message and a few tests
|
||||
with \fBldapexop\fP.
|
||||
Do not expect it to be complete or absolutely correct.
|
||||
|
||||
.SH ACKNOWLEDGEMENTS
|
||||
.\" Shared Project Acknowledgement Text
|
||||
.B "OpenLDAP Software"
|
||||
is developed and maintained by The OpenLDAP Project <http://www.openldap.org/>.
|
||||
.B "OpenLDAP Software"
|
||||
is derived from University of Michigan LDAP 3.3 Release.
|
||||
|
|
@ -0,0 +1,175 @@
|
|||
.TH LDAPURL 1 "2009/12/20" "OpenLDAP 2.4.21"
|
||||
.\" OpenLDAP: pkg/ldap/doc/man/man1/ldapurl.1,v 1.1.2.4 2009/06/08 18:23:33 quanah Exp
|
||||
.\" Copyright 2008-2009 The OpenLDAP Foundation All Rights Reserved.
|
||||
.\" Copying restrictions apply. See COPYRIGHT/LICENSE.
|
||||
.SH NAME
|
||||
ldapurl \- LDAP URL formatting tool
|
||||
.SH SYNOPSIS
|
||||
.B ldapurl
|
||||
[\c
|
||||
.BR \-a \ attrs\fR]
|
||||
[\c
|
||||
.BI \-b \ searchbase\fR]
|
||||
[\c
|
||||
.BR \-e \ [ ! ] \fIext\fP [ =\fIextparam\fP ]]
|
||||
[\c
|
||||
.BR \-E \ [ ! ] \fIext\fP [ =\fIextparam\fP ]]
|
||||
[\c
|
||||
.BI \-f \ filter\fR]
|
||||
[\c
|
||||
.BI \-H \ ldapuri\fR]
|
||||
[\c
|
||||
.BI \-h \ ldaphost\fR]
|
||||
[\c
|
||||
.BI \-p \ ldapport\fR]
|
||||
[\c
|
||||
.BR \-s \ { base \||\| one \||\| sub \||\| children }]
|
||||
[\c
|
||||
.BI \-S \ scheme\fR]
|
||||
.SH DESCRIPTION
|
||||
.I ldapurl
|
||||
is a command that allows to either compose or decompose LDAP URIs.
|
||||
.LP
|
||||
When invoked with the \fB\-H\fP option,
|
||||
.B ldapurl
|
||||
extracts the components of the \fIldapuri\fP option argument,
|
||||
unescaping hex-escaped chars as required.
|
||||
It basically acts as a frontend to the
|
||||
.BR ldap_url_parse (3)
|
||||
call.
|
||||
Otherwise, it builds an LDAP URI based on the components
|
||||
passed with the appropriate options, performing the inverse operation.
|
||||
Option \fB\-H\fP is incompatible with options
|
||||
.BR \-a ,
|
||||
.BR \-b ,
|
||||
.BR \-E ,
|
||||
.BR \-f ,
|
||||
.BR \-H ,
|
||||
.BR \-h ,
|
||||
.BR \-p ,
|
||||
.BR \-S ,
|
||||
and
|
||||
.BR \-s .
|
||||
.SH OPTIONS
|
||||
.TP
|
||||
.TP
|
||||
.BI \-a \ attrs
|
||||
Set a comma-separated list of attribute selectors.
|
||||
.TP
|
||||
.BI \-b \ searchbase
|
||||
Set the \fIsearchbase\fP.
|
||||
.TP
|
||||
.BR \-e \ [ ! ] \fIext\fP [ =\fIextparam\fP ]
|
||||
.TP
|
||||
.BR \-E \ [ ! ] \fIext\fP [ =\fIextparam\fP ]
|
||||
|
||||
Specify general extensions with \fB\-e\fP and search extensions with \fB\-E\fP.
|
||||
\'\fB!\fP\' indicates criticality.
