[Date Prev][Date Next]
[Chronological]
[Thread]
[Top]
Fw: Admin Guide editing (ITS#695)
This is a multi-part message in MIME format.
------=_NextPart_000_0015_01C0120A.E3653E90
Content-Type: text/plain;
charset=iso-8859-1
Content-Transfer-Encoding: 7bit
----- Original Message -----
From: Cedric Tefft <cedric@earthling.net>
To: "Kurt D. Zeilenga" <Kurt@OpenLDAP.org>
Sent: Tuesday, August 29, 2000 8:58 PM
Subject: Re: Admin Guide editing (ITS#695)
> >Date: Tue, 29 Aug 2000 14:22:27 -0700
> >To: cedric@earthling.net
> >From: "Kurt D. Zeilenga" <Kurt@OpenLDAP.org>
> >Subject: Re: Admin Guide editing (ITS#695)
> >Cc: openldap-its@OpenLDAP.org
> >
> >I could not directly apply the patch.
> >
> >Can you regenerate this patch after doing a 'cvs update'?
> >And given you are using CVS to obtain the guide source,
> >you should also use 'cvs diff -u' to generate the patch.
> >
> >Also, if you can make the patch available FTP (by uploading
> >it to our (or other) server) would also be appreciated.
> >
> >Thanks, Kurt
>
> Unfortunately, I am temporarily (though indefinitely) behind a very
> restrictive firewall. I can use http:// and ftp:// URL's in my web
browser
> (download only), and I can send and receive email. I am not really using
> CVS, but rather, I downloaded each file individually through CVSWeb.
> Needless to say, this was not a fun process! Anyway, I pulled down all
the
> files that have been updated in the past 24 hours and fiddled around again
> until I had a working patch. I am attaching it. I hope it works.
Because
> of my firewall situation I can't do a CVS update, or FTP upload. Sorry.
If
> you've got any suggestions, though, I'd be happy to hear them.
>
> - Cedric
>
>
------=_NextPart_000_0015_01C0120A.E3653E90
Content-Type: application/octet-stream;
name=editor-patch2.diff
Content-Transfer-Encoding: quoted-printable
Content-Disposition: attachment;
filename=editor-patch2.diff
diff -urb admin.29/install.sdf admin/install.sdf=0A=
--- admin.29/install.sdf Tue Aug 29 19:27:30 2000=0A=
+++ admin/install.sdf Tue Aug 29 20:34:29 2000=0A=
@@ -93,14 +93,14 @@=0A=
H3: Database software=0A=
=0A=
OpenLDAP's {{slapd}}(8) primary database backend, {{TERM:LDBM}},=0A=
-requires that a compatible database package for entry storage. LDBM=0A=
+requires a compatible database package for entry storage. LDBM=0A=
is compatible with {{ORG[expand]Sleepy}}'s {{PRD:BerkeleyDB}} =
(recommended)=0A=
or the {{ORG[expand]FSF}}'s {{PRD:GNU}} Database Manager ({{PRD:GDBM}}).=0A=
If neither of these packages are available at configure time,=0A=
you will not be able build slapd(8) with primary database backend.=0A=
=0A=
Your operating system may provide one of these two packages in=0A=
-in base system or as an optional software component. You may=0A=
+the base system or as an optional software component. You may=0A=
need may need to obtain the software and install it yourself.=0A=
=0A=
{{PRD:BerkeleyDB}} is available from {{ORG[expand]Sleepy}}'s=0A=
@@ -127,20 +127,21 @@=0A=
=0A=
{{slapd}}(8) supports TCP wrappers (IP level access control filters)=0A=
if preinstalled. Use of TCP wrappers or other IP level access=0A=
-filters (such as those provided by a IP-level firewall) is recommended=0A=
+filters (such as those provided by an IP-level firewall) is recommended=0A=
for servers containing non-public information.=0A=
=0A=
=0A=
H2: Running configure=0A=
=0A=
-If you haven't already done so, extra the distribution for the=0A=
+If you haven't already done so, extract the distribution from the=0A=
compressed archive file and change directory to the top of the=0A=
distribution:=0A=
=0A=
.{{EX:gunzip -c openldap-VERSION.tgz | tar xf -}}=0A=
