upstream/openldap
1
0
Fork 0
mirror of https://git.openldap.org/openldap/openldap.git synced 2025-12-30 03:29:35 -05:00
Code Issues Projects Releases Packages Wiki Activity Actions

Update RFC references

Browse source
This commit is contained in:
Kurt Zeilenga 2006-06-09 17:20:38 +00:00
parent 2941bd8a9e
commit a031f0c638
22 changed files with 85 additions and 80 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

13
doc/guide/admin/intro.sdf
View file

@ -52,10 +52,11 @@ H2: What is LDAP?
it is a lightweight protocol for accessing directory services,
specifically {{TERM:X.500}}-based directory services. LDAP runs
over {{TERM:TCP}}/{{TERM:IP}} or other connection oriented transfer
services. The nitty-gritty details of LDAP are defined in
{{REF:RFC2251}} "The Lightweight Directory Access Protocol (v3)"
and other documents comprising the technical specification
{{REF:RFC3377}}. This section gives an overview of LDAP from a
services. LDAP is an {{ORG:IETF}} Standard Track protocol and is
specified as detailed in "Lightweight Directory Access Protocol
(LDAP) Technical Specification Road Map" {{REF:RFC4510}}.
This section gives an overview of LDAP from a
user's perspective.
{{What kind of information can be stored in the directory?}} The
@ -107,8 +108,8 @@ concatenating the names of its ancestor entries. For example, the
entry for Barbara Jensen in the Internet naming example above has
an RDN of {{EX:uid=babs}} and a DN of
{{EX:uid=babs,ou=People,dc=example,dc=com}}. The full DN format
is described in {{REF:RFC2253}}, "Lightweight Directory Access
Protocol (v3): UTF-8 String Representation of Distinguished Names."
is described in {{REF:RFC4514}}, "LDAP: String Representation of
Distinguished Names."
{{How is the information accessed?}} LDAP defines operations for
interrogating and updating the directory. Operations are provided

2
doc/guide/admin/proxycache.sdf
View file

@ -36,7 +36,7 @@ is stored in main memory.
A template is a prototype for generating LDAP search requests.
Templates are described by a prototype search filter and a list of
attributes which are required in queries generated from the template.
The representation for prototype filter is similar to RFC 2254,
The representation for prototype filter is similar to {{REF:RFC4515}},
except that the assertion values are missing. Examples of prototype
filters are: (sn=),(&(sn=)(givenname=)) which are instantiated by
search filters (sn=Doe) and (&(sn=Doe)(givenname=John)) respectively.

2
doc/guide/admin/sasl.sdf
View file

@ -5,7 +5,7 @@ H1: Using SASL
OpenLDAP clients and servers are capable of authenticating via the
{{TERM[expand]SASL}} ({{TERM:SASL}}) framework, which is detailed
in {{REF:RFC2222}}. This chapter describes how to make use of
in {{REF:RFC4422}}. This chapter describes how to make use of
SASL in OpenLDAP.
There are several industry standard authentication mechanisms that

10
doc/guide/admin/schema.sdf
View file

@ -173,10 +173,10 @@ H3: Attribute Type Specification
The {{attributetype}} directive is used to define a new attribute
type. The directive uses the same Attribute Type Description
(as defined in {{REF:RFC2252}}) used by the attributeTypes
(as defined in {{REF:RFC4512}}) used by the attributeTypes
attribute found in the subschema subentry, e.g.:
E: attributetype <{{REF:RFC2252}} Attribute Type Description>
E: attributetype <{{REF:RFC4512}} Attribute Type Description>
where Attribute Type Description is defined by the following
{{TERM:BNF}}:
@ -346,10 +346,10 @@ H3: Object Class Specification
The {{objectclasses}} directive is used to define a new object
class. The directive uses the same Object Class Description
(as defined in {{REF:RFC2252}}) used by the objectClasses
(as defined in {{REF:RFC4512}}) used by the objectClasses
attribute found in the subschema subentry, e.g.:
E: objectclass <{{REF:RFC2252}} Object Class Description>
E: objectclass <{{REF:RFC4512}} Object Class Description>
where Object Class Description is defined by the following
{{TERM:BNF}}:
@ -403,7 +403,7 @@ and {{EX:givenName}} and allows {{EX:myPhoto}}.
!if 0
H2: Transferring Schema
Since the {{slapd.conf}}(5) schema directives use {{REF:RFC2252}}
Since the {{slapd.conf}}(5) schema directives use {{REF:RFC4512}}
format values, you can extract schema elements published by
any LDAPv3 server and easily construct directives for use with
{{slapd}}(8).