|
||||
|
||||
General extensions:
|
||||
.nf
|
||||
[!]assert=<filter> (an RFC 4515 Filter)
|
||||
[!]authzid=<authzid> ("dn:<dn>" or "u:<user>")
|
||||
[!]manageDSAit
|
||||
[!]noop
|
||||
ppolicy
|
||||
[!]postread[=<attrs>] (a comma-separated attribute list)
|
||||
[!]preread[=<attrs>] (a comma-separated attribute list)
|
||||
abandon, cancel (SIGINT sends abandon/cancel; not really controls)
|
||||
.fi
|
||||
|
||||
Search extensions:
|
||||
.nf
|
||||
[!]domainScope (domain scope)
|
||||
[!]mv=<filter> (matched values filter)
|
||||
[!]pr=<size>[/prompt|noprompt] (paged results/prompt)
|
||||
[!]sss=[\-]<attr[:OID]>[/[\-]<attr[:OID]>...] (server side sorting)
|
||||
[!]subentries[=true|false] (subentries)
|
||||
[!]sync=ro[/<cookie>] (LDAP Sync refreshOnly)
|
||||
rp[/<cookie>][/<slimit>] (LDAP Sync refreshAndPersist)
|
||||
.fi
|
||||
.TP
|
||||
.TP
|
||||
.BI \-f \ filter
|
||||
Set the URL filter. No particular check on conformity with RFC 4515
|
||||
LDAP filters is performed, but the value is hex-escaped as required.
|
||||
.TP
|
||||
.BI \-H \ ldapuri
|
||||
Specify URI to be exploded.
|
||||
.TP
|
||||
.BI \-h \ ldaphost
|
||||
Set the host.
|
||||
.TP
|
||||
.BI \-p \ ldapport
|
||||
Set the TCP port.
|
||||
.TP
|
||||
.BI \-S \ scheme
|
||||
Set the URL scheme. Defaults for other fields, like \fIldapport\fP,
|
||||
may depend on the value of \fIscheme\fP.
|
||||
.TP
|
||||
.BR \-s \ { base \||\| one \||\| sub \||\| children }
|
||||
Specify the scope of the search to be one of
|
||||
.BR base ,
|
||||
.BR one ,
|
||||
.BR sub ,
|
||||
or
|
||||
.B children
|
||||
to specify a base object, one-level, subtree, or children search.
|
||||
The default is
|
||||
.BR sub .
|
||||
Note:
|
||||
.B children
|
||||
scope requires LDAPv3 subordinate feature extension.
|
||||
|
||||
.SH OUTPUT FORMAT
|
||||
If the \fB\-H\fP option is used, the \fIldapuri\fP supplied
|
||||
is exploded in its components, which are printed to standard output
|
||||
in an LDIF-like form.
|
||||
.LP
|
||||
Otherwise, the URI built using the values passed with the other options
|
||||
is printed to standard output.
|
||||
.SH EXAMPLE
|
||||
The following command:
|
||||
.LP
|
||||
.nf
|
||||
ldapuri \-h ldap.example.com \-b dc=example,dc=com \-s sub \-f "(cn=Some One)"
|
||||
.fi
|
||||
.LP
|
||||
returns
|
||||
.LP
|
||||
.nf
|
||||
ldap://ldap.example.com:389/dc=example,dc=com??sub?(cn=Some%20One)
|
||||
.fi
|
||||
.LP
|
||||
The command:
|
||||
.LP
|
||||
.nf
|
||||
ldapuri \-H ldap://ldap.example.com:389/dc=example,dc=com??sub?(cn=Some%20One)
|
||||
.fi
|
||||
.LP
|
||||
returns
|
||||
.LP
|
||||
.nf
|
||||
scheme: ldap
|
||||
host: ldap.example.com
|
||||
port: 389
|
||||
dn: dc=example,dc=com
|
||||
scope: sub
|
||||
filter: (cn=Some One)
|
||||
.fi
|
||||
.LP
|
||||
.SH DIAGNOSTICS
|
||||
Exit status is zero if no errors occur.
|
||||
Errors result in a non-zero exit status and
|
||||
a diagnostic message being written to standard error.