.{{EX:cd openldap-VERSION}}=0A=
=0A=
-Replacing {{EX:VERSION}} with the appropriate version string.=0A=
+You'll have to replace {{EX:VERSION}} with the version name of the=0A=
+release.=0A=
=0A=
Note: If you intend to build OpenLDAP for multiple platforms from a=0A=
single source tree you should consult the {{F: INSTALL}} file in the=0A=
@@ -166,13 +167,13 @@=0A=
LIBS Specify additional libraries=0A=
!endblock=0A=
=0A=
-Now run the configure script with any desired configure options or=0A=
+Now run the configure script with any desired configuration options or=0A=
environment variables.=0A=
=0A=
> [[env] settings] ./configure [options]=0A=
=0A=
As an example, let's assume that we want a copy of OpenLDAP configured=0A=
-to use the LDBM backend, and the shell backend. The LDBM backend=0A=
+to use the LDBM backend and the shell backend. The LDBM backend=0A=
is turned on by default, so we don't need to do anything special=0A=
to enable it.=0A=
=0A=
@@ -199,7 +200,7 @@=0A=
=0A=
The {{EX:configure}} script will normally auto-detect appropriate =
settings.=0A=
If you have problems at this stage, consult any platform specific=0A=
-hints and check your {{EX:configure}} options if any.=0A=
+hints and check your {{EX:configure}} options, if any.=0A=
=0A=
=0A=
H2: Building the Software=0A=
@@ -208,7 +209,8 @@=0A=
should be:=0A=
> Please "make depend" to build dependencies=0A=
=0A=
-If the last line of output does not match, {{EX:configure}} has failed.=0A=
+If the last line of output does not match, {{EX:configure}} has failed,=0A=
+and you will need to review its output to determine what went wrong.=0A=
You should not proceed until {{EX:configure}} completes successfully.=0A=
=0A=
To build dependencies, run:=0A=
@@ -229,7 +231,7 @@=0A=
=0A=
> make test=0A=
=0A=
-The test will run a number of tests.=0A=
+This command will run a number of tests.=0A=
=0A=
=0A=
H2: Installing the Software=0A=
@@ -241,8 +243,8 @@=0A=
setting with the {{F:--prefix}} configure option, it will be installed=0A=
in the location you provided.=0A=
=0A=
-Typically, the installation is done as {{root}}. From the top level =
OpenLDAP=0A=
-source directory, type:=0A=
+Typically, the installation is done as the super-user: {{root}}. From =
the top=0A=
+level OpenLDAP source directory, type:=0A=
=0A=
> make install=0A=
=0A=
diff -urb admin.29/intro.sdf admin/intro.sdf=0A=
--- admin.29/intro.sdf Tue Aug 29 19:27:40 2000=0A=
+++ admin/intro.sdf Tue Aug 29 20:34:29 2000=0A=
@@ -82,7 +82,8 @@=0A=
FT[align=3D"Center"] Figure 1.1: LDAP directory tree (traditional =
naming)=0A=
=0A=
The tree may also be arranged based upon Internet domain names.=0A=
-Figure 1.2 shows an example using this increasing popular naming =
approach.=0A=
+Figure 1.2 shows an example using this increasingly popular naming=0A=
+approach.=0A=
=0A=
!import "intro_dctree.gif"; align=3D"center"; \=0A=
title=3D"LDAP directory tree (Internet naming)"=0A=
@@ -191,14 +192,14 @@=0A=
{{B:Generic modules API}}: If you require even more customization,=0A=
{{slapd}} lets you write your own modules easily. {{slapd}} =0A=
consists of two distinct parts: a front end that handles protocol =0A=
-communication with LDAP clients; and modules which handles specific=0A=
+communication with LDAP clients; and modules which handle specific=0A=
tasks such as database operations. Because these two pieces communicate=0A=
via a well-defined {{TERM:C}} {{TERM:API}}, you can write your own=0A=
customized modules=0A=
which extend {{slapd}} in numerous ways. Also, a number of=0A=
-{{programmable database}} modules are provided. These allowing you=0A=
+{{programmable database}} modules are provided. These allow you=0A=