13
doc/guide/admin/slapdconf2.sdf
View file

@ -323,14 +323,14 @@ in underneath. Schema entries must have the {{EX:olcSchemaConfig}}
objectClass.
H4: olcAttributeTypes: <{{REF:RFC2252}} Attribute Type Description>
H4: olcAttributeTypes: <{{REF:RFC4512}} Attribute Type Description>
This directive defines an attribute type.
Please see the {{SECT:Schema Specification}} chapter
for information regarding how to use this directive.
H4: olcObjectClasses: <{{REF:RFC2252}} Object Class Description>
H4: olcObjectClasses: <{{REF:RFC4512}} Object Class Description>
This directive defines an object class.
Please see the {{SECT:Schema Specification}} chapter for
@ -561,8 +561,9 @@ the rootdn (when the rootdn is set to a DN within the database).
> olcRootPW: secret
It is also permissible to provide a hash of the password in RFC 2307
form. {{slappasswd}}(8) may be used to generate the password hash.
It is also permissible to provide a hash of the password in
{{REF:RFC2307}} form. {{slappasswd}}(8) may be used to generate
the password hash.
\Example:
@ -1063,7 +1064,7 @@ the target entry's {{normalized DN}}. (The second form is not
discussed further in this document.) The third form is used to
select entries which are within the requested scope of DN. The
<DN> is a string representation of the Distinguished Name, as
described in {{REF:RFC2253}}.
described in {{REF:RFC4514}}.
The scope can be either {{EX:base}}, {{EX:one}}, {{EX:subtree}},
or {{EX:children}}. Where {{EX:base}} matches only the entry with
@ -1093,7 +1094,7 @@ Entries may also be selected using a filter:
> to filter=<ldap filter>
where <ldap filter> is a string representation of an LDAP
search filter, as described in {{REF:RFC2254}}. For example:
search filter, as described in {{REF:RFC4515}}. For example:
> to filter=(objectClass=person)

10
doc/guide/admin/slapdconfig.sdf
View file

@ -105,7 +105,7 @@ access control policy, {{EX:access to * by * read}}, allows all
both authenticated and anonymous users read access.
H4: attributetype <{{REF:RFC2252}} Attribute Type Description>
H4: attributetype <{{REF:RFC4512}} Attribute Type Description>
This directive defines an attribute type.
Please see the {{SECT:Schema Specification}} chapter
@ -172,7 +172,7 @@ logged.
E: loglevel 256
H4: objectclass <{{REF:RFC2252}} Object Class Description>
H4: objectclass <{{REF:RFC4512}} Object Class Description>
This directive defines an object class.
Please see the {{SECT:Schema Specification}} chapter for
@ -378,7 +378,7 @@ the rootdn (when the rootdn is set to a DN within the database).
> rootpw secret
It is also permissible to provide hash of the password in RFC 2307
It is also permissible to provide hash of the password in {{REF:RFC2307}}
form. {{slappasswd}}(8) may be used to generate the password hash.
\Example:
@ -643,7 +643,7 @@ the target entry's {{normalized DN}}. (The second form is not
discussed further in this document.) The third form is used to
select entries which are within the requested scope of DN. The
<DN> is a string representation of the Distinguished Name, as
described in {{REF:RFC2253}}.
described in {{REF:RFC4514}}.
The scope can be either {{EX:base}}, {{EX:one}}, {{EX:subtree}},
or {{EX:children}}. Where {{EX:base}} matches only the entry with
@ -673,7 +673,7 @@ Entries may also be selected using a filter:
> to filter=<ldap filter>
where <ldap filter> is a string representation of an LDAP
search filter, as described in {{REF:RFC2254}}. For example:
search filter, as described in {{REF:RFC4515}}. For example:
> to filter=(objectClass=person)