|
||||
.SH "SEE ALSO"
|
||||
.BR ldap (3),
|
||||
.BR ldap_url_parse (3),
|
||||
.SH AUTHOR
|
||||
The OpenLDAP Project <http://www.openldap.org/>
|
||||
.SH ACKNOWLEDGEMENTS
|
||||
.\" Shared Project Acknowledgement Text
|
||||
.B "OpenLDAP Software"
|
||||
is developed and maintained by The OpenLDAP Project <http://www.openldap.org/>.
|
||||
.B "OpenLDAP Software"
|
||||
is derived from University of Michigan LDAP 3.3 Release.
|
|
@ -0,0 +1,126 @@
|
|||
.TH SLAPD-NDB 5 "2009/12/20" "OpenLDAP 2.4.21"
|
||||
.\" Copyright 2008-2009 The OpenLDAP Foundation All Rights Reserved.
|
||||
.\" Copying restrictions apply. See COPYRIGHT/LICENSE.
|
||||
.\" OpenLDAP: pkg/ldap/doc/man/man5/slapd-ndb.5,v 1.4.2.4 2009/06/03 01:41:56 quanah Exp
|
||||
.SH NAME
|
||||
slapd\-ndb \- MySQL NDB backend to slapd
|
||||
.SH SYNOPSIS
|
||||
.B /etc/openldap/slapd.conf
|
||||
.SH DESCRIPTION
|
||||
The \fBndb\fP backend to
|
||||
.BR slapd (8)
|
||||
uses the MySQL Cluster package to store data, through its NDB API.
|
||||
It provides fault tolerance with extreme scalability, along with
|
||||
a degree of SQL compatibility.
|
||||
.LP
|
||||
This backend is designed to store LDAP information using tables that
|
||||
are also visible from SQL. It uses a higher level SQL API for creating
|
||||
these tables, while using the low level NDB API for storing and
|
||||
retrieving the data within these tables. The NDB Cluster engine
|
||||
allows data to be partitioned across multiple data nodes, and this
|
||||
backend allows multiple slapd instances to operate against a given
|
||||
database concurrently.
|
||||
.LP
|
||||
The general approach is to use distinct tables for each LDAP object class.
|
||||
Entries comprised of multiple object classes will have their data
|
||||
spread across multiple tables. The data tables use a 64 bit entryID
|
||||
as their primary key. The DIT hierarchy is maintained in a separate
|
||||
table, which maps DNs to entryIDs.
|
||||
.LP
|
||||
This backend is experimental. While intended to be a general-purpose
|
||||
backend, it is currently missing a number of common LDAP features.
|
||||
See the \fBTODO\fP file in the source directory for details.
|
||||
.SH CONFIGURATION
|
||||
These
|
||||
.B slapd.conf
|
||||
options apply to the \fBndb\fP backend database.
|
||||
That is, they must follow a "database ndb" line and
|
||||
come before any subsequent "backend" or "database" lines.
|
||||
Other database options are described in the
|
||||
.BR slapd.conf (5)
|
||||
manual page.
|
||||
|
||||
.SH DATA SOURCE CONFIGURATION
|
||||
|
||||
.TP
|
||||
.B dbhost <hostname>
|
||||
The name or IP address of the host running the MySQL server. The default
|
||||
is "localhost". On Unix systems, the connection to a local server is made
|
||||
using a Unix Domain socket, whose path is specified using the
|
||||
.B dbsocket
|
||||
directive.
|
||||
.TP
|
||||
.B dbuser <username>
|
||||
The MySQL login ID to use when connecting to the MySQL server. The chosen
|
||||
user must have sufficient privileges to manipulate the SQL tables in the
|
||||
target database.
|
||||
.TP
|
||||
.B dbpasswd <password>
|
||||
The password for the \fBdbuser\fP.
|
||||
.TP
|
||||
.B dbname <database name>
|
||||
The name of the MySQL database to use.
|
||||
.TP
|
||||
.B dbport <port>
|
||||
The port number to use for the TCP connection to the MySQL server.
|
||||
.TP
|
||||
.B dbsocket <path>
|
||||
The socket to be used for connecting to a local MySQL server.
|
||||
.TP
|
||||
.B dbflag <integer>
|
||||
Client flags for the MySQL session. See the MySQL documentation for details.