to expose external data sources to {{slapd}} using popular programming=0A=
-languages ({{PRD:Perl}}, {{Shell}}, {{PRD:SQL}}, and {{PRD:TCL}}.=0A=
+languages ({{PRD:Perl}}, {{Shell}}, {{PRD:SQL}}, and {{PRD:TCL}}).=0A=
=0A=
{{B:Threads}}: {{slapd}} is threaded for high performance. A =0A=
single multi-threaded {{slapd}} process handles all incoming =0A=
diff -urb admin.29/quickstart.sdf admin/quickstart.sdf=0A=
--- admin.29/quickstart.sdf Mon Aug 28 23:33:36 2000=0A=
+++ admin/quickstart.sdf Tue Aug 29 20:34:29 2000=0A=
@@ -66,7 +66,7 @@=0A=
=0A=
. You will need to run the provided {{EX:configure}} script to=0A=
{{configure}} to the distribution for building on your system. The=0A=
-{{EX:configure}} accepts many command line options that enable or=0A=
+{{EX:configure}} script accepts many command line options that enable or=0A=
disable optional software features. Usually the defaults are okay,=0A=
but you may want to change them. To get a complete list of options=0A=
that {{EX:configure}} accepts, use the {{EX:--help}} option:=0A=
@@ -173,13 +173,13 @@=0A=
=0A=
=0A=
. To check to see if the server is running and configured correctly,=0A=
-you can run search it with {{ldapsearch}}(1). By default, ldapsearch=0A=
-is installed as {{F:/usr/local/bin/ldapsearch}}:=0A=
+you can run a search against it with {{ldapsearch}}(1). By default,=0A=
+ldapsearch is installed as {{F:/usr/local/bin/ldapsearch}}:=0A=
=0A=
..{{EX:ldapsearch -x -b '' -s base '(objectclass=3D*)' namingContexts}}=0A=
=0A=
. Note the use of single quotes around command parameters to prevent=0A=
-special characters from interpreted by the shell. This should return:=0A=
+special characters from being interpreted by the shell. This should =
return:=0A=
=0A=
..{{EX:dn:}}=0A=
..{{EX:namingContexts: dc=3Dexample, dc=3Dcom}}=0A=
@@ -193,9 +193,9 @@=0A=
+{{B:Add initial entries to your directory}}.=0A=
=0A=
. You can use {{ldapadd}}(1) to add entries to your LDAP directory.=0A=
-{{ldapadd}} expects input in LDIF form. We'll do it two steps:=0A=
+{{ldapadd}} expects input in LDIF form. We'll do it in two steps:=0A=
=0A=
-^^ create LDIF file=0A=
+^^ create an LDIF file=0A=
++ run ldapadd=0A=
=0A=
. Use your favorite editor and create an LDIF file that contains:=0A=
diff -urb admin.29/runningslapd.sdf admin/runningslapd.sdf=0A=
--- admin.29/runningslapd.sdf Mon Aug 28 23:33:36 2000=0A=
+++ admin/runningslapd.sdf Tue Aug 29 20:34:29 2000=0A=
@@ -12,7 +12,7 @@=0A=
H2: Command-Line Options=0A=
=0A=
{{slapd}}(8) supports a number of command-line options as detailed=0A=
-in manual page. This section details a few commonly used options.=0A=
+in the manual page. This section details a few commonly used options.=0A=
=0A=
> -f <filename>=0A=
=0A=
@@ -21,17 +21,17 @@=0A=
=0A=
> -h <URLs>=0A=
=0A=
-This option specifies alternative listener configuration. The=0A=
-default is {{EX:ldap:///}} which implies LDAP over TCP, on all=0A=
-interfaces, on the default LDAP port 389. You can specify=0A=
+This option specifies alternative listener configurations. The=0A=
+default is {{EX:ldap:///}} which implies LDAP over TCP on all=0A=
+interfaces on the default LDAP port 389. You can specify=0A=
specific host-port pairs or other protocol schemes (such as=0A=
ldaps:// or ldapi://). For example,=0A=
{{EX:-h "ldaps:// ldap://127.0.0.1:666"}} will create=0A=
-two listeners: one for LDAP over SSL, on all interfaces, on=0A=
-the default LDAP/SSL port 646 and one for LDAP over TCL, only=0A=
-the {{EX:localhost}} ({{loopback}}) interface, on port 666.=0A=
-Hosts may be specified using IPv4 dot-decimal form or=0A=
-using host names. Ports values must be numeric.=0A=
+two listeners: one for LDAP over SSL on all interfaces on=0A=