3
doc/guide/admin/tls.sdf
View file

@ -7,6 +7,7 @@ OpenLDAP clients and servers are capable of using the
{{TERM[expand]TLS}} ({{TERM:TLS}}) framework to provide
integrity and confidentiality protections and to support
LDAP authentication using the {{TERM:SASL}} EXTERNAL mechanism.
TLS is defined in {{REF:RFC4346}}.
H2: TLS Certificates
@ -23,7 +24,7 @@ The DN of a server certificate must use the CN attribute
to name the server, and the {{EX:CN}} must carry the server's
fully qualified domain name. Additional alias names and wildcards
may be present in the {{EX:subjectAltName}} certificate extension.
More details on server certificate names are in {{REF:RFC2830}}.
More details on server certificate names are in {{REF:RFC4513}}.
H3: Client Certificates

24
doc/guide/preamble.sdf
View file

@ -207,24 +207,26 @@ X.509|X.509 Public Key and Attribute Certificate Frameworks
!block references; data
Reference|Status|Document|Jump
RFC2079|PS|Definition of an X.500 Attribute Type and an Object Class to Hold Uniform Resource Identifers|http://www.rfc-editor.org/rfc/rfc2079.txt
RFC2222|PS|Simple Authentication and Security Layer|http://www.rfc-editor.org/rfc/rfc2222.txt
RFC2251|PS|Lightweight Directory Access Protocol (v3)|http://www.rfc-editor.org/rfc/rfc2251.txt
RFC2252|PS|LDAPv3: Attribute Syntax Definitions|http://www.rfc-editor.org/rfc/rfc2252.txt
RFC2253|PS|LDAPv3: UTF-8 String Representation of Distinguished Names|http://www.rfc-editor.org/rfc/rfc2253.txt
RFC2254|PS|The String Representation of LDAP Search Filters|http://www.rfc-editor.org/rfc/rfc2254.txt
RFC2255|PS|The LDAP URL Format|http://www.rfc-editor.org/rfc/rfc2255.txt
RFC2256|PS|A Summary of the X.500(96) User Schema for use with LDAPv3|http://www.rfc-editor.org/rfc/rfc2256.txt
RFC2296|PS|Use of Language Codes in LDAP|http://www.rfc-editor.org/rfc/rfc2296.txt
RFC2307|X|An Approach for Using LDAP as a Network Information Service|http://www.rfc-editor.org/rfc/rfc2307.txt
RFC2798|INFO|Definition of the inetOrgPerson LDAP Object Class|http://www.rfc-editor.org/rfc/rfc2798.txt
RFC2829|PS|Authentication Methods for LDAP|http://www.rfc-editor.org/rfc/rfc2829.txt
RFC2830|PS|LDAPv3: Extension for Transport Layer Security|http://www.rfc-editor.org/rfc/rfc2830.txt
RFC2831|PS|Using Digest Authentication as a SASL Mechanism|http://www.rfc-editor.org/rfc/rfc2831.txt
RFC2849|PS|The LDAP Data Interchange Format|http://www.rfc-editor.org/rfc/rfc2849.txt
RFC3088|X|OpenLDAP Root Service|http://www.rfc-editor.org/rfc/rfc3088.txt
RFC3296|PS|Named Subordinate References in LDAP|http://www.rfc-editor.org/rfc/rfc3296.txt
RFC3377|PS|Lightweight Directory Access Protocol (v3): Technical Specification|http://www.rfc-editor.org/rfc/rfc3377.txt
RFC3383|BCP|Internet Assigned Numbers Authority (IANA) Considerations for the Lightweight Directory Access Protocol (LDAP)|http://www.rfc-editor.org/rfc/rfc3383.txt
RFC3384|INFO|Lightweight Directory Access Protocol (version 3) Replication Requirements|http://www.rfc-editor.org/rfc/rfc3384.txt
RFC3494|INFO|Lightweight Directory Access Protocol version 2 (LDAPv2) to Historic Status|http://www.rfc-editor.org/rfc/rfc3494.txt
RFC4013|PS|SASLprep: Stringprep Profile for User Names and Passwords
RFC4346|PS|The Transport Layer Security (TLS) Protocol, Version 1.1|http://www.rfc-editor.org/rfc/rfc4346.txt
RFC4422|PS|Simple Authentication and Security Layer (SASL)|http://www.rfc-editor.org/rfc/rfc4422.txt
RFC4510|PS|Lightweight Directory Access Protocol (LDAP) Technical Specification Roadmap|http://www.rfc-editor.org/rfc/rfc4510.txt
RFC4511|PS|Lightweight Directory Access Protocol (LDAP): The Protocol|http://www.rfc-editor.org/rfc/rfc4512.txt
RFC4512|PS|Lightweight Directory Access Protocol (LDAP): Directory Information Models|http://www.rfc-editor.org/rfc/rfc4512.txt
RFC4513|PS|Lightweight Directory Access Protocol (LDAP): Authentication Methods and Security Mechanisms|http://www.rfc-editor.org/rfc/rfc4513.txt
RFC4514|PS|Lightweight Directory Access Protocol (LDAP): String Representation of Distinguished Names|http://www.rfc-editor.org/rfc/rfc4514.txt
RFC4515|PS|Lightweight Directory Access Protocol (LDAP): String Representation of Search Filters|http://www.rfc-editor.org/rfc/rfc4515.txt
RFC4516|PS|Lightweight Directory Access Protocol (LDAP): Uniform Resource Locator|http://www.rfc-editor.org/rfc/rfc4516.txt
RFC4517|PS|Lightweight Directory Access Protocol (LDAP): Syntaxes and Matching Rules|http://www.rfc-editor.org/rfc/rfc4517.txt
RFC4518|PS|Lightweight Directory Access Protocol (LDAP): Internationalized String Preparation|http://www.rfc-editor.org/rfc/rfc4518.txt
RFC4519|PS|Lightweight Directory Access Protocol (LDAP): Schema for User Applications|http://www.rfc-editor.org/rfc/rfc4519.txt
!endblock