|
||||
.TP
|
||||
.B dbconnect <connectstring>
|
||||
The name or IP address of the host running the cluster manager. The default
|
||||
is "localhost".
|
||||
.TP
|
||||
.B dbconnections <integer>
|
||||
The number of cluster connections to establish. Using up to 4 may improve
|
||||
performance under heavier load. The default is 1.
|
||||
|
||||
.SH SCHEMA CONFIGURATION
|
||||
.TP
|
||||
.B attrlen <attribute> <length>
|
||||
Specify the column length to use for a particular attribute. LDAP attributes are
|
||||
stored in individual columns of the SQL tables. The maximum column lengths for
|
||||
each column must be specified when creating these tables. If a length constraint
|
||||
was specified in the attribute's LDAP schema definition, that value will be used
|
||||
by default. If the schema didn't specify a constraint, the default is 128 bytes.
|
||||
Currently the maximum is 1024.
|
||||
.TP
|
||||
.B index <attr[,attr...]>
|
||||
Specify a list of attributes for which indexing should be maintained.
|
||||
Currently there is no support for substring indexing; a single index structure
|
||||
provides presence, equality, and inequality indexing for the specified attributes.
|
||||
.TP
|
||||
.B attrset <set> <attrs>
|
||||
Specify a list of attributes to be treated as an attribute set. This directive
|
||||
creates a table named \fIset\fP which will contain all of the listed attributes.
|
||||
Ordinarily an attribute resides in a table named by an object class that uses
|
||||
the attribute. However, attributes are only allowed to appear in a single table.
|
||||
For attributes that are derived from an inherited object class definition,
|
||||
the attribute will only be stored in the superior class's table.
|
||||
Attribute sets should be defined for any attributes that are used in multiple
|
||||
unrelated object classes, i.e., classes that are not connected by a simple
|
||||
inheritance chain.
|
||||
.SH ACCESS CONTROL
|
||||
The
|
||||
.B ndb
|
||||
backend honors most access control semantics as indicated in
|
||||
.BR slapd.access (5).
|
||||
.SH FILES
|
||||
.TP
|
||||
.B /etc/openldap/slapd.conf
|
||||
default
|
||||
.B slapd
|
||||
configuration file
|
||||
.SH SEE ALSO
|
||||
.BR slapd.conf (5),
|
||||
.BR slapd\-config (5),
|
||||
.BR slapd (8),
|
||||
.BR slapadd (8),
|
||||
.BR slapcat (8),
|
||||
.BR slapindex (8),
|
||||
MySQL Cluster documentation.
|
||||
.SH AUTHOR
|
||||
Howard Chu, with assistance from Johan Andersson et al @ MySQL.
|
|
@ -0,0 +1,56 @@
|
|||
.TH SLAPO-COLLECT 5 "2009/12/20" "OpenLDAP 2.4.21"
|
||||
.\" Copyright 2003-2009 The OpenLDAP Foundation All Rights Reserved.
|
||||
.\" Copying restrictions apply. See COPYRIGHT/LICENSE.
|
||||
.\" OpenLDAP: pkg/ldap/doc/man/man5/slapo-collect.5,v 1.3.2.4 2009/06/03 01:41:59 quanah Exp
|
||||
.SH NAME
|
||||
slapo\-collect \- Collective attributes overlay to slapd
|
||||
.SH SYNOPSIS
|
||||
/etc/openldap/slapd.conf
|
||||
.SH DESCRIPTION
|
||||
The collect overlay is used to provide a relatively coarse
|
||||
implementation of RFC 3671 collective attributes.
|
||||
In X.500, a collective attribute is "a user attribute whose
|
||||
values are the same for each member of an entry collection".
|
||||
|
||||
Collective attributes are added to entries returned by a search operation
|
||||
when the entry is within the scope of the related ancestor.
|
||||
Collective attributes can only be modified when the modification affects
|
||||
the related ancestor.
|
||||
|
||||
.SH CONFIGURATION
|
||||
This
|
||||
.B slapd.conf
|
||||
option applies to the collect overlay.