+the default LDAP/SSL port 646, and one for LDAP over TCL on=0A=
+the {{EX:localhost}} ({{loopback}}) interface on port 666.=0A=
+Hosts may be specified using IPv4 dotted-decimal form or=0A=
+using host names. Port values must be numeric.=0A=
=0A=
> -n <service-name>=0A=
=0A=
@@ -55,8 +55,8 @@=0A=
=0A=
This option specifies a run-time directory. slapd will=0A=
{{chroot}}(2) to this directory after opening listeners but=0A=
-before any reading any configuration file or initializing=0A=
-any backend.=0A=
+before reading any configuration files or initializing=0A=
+any backends.=0A=
.=0A=
=0A=
> -d <level> | ?=0A=
@@ -105,7 +105,7 @@=0A=
=0A=
> /usr/local/etc/libexec/slapd [<option>]*=0A=
=0A=
-where {{F:/usr/local/etc/libexec}} is determined by {{EX:configure}}.=0A=
+where {{F:/usr/local/etc/libexec}} is determined by {{EX:configure}}=0A=
and <option> is one of the options described above (or in {{slapd}}(8)).=0A=
Unless you have specified a debugging level (including level {{EX:0}}),=0A=
slapd will automatically fork and detach itself from its controlling=0A=
@@ -119,5 +119,5 @@=0A=
=0A=
where {{F:/usr/local/var}} is determined by {{EX:configure}}.=0A=
=0A=
-Killing slapd by a more drastic method may cause its information=0A=
+Killing slapd by a more drastic method may cause information=0A=
loss or database corruption.=0A=
diff -urb admin.29/slapdconfig.sdf admin/slapdconfig.sdf=0A=
--- admin.29/slapdconfig.sdf Tue Aug 29 19:27:54 2000=0A=
+++ admin/slapdconfig.sdf Tue Aug 29 20:34:29 2000=0A=
@@ -18,8 +18,8 @@=0A=
=0A=
H2: Configuration File Format=0A=
=0A=
-The {{slapd.conf}}(5) file consists three types of configuration=0A=
-information: global, backend specific, database specific. Global=0A=
+The {{slapd.conf}}(5) file consists of three types of configuration=0A=
+information: global, backend specific, and database specific. Global=0A=
information is specified first, followed by information associated=0A=
with a particular backend type, which is then followed by information=0A=
associated with a particular database instance. Global directives can=0A=
@@ -61,7 +61,7 @@=0A=
=0A=
The distribution contains an example configuration file that will=0A=
be installed in the {{F: /usr/local/etc/openldap}} directory.=0A=
-A number of files containing schema definition (attribute types=0A=
+A number of files containing schema definitions (attribute types=0A=
and object classes) are also provided in the=0A=
{{F: /usr/local/etc/openldap/schema}} directory.=0A=
=0A=
@@ -80,8 +80,8 @@=0A=
H3: Global Directives=0A=
=0A=
Directives described in this section apply to all backends=0A=
-and databases, unless specifically overridden in a backend or=0A=
-database definition. Arguments to directives should be replaced=0A=
+and databases unless specifically overridden in a backend or=0A=
+database definition. Arguments that should be replaced=0A=
by actual text are shown in brackets {{EX:<>}}.=0A=
=0A=
=0A=
@@ -107,9 +107,9 @@=0A=
H4: defaultaccess { none | compare | search | read | write }=0A=
=0A=
This directive specifies the default access to grant requesters=0A=
-when no {{EX:access}} directives have been specified. Access=0A=
-levels implies all lesser access levels (e.g., read access=0A=
-implies search and compare but no write).=0A=
+when no {{EX:access}} directives have been specified. Any given=0A=
+access level implies all lesser access levels (e.g., read access=0A=
+implies search and compare but not write).=0A=
=0A=
Note: It is recommend that the {{EX:access}} directive be used=0A=
to specify access control. See the {{SECT:Access Control}}=0A=
@@ -124,7 +124,7 @@=0A=
H4: idletimeout <integer>=0A=
=0A=