2
doc/man/man1/ldapdelete.1
View file

@ -66,7 +66,7 @@ library call.
opens a connection to an LDAP server, binds, and deletes one or more
entries. If one or more \fIDN\fP arguments are provided, entries with
those Distinguished Names are deleted. Each \fIDN\fP should be provided
using the LDAPv3 string representation as defined in RFC 2253.
using the LDAPv3 string representation as defined in RFC 4514.
If no \fIdn\fP arguments
are provided, a list of DNs is read from standard input (or from
\fIfile\fP if the -f flag is used).

4
doc/man/man1/ldapsearch.1
View file

@ -90,7 +90,7 @@ library call.
.B ldapsearch
opens a connection to an LDAP server, binds, and performs a search
using specified parameters. The \fIfilter\fP should conform to
the string representation for search filters as defined in RFC 2254.
the string representation for search filters as defined in RFC 4515.
If not provided, the default filter, (objectClass=*), is used.
.LP
If
@ -239,7 +239,7 @@ Specify general extensions with -e and search extensions with -E.
General extensions:
.nf
[!]assert=<filter> (an RFC 2254 Filter)
[!]assert=<filter> (an RFC 4515 Filter)
[!]authzid=<authzid> ("dn:<dn>" or "u:<user>")
[!]manageDSAit
[!]noop