|
||||
It should appear after the
|
||||
.B overlay
|
||||
directive.
|
||||
.TP
|
||||
.B collectinfo <DN> <attrlist>
|
||||
Specify the
|
||||
.B DN
|
||||
of the ancestor entry and the set of related collective attributes, where
|
||||
.B attrlist
|
||||
is a comma-separated list of attributes.
|
||||
The
|
||||
.B DN
|
||||
should be within the naming context of the database.
|
||||
|
||||
.SH FILES
|
||||
.TP
|
||||
/etc/openldap/slapd.conf
|
||||
default slapd configuration file
|
||||
.SH SEE ALSO
|
||||
.BR slapd.conf (5),
|
||||
.BR slapd\-config (5),
|
||||
The
|
||||
.BR slapo\-collect (5)
|
||||
overlay supports dynamic configuration via
|
||||
.BR back-config .
|
||||
.SH ACKNOWLEDGEMENTS
|
||||
This module was written in 2003 by Howard Chu.
|
||||
This man page was written in 2008 by Pierangelo Masarati.
|
||||
.\" Shared Project Acknowledgement Text
|
||||
.B "OpenLDAP Software"
|
||||
is developed and maintained by The OpenLDAP Project <http://www.openldap.org/>.
|
||||
.B "OpenLDAP Software"
|
||||
is derived from University of Michigan LDAP 3.3 Release.
|
|
@ -0,0 +1,53 @@
|
|||
.TH SLAPO-SSSVLV 5 "2009/12/20" "OpenLDAP 2.4.21"
|
||||
.\" Copyright 2009 The OpenLDAP Foundation All Rights Reserved.
|
||||
.\" Copyright 2009 Symas Corporation All Rights Reserved.
|
||||
.\" Copying restrictions apply. See COPYRIGHT/LICENSE.
|
||||
.\" OpenLDAP: pkg/ldap/doc/man/man5/slapo-sssvlv.5,v 1.1.2.2 2009/07/22 20:02:21 quanah Exp
|
||||
.SH NAME
|
||||
slapo\-sssvlv \- Server Side Sorting and Virtual List View overlay to slapd
|
||||
.SH SYNOPSIS
|
||||
/etc/openldap/slapd.conf
|
||||
.SH DESCRIPTION
|
||||
This overlay implements the LDAP Server Side Sorting (RFC2891) control
|
||||
as well as the Virtual List View control. It also replaces the default
|
||||
implementation of the LDAP PagedResults (RFC2696) control, to ensure
|
||||
that it works with Sorting. The overlay can be used with any backend
|
||||
or globally for all backends.
|
||||
|
||||
Since a complete result set must be generated in memory before sorting can
|
||||
be performed, processing sort requests can have a large impact on the
|
||||
server's memory use. As such, any connection is limited to having only
|
||||
one sort request active at a time. Additional limits may be configured
|
||||
as described below.
|
||||
|
||||
.SH CONFIGURATION
|
||||
These
|
||||
.B slapd.conf
|
||||
options apply to the SSSVLV overlay.
|
||||
They should appear after the
|
||||
.B overlay
|
||||
directive.
|
||||
.TP
|
||||
.B sssvlv\-max <num>
|
||||
Set the maximum number of concurrent sort requests allowed across all
|
||||
connections. The default is one half of the number of server threads.
|
||||
.TP
|
||||
.B sssvlv\-maxkeys <num>
|
||||
Set the maximum number of keys allowed in a sort request. The default is 5.
|
||||
.SH FILES
|
||||
.TP
|
||||
/etc/openldap/slapd.conf
|
||||
default slapd configuration file
|
||||
.TP
|
||||
/etc/openldap/slapd.d
|
||||
default slapd configuration directory
|
||||
.SH SEE ALSO
|
||||
.BR slapd.conf (5),
|
||||
.BR slapd\-config (5).
|
||||
.LP
|
||||
"OpenLDAP Administrator's Guide" (http://www.OpenLDAP.org/doc/admin/)
|
||||
.LP
|
||||
IETF LDAP Virtual List View proposal by D. Boreham, J. Sermersheim,
|
||||
and A. Kashi in IETF document "draft-ietf-ldapext-ldapv3-vlv-09.txt".