Specify the number of seconds to wait before forcibly closing=0A=
-an idle client connections. A idletimeout of 0, the default,=0A=
+an idle client connection. An idletimeout of 0, the default,=0A=
disables this feature.=0A=
=0A=
=0A=
@@ -367,7 +367,7 @@=0A=
Queries with a DN ending in "dc=3Dexample, dc=3Dcom"=0A=
will be passed to this backend.=0A=
=0A=
-Note: when the backend to pass a query to is selected, slapd=0A=
+Note: When the backend to pass a query to is selected, slapd=0A=
looks at the suffix line(s) in each database definition in the=0A=
order they appear in the file. Thus, if one database suffix is a=0A=
prefix of another, it must appear after it in the config file.=0A=
@@ -469,11 +469,11 @@=0A=
> index objectClass,uid=0A=
> index cn,sn eq,sub,approx=0A=
=0A=
-The first line sets the default to indices to maintain to present=0A=
+The first line sets the default set of indices to maintain to present=0A=
and equality. The second line causes the default (pres,eq) set=0A=
of indices to be maintained for {{EX:objectClass}} and {{EX:uid}} =
attribute=0A=
types. The third line causes equality, substring, and approximate=0A=
-filters to be maintained for {{EX:cn}} and {{EX:sn}} attribute types.=0A=
+indices to be maintained for {{EX:cn}} and {{EX:sn}} attribute types.=0A=
=0A=
H4: mode <integer>=0A=
=0A=
@@ -486,13 +486,14 @@=0A=
=0A=
=0A=
=0A=
-H3: Other Backend and Databases=0A=
+H3: Other Backend Databases=0A=
=0A=
-{{slapd}}(8) supports a number of other backend database types.=0A=
+{{slapd}}(8) supports a number of backend database types besides the =
default LDBM.=0A=
=0A=
!block table; align=3DCenter; coltags=3D"EX,N"; \=0A=
title=3D"Table 5.2: Backend Database Types"=0A=
Types Description=0A=
+ldbm Berkeley or GNU DBM compatible backend=0A=
passwd Provides read-only access to {{F:/etc/passwd}}=0A=
shell Shell (extern program) backend=0A=
sql SQL Programmable backend=0A=
@@ -576,7 +577,7 @@=0A=
{{EX:entry}} attribute is also required. The complete examples at=0A=
the end of this section should help clear things up.=0A=
=0A=
-Lastly, there is a special entry selector {{EX:"*"}} is used to=0A=
+Lastly, there is a special entry selector {{EX:"*"}} that is used to=0A=
select any entry. It is used when no other {{EX:<what>}}=0A=
selector has been provided. It's equivalent to "{{EX:dn=3D.*}}"=0A=
=0A=
@@ -585,7 +586,7 @@=0A=
=0A=
The <who> part identifies the entity or entities being granted=0A=
access. Note that access is granted to "entities" not "entries."=0A=
-The follow table summaries entity specifiers:=0A=
+The following table summarizes entity specifiers:=0A=
=0A=
!block table; align=3DCenter; coltags=3D"EX,N"; \=0A=
title=3D"Table 5.3: Access Entity Specifiers"=0A=
@@ -603,10 +604,10 @@=0A=
> dn=3D<regular expression>=0A=
=0A=
By "normalized", we mean that all extra spaces have been=0A=
-removed from the entities DN and commas are used to=0A=
+removed from the entity's DN and commas are used to=0A=
separate RDN components.=0A=
=0A=
-Other control factors forms are also supported.=0A=
+Other control factors are also supported.=0A=
For example, a {{EX:<what>}} can be restricted by a=0A=
regular expression matching the client's IP address or domain name:=0A=
=0A=
@@ -632,7 +633,7 @@=0A=
=0A=
!block table; colaligns=3D"LRL"; coltags=3D"EX,EX,N"; align=3DCenter; \=0A=
title=3D"Table 5.4: Access Levels"=0A=
-Level Privledges Description=0A=
+Level Privileges Description=0A=
none no access=0A=
auth =3Dx needed to bind=0A=
compare =3Dcx needed to compare=0A=
@@ -642,9 +643,10 @@=0A=
!endblock=0A=
=0A=
Each level implies all lower levels of access. So, for=0A=
-example, granting someone write access to an entry also=0A=