18
doc/man/man3/ldap.3
View file

@ -14,12 +14,12 @@ OpenLDAP LDAP (libldap, -lldap)
.fi
.SH DESCRIPTION
.LP
The Lightweight Directory Access Protocol (LDAP) (RFC 3377) provides
The Lightweight Directory Access Protocol (LDAP) (RFC 4510) provides
access to X.500 directory services. These services may be stand\-alone
or part of a distributed directory service. This client API supports
LDAP over TCP (RFC2251), LDAP over TLS/SSL, and LDAP over IPC (UNIX
domain sockets). This API supports SASL (RFC2829) and Start TLS
(RFC2830) as well as a number of protocol extensions. This API is
LDAP over TCP (RFC 4511), LDAP over TLS/SSL, and LDAP over IPC (UNIX
domain sockets). This API supports SASL (RFC 4513) and Start TLS
(RFC 4513) as well as a number of protocol extensions. This API is
loosely based upon IETF/LDAPEXT C LDAP API draft specification, a (orphaned)
work in progress.
.LP
@ -65,9 +65,9 @@ Errors can be interpreted by calling
.BR ldap_err2string (3).
.SH LDAP versions
This library supports version 3 of the Lightweight Directory Access
Protocol (LDAPv3) as defined in RFC 3377. It also supports a variant
Protocol (LDAPv3) as defined in RFC 4510. It also supports a variant
of version 2 of LDAP as defined by U-Mich LDAP and, to some degree,
RFC 1777. Version 2 (all variants) should be viewed as obsolete.
RFC 1777. Version 2 (all variants) are considered obsolete.
Version 3 should be used instead.
.LP
For backwards compatibility reasons, the library defaults to version 2.
@ -81,15 +81,15 @@ All character string input/output is expected to be/is UTF\-8
encoded Unicode (version 3.2).
.LP
Distinguished names (DN) (and relative distinguished names (RDN) to
be passed to the LDAP routines should conform to RFC 2253 UTF\-8
be passed to the LDAP routines should conform to RFC 4514 UTF\-8
string representation.
.LP
Search filters to be passed to the search routines are to be
constructed by hand and should conform to RFC 2254 UTF\-8
constructed by hand and should conform to RFC 4515 UTF\-8
string representation.
.LP
LDAP URL are to be passed to routines are expected to conform
to RFC 2255 syntax. The
to RFC 4516 format. The
.BR ldap_url (3)
routines can be used to work with LDAP URLs.
.SH DISPLAYING RESULTS

4
doc/man/man3/ldap_bind.3
View file

@ -226,8 +226,8 @@ The bind method must be synchronous.
.BR ldap_open (3),
.BR ldap_set_option (3),
.BR ldap_url_parse (3)
.B RFC 2222
(http://www.ietf.org),
.B RFC 4422
(http://www.rfc-editor.org),
.B Cyrus SASL
(http://asg.web.cmu.edu/sasl/)
.SH ACKNOWLEDGEMENTS

8
doc/man/man3/ldap_get_dn.3
View file

@ -41,8 +41,8 @@ char *ldap_dn2ad_canonical( const char * dn )
These routines allow LDAP entry names (Distinguished Names, or DNs)
to be obtained, parsed, converted to a user-friendly form, and tested.
A DN has the form described in
RFC 2253 "Lightweight Directory Access Protocol (v3):
UTF-8 String Representation of Distinguished Names".
RFC 4414 "Lightweight Directory Access Protocol (LDAP):
String Representation of Distinguished Names".
.LP
The
.B ldap_get_dn()
@ -91,7 +91,7 @@ can be either
or
.B LDAP_AVA_BINARY,
the latter meaning that the value is BER/DER encoded and thus must
be represented as, quoting from RFC 2253, " ... an
be represented as, quoting from RFC 4514, " ... an
octothorpe character ('#' ASCII 35) followed by the hexadecimal
representation of each of the bytes of the BER encoding of the X.500
AttributeValue."
@ -107,7 +107,7 @@ can be
LDAP_DN_FORMAT_DCE
.fi
which defines what DN syntax is expected (according to RFC 2253,
which defines what DN syntax is expected (according to RFC 4514,
RFC 1779 and DCE, respectively).
The format can be \fIOR\fPed to the flags
.LP