|
||||
.SH AUTHOR
|
||||
Howard Chu
|
|
@ -0,0 +1,190 @@
|
|||
.TH SLAPSCHEMA 8C "2009/12/20" "OpenLDAP 2.4.21"
|
||||
.\" Copyright 1998-2009 The OpenLDAP Foundation All Rights Reserved.
|
||||
.\" Copying restrictions apply. See COPYRIGHT/LICENSE.
|
||||
.\" OpenLDAP: pkg/ldap/doc/man/man8/slapschema.8,v 1.1.2.3 2009/06/03 01:42:01 quanah Exp
|
||||
.SH NAME
|
||||
slapschema \- SLAPD in-database schema checking utility
|
||||
.SH SYNOPSIS
|
||||
.B /usr/sbin/slapschema
|
||||
[\c
|
||||
.BI \-a filter\fR]
|
||||
[\c
|
||||
.BI \-b suffix\fR]
|
||||
[\c
|
||||
.BR \-c ]
|
||||
[\c
|
||||
.BI \-d debug-level\fR]
|
||||
[\c
|
||||
.BI \-f slapd.conf\fR]
|
||||
[\c
|
||||
.BI \-F confdir\fR]
|
||||
[\c
|
||||
.BR \-g ]
|
||||
[\c
|
||||
.BI \-l error-file\fR]
|
||||
[\c
|
||||
.BI \-n dbnum\fR]
|
||||
[\c
|
||||
.BI \-o option\fR[ = value\FR]]
|
||||
[\c
|
||||
.BI \-s subtree-dn\fR]
|
||||
[\c
|
||||
.BR \-v ]
|
||||
.LP
|
||||
.SH DESCRIPTION
|
||||
.LP
|
||||
.B Slapschema
|
||||
is used to check schema compliance of the contents of a
|
||||
.BR slapd (8)
|
||||
database.
|
||||
It opens the given database determined by the database number or
|
||||
suffix and checks the compliance of its contents with the corresponding
|
||||
schema. Errors are written to standard output or the specified file.
|
||||
Databases configured as
|
||||
.B subordinate
|
||||
of this one are also output, unless \fB\-g\fP is specified.
|
||||
.LP
|
||||
Administrators may need to modify existing schema items, including
|
||||
adding new required attributes to objectClasses,
|
||||
removing existing required or allowed attributes from objectClasses,
|
||||
entirely removing objectClasses,
|
||||
or any other change that may result in making perfectly valid entries
|
||||
no longer compliant with the modified schema.
|
||||
The execution of the
|
||||
.B slapschema tool after modifying the schema can point out
|
||||
inconsistencies that would otherwise surface only when
|
||||
inconsistent entries need to be modified.
|
||||
|
||||
.LP
|
||||
The entry records are checked in database order, not superior first
|
||||
order. The entry records will be checked considering all
|
||||
(user and operational) attributes stored in the database.
|
||||
Dynamically generated attributes (such as subschemaSubentry)
|
||||
will not be considered.
|
||||
.SH OPTIONS
|
||||
.TP
|
||||
.BI \-a \ filter
|
||||
Only check entries matching the asserted filter.
|
||||
For example
|
||||
|
||||
slapschema \-a \\
|
||||
"(!(entryDN:dnSubtreeMatch:=ou=People,dc=example,dc=com))"
|
||||
|
||||
will check all but the "ou=People,dc=example,dc=com" subtree
|
||||
of the "dc=example,dc=com" database.
|
||||
.TP
|
||||
.BI \-b \ suffix
|
||||
Use the specified \fIsuffix\fR to determine which database to
|
||||
check. The \fB\-b\fP cannot be used in conjunction
|
||||
with the
|
||||
.B \-n
|
||||
option.
|
||||
.TP
|
||||
.B \-c
|
||||
Enable continue (ignore errors) mode.