-grants them read, search, compare, and auth access. However,=0A=
-one may use the privledges specify to grant specific permissions.=0A=
+example, granting someone {{EX:write}} access to an entry also=0A=
+grants them {{EX:read}}, {{EX:search}}, {{EX:compare}}, and =0A=
+{{EX:auth}} access. However, one may use the privileges specifier=0A=
+to grant specific permissions.=0A=
=0A=
=0A=
H3: Access Control Evaluation=0A=
@@ -661,7 +663,7 @@=0A=
the one slapd will use to evaluate access.=0A=
=0A=
Next, slapd compares the entity requesting access to the=0A=
-{{EX:<who>}} selectors within the access directive selected above,=0A=
+{{EX:<who>}} selectors within the access directive selected above=0A=
in the order in which they appear. It stops with the first {{EX:<who>}}=0A=
selector that matches the requester. This determines the=0A=
access the entity requesting access has to the entry and/or=0A=
@@ -701,7 +703,7 @@=0A=
allows authenticate, and allows authenticated users to read.=0A=
Note that only the first {{EX:by <who>}} clause which matches applies.=0A=
Hence, the anonymous users are granted {{EX:auth}}, not {{EX:read}}.=0A=
-The last clause just as well have been "{{EX:by users read}}".=0A=
+The last clause could just as well have been "{{EX:by users read}}".=0A=
=0A=
The following example shows the use of a regular expression=0A=
to select the entries by DN in two access directives where=0A=
@@ -722,10 +724,10 @@=0A=
=0A=
Also note that if no {{EX:access to}} directive matches or=0A=
no {{EX:by <who>}} clause, {{B:access is denied}}. That is, every=0A=
-{{EX:access to}} directive ends with a implicit {{EX:by * none}}=0A=
-clause and access list itself ends with {{EX:access to * by * none}}=0A=
-directive. Only if no access controls are specified, is the=0A=
-{{EX:defaultaccess}} granted.=0A=
+{{EX:access to}} directive ends with an implicit {{EX:by * none}}=0A=
+clause and every access list ends with an implicit=0A=
+{{EX:access to * by * none}} directive. Only if no access controls=0A=
+are specified is the {{EX:defaultaccess}} granted.=0A=
=0A=
The next example again shows the importance of ordering,=0A=
both of the access directives and the {{EX:by <who>}} clauses.=0A=
@@ -788,7 +790,7 @@=0A=
E: 3. referral ldap://root.openldap.org=0A=
E: 4. access to * by * read=0A=
=0A=
-Line 1 is a comment. Lines 2 include another config file=0A=
+Line 1 is a comment. Line 2 includes another config file=0A=
which containing {{core}} schema definitions.=0A=
The {{EX:referral}} directive on line 3=0A=
means that queries not local to one of the databases defined=0A=
@@ -861,12 +863,13 @@=0A=
various attributes.=0A=
=0A=
Lines 24 through 33 specify access control for entries in the=0A=
-database. For all entries, the {{EX:userPassword}} attribute is=0A=
-writable by the entry and the "admin" entry, may be used for=0A=
-authentication/authorization purposes, but is otherwise not=0A=
-readable. All other attributes by writable by the entry and=0A=
-the "admin" entry, may be used for authentication/authorization=0A=
-purposes, but may be read by authenticated users.=0A=
+database. For all entries, the {{EX:userPassword}} attribute =0A=
+is writable by the entry itself and by the "admin" entry. It =0A=
+may be used for authentication/authorization purposes, but is =0A=
+otherwise not readable. All other attributes are writable by =0A=
+the entry and the "admin" entry, may be used for =0A=
+authentication/authorization purposes, but may be read by =0A=
+authenticated users.=0A=
=0A=
The next section of the example configuration file defines=0A=
another LDBM database. This one handles queries involving=0A=
------=_NextPart_000_0015_01C0120A.E3653E90--