8
doc/man/man3/ldap_schema.3
View file

@ -117,13 +117,13 @@ char * ldap_scherr2str(code)
int code;
.SH DESCRIPTION
These routines are used to parse schema definitions in the syntax
defined in RFC 2252 into structs and handle these structs. These
defined in RFC 4512 into structs and handle these structs. These
routines handle four kinds of definitions: syntaxes, matching rules,
attribute types and object classes. For each definition kind, four
routines are provided.
.LP
.B ldap_str2xxx()
takes a definition in RFC 2252 format in argument
takes a definition in RFC 4512 format in argument
.IR s
as a NUL-terminated string and returns, if possible, a pointer to a
newly allocated struct of the appropriate kind. The caller is
@ -145,7 +145,7 @@ is a bit mask of parsing options controlling the relaxation of the
syntax recognized. The following values are defined:
.TP
.B LDAP_SCHEMA_ALLOW_NONE
strict parsing according to RFC 2252.
strict parsing according to RFC 4512.
.TP
.B LDAP_SCHEMA_ALLOW_NO_OID
permit definitions that do not contain an initial OID.
@ -278,7 +278,7 @@ return a canonical name for the definition.
.LP
Routines
.B ldap_xxx2str()
return a string representation in the format described by RFC 2252 of
return a string representation in the format described by RFC 4512 of
the struct passed in the argument. The string is a newly allocated
string that must be freed by the caller. These routines may return
NULL if no memory can be allocated for the string.

4
doc/man/man3/ldap_search.3
View file

@ -107,7 +107,7 @@ BNF:
.LP
The '~=' construct is used to specify approximate matching. The
representation for <attributetype> and <attributevalue> are as
described in RFC 2254. In addition, <attributevalue> can be a single *
described in RFC 4515. In addition, <attributevalue> can be a single *
to achieve an attribute existence test, or can contain text and *'s
interspersed to achieve substring matching.
.LP
@ -115,7 +115,7 @@ For example, the filter "(mail=*)" will find any entries that have a mail
attribute. The filter "(mail=*@terminator.rs.itd.umich.edu)" will find
any entries that have a mail attribute ending in the specified string.
To put parentheses in a filter, escape them with a backslash '\\'
character. See RFC 2254 for a more complete description of allowable
character. See RFC 4515 for a more complete description of allowable
filters.
.LP
\fIAttrs\fP is a null-terminated array of attribute types to return

4
doc/man/man3/ldap_url.3
View file

@ -37,7 +37,7 @@ typedef struct ldap_url_desc {
ldap_free_urldesc( LDAPURLDesc *ludp )
.SH DESCRIPTION
These routines support the use of LDAP URLs (Uniform Resource Locators)
as detailed in RFC 2255. LDAP URLs look like this:
as detailed in RFC 4516. LDAP URLs look like this:
.nf
\fBldap://\fP\fIhostport\fP\fB/\fP\fIdn\fP[\fB?\fP\fIattrs\fP[\fB?\fP\fIscope\fP[\fB?\fP\fIfilter\fP[\fB?\fP\fIexts\fP]]]]
@ -80,7 +80,7 @@ a call to
.SH SEE ALSO
.BR ldap (3)
.LP
.B The LDAP URL Format, RFC 2255,
.B LDAP: Uniform Resource Locator, RFC 4516,
Tim Howes and Mark Smith, December 1997.
.SH ACKNOWLEDGEMENTS
.B OpenLDAP

2
doc/man/man5/slapd-dnssrv.5
View file

@ -26,7 +26,7 @@ In fact, this backend only implements the
.B search
operation when the
.B manageDSAit
control (RFC3296) is used, otherwise for every operation a referral,
control (RFC 3296) is used, otherwise for every operation a referral,
whenever appropriate, or an error is returned.
Currently, there is no means to condition the returning of the referral
by means of ACLs; no access control is implemented, except for

2
doc/man/man5/slapd.access.5
View file

@ -194,7 +194,7 @@ The regex form of the pattern does not (yet) support UTF\-8.
.LP
The statement
.B filter=<ldapfilter>
selects the entries based on a valid LDAP filter as described in RFC 2254.
selects the entries based on a valid LDAP filter as described in RFC 4515.
A filter of
.B (objectClass=*)
is implied if no