|
||||
.TP
|
||||
.BI \-d \ debug-level
|
||||
Enable debugging messages as defined by the specified
|
||||
.IR debug-level ;
|
||||
see
|
||||
.BR slapd (8)
|
||||
for details.
|
||||
.TP
|
||||
.BI \-f \ slapd.conf
|
||||
Specify an alternative
|
||||
.BR slapd.conf (5)
|
||||
file.
|
||||
.TP
|
||||
.BI \-F \ confdir
|
||||
specify a config directory.
|
||||
If both
|
||||
.B \-f
|
||||
and
|
||||
.B \-F
|
||||
are specified, the config file will be read and converted to
|
||||
config directory format and written to the specified directory.
|
||||
If neither option is specified, an attempt to read the
|
||||
default config directory will be made before trying to use the default
|
||||
config file. If a valid config directory exists then the
|
||||
default config file is ignored.
|
||||
.TP
|
||||
.B \-g
|
||||
disable subordinate gluing. Only the specified database will be
|
||||
processed, and not its glued subordinates (if any).
|
||||
.TP
|
||||
.BI \-l \ error-file
|
||||
Write errors to specified file instead of standard output.
|
||||
.TP
|
||||
.BI \-n \ dbnum
|
||||
Check the \fIdbnum\fR\-th database listed in the
|
||||
configuration file. The config database
|
||||
.BR slapd\-config (5),
|
||||
is always the first database, so use
|
||||
.B \-n 0
|
||||
|
||||
The
|
||||
.B \-n
|
||||
cannot be used in conjunction with the
|
||||
.B \-b
|
||||
option.
|
||||
.TP
|
||||
.BI \-o \ option\fR[ = value\fR]
|
||||
Specify an
|
||||
.I option
|
||||
with a(n optional)
|
||||
.IR value .
|
||||
Possible generic options/values are:
|
||||
.LP
|
||||
.nf
|
||||
syslog=<subsystems> (see `\-s' in slapd(8))
|
||||
syslog\-level=<level> (see `\-S' in slapd(8))
|
||||
syslog\-user=<user> (see `\-l' in slapd(8))
|
||||
|
||||
.fi
|
||||
.TP
|
||||
.BI \-s \ subtree-dn
|
||||
Only check entries in the subtree specified by this DN.
|
||||
Implies \fB\-b\fP \fIsubtree-dn\fP if no
|
||||
.B \-b
|
||||
nor
|
||||
.B \-n
|
||||
option is given.
|
||||
.TP
|
||||
.B \-v
|
||||
Enable verbose mode.
|
||||
.SH LIMITATIONS
|
||||
For some backend types, your
|
||||
.BR slapd (8)
|
||||
should not be running (at least, not in read-write
|
||||
mode) when you do this to ensure consistency of the database. It is
|
||||
always safe to run
|
||||
.B slapschema
|
||||
with the
|
||||
.BR slapd\-bdb (5),
|
||||
.BR slapd\-hdb (5),
|
||||
and
|
||||
.BR slapd\-null (5)
|
||||
backends.
|
||||
.SH EXAMPLES
|
||||
To check the schema compliance of your SLAPD database after modifications
|
||||
to the schema, and put any error in a file called
|
||||
.BR errors.ldif ,
|
||||
give the command:
|
||||
.LP
|
||||
.nf
|
||||
.ft tt
|
||||
/usr/sbin/slapcat \-l errors.ldif
|
||||
.ft
|
||||
.fi
|
||||
.SH "SEE ALSO"
|
||||
.BR ldap (3),
|
||||
.BR ldif (5),
|
||||
.BR slapd (8)
|
||||
.LP
|
||||
"OpenLDAP Administrator's Guide" (http://www.OpenLDAP.org/doc/admin/)
|
||||
.SH ACKNOWLEDGEMENTS
|
||||
.\" Shared Project Acknowledgement Text
|
||||
.B "OpenLDAP Software"
|
||||
is developed and maintained by The OpenLDAP Project <http://www.openldap.org/>.
|
||||
.B "OpenLDAP Software"
|
||||
is derived from University of Michigan LDAP 3.3 Release.
|
Loading…
Reference in New Issue