16
doc/man/man5/slapd.conf.5
View file

@ -133,8 +133,8 @@ a trailing `-') matches all options starting with that name, as well
as the option with the range name sans the trailing `-'.
That is, `x-foo-bar-' matches `x-foo-bar' and `x-foo-bar-baz'.
RFC 2251 reserves options beginning with `x-' for private experiments.
Other options should be registered with IANA, see RFC 3383 section 3.4.
RFC 4520 reserves options beginning with `x-' for private experiments.
Other options should be registered with IANA, see RFC 4520 section 3.5.
OpenLDAP also has the `binary' option built in, but this is a transfer
option, not a tagging option.
.HP
@ -153,8 +153,8 @@ option, not a tagging option.
[NO\-USER\-MODIFICATION]\
[USAGE\ <attributeUsage>]\ )"
.RS
Specify an attribute type using the LDAPv3 syntax defined in RFC 2252.
The slapd parser extends the RFC 2252 definition by allowing string
Specify an attribute type using the LDAPv3 syntax defined in RFC 4512.
The slapd parser extends the RFC 4512 definition by allowing string
forms as well as numeric OIDs to be used for the attribute OID and
attribute syntax OID.
(See the
@ -432,8 +432,8 @@ disallows the StartTLS operation if authenticated (see also
[MAY\ <oids>]\
[NOT\ <oids>]\ )"
.RS
Specify an DIT Content Rule using the LDAPv3 syntax defined in RFC 2252.
The slapd parser extends the RFC 2252 definition by allowing string
Specify an DIT Content Rule using the LDAPv3 syntax defined in RFC 4512.
The slapd parser extends the RFC 4512 definition by allowing string
forms as well as numeric OIDs to be used for the attribute OID and
attribute syntax OID.
(See the
@ -637,8 +637,8 @@ the path is colon-separated but this depends on the operating system.
[{ ABSTRACT | STRUCTURAL | AUXILIARY }]\
[MUST\ <oids>] [MAY\ <oids>] )"
.RS
Specify an objectclass using the LDAPv3 syntax defined in RFC 2252.
The slapd parser extends the RFC 2252 definition by allowing string
Specify an objectclass using the LDAPv3 syntax defined in RFC 4512.
The slapd parser extends the RFC 4512 definition by allowing string
forms as well as numeric OIDs to be used for the object class OID.
(See the
.B

2
doc/man/man5/slapo-pcache.5
View file

@ -24,7 +24,7 @@ are saved in the cache for use in future queries.
A template is defined by a filter string and an index identifying a set of
attributes. The \fBtemplate string\fP for a query can be obtained by
removing assertion values from the RFC 2254 representation of its search
removing assertion values from the RFC 4515 representation of its search
filter. A query belongs to a template if its template string and set of
projected attributes correspond to a cacheable template.
Examples of template strings are \fB(mail=)\fP, \fB(|(sn=)(cn=))\fP,

10
doc/man/man5/slapo-ppolicy.5
View file

@ -623,7 +623,7 @@ time "#" syntaxOID "#" length "#" data
time=
.RS 4
generalizedTimeString as specified in section 6.14 of [RFC2252]
GeneralizedTime as specified in section 3.3.13 of [RFC4517]
.RE
.P
@ -631,13 +631,13 @@ syntaxOID = numericoid
.RS 4
This is the string representation of the dotted-decimal OID that
defines the syntax used to store the password. numericoid is
described in section 4.1 of [RFC2252].
described in section 1.4 of [RFC4512].
.RE
length = numericstring
length = NumericString
.RS 4
The number of octets in the data. numericstring is described in
section 4.1 of [RFC2252].
The number of octets in the data. NumericString is described in
section 3.3.23 of [RFC4517].
.RE
data =

4
doc/man/man8/slappasswd.8
View file

@ -138,7 +138,7 @@ Omit the trailing newline; useful to pipe the credentials
into a command.
.SH LIMITATIONS
The practice storing hashed passwords in userPassword violates
Standard Track (RFC 2256) schema specifications and may hinder
Standard Track (RFC 4519) schema specifications and may hinder
interoperability. A new attribute type, authPassword, to hold
hashed passwords has been defined (RFC 3112), but is not yet
implemented in
@ -160,7 +160,7 @@ were clear text passwords.
.BR slapd (8)
.BR slapd.conf (5)
.B RFC 2307
.B RFC 2256
.B RFC 4519
.B RFC 3112
.LP
"OpenLDAP Administrator's Guide" (http://www.OpenLDAP.org/doc/admin/)