openldap_2.4.31.orig/ 0000755 0001750 0001750 00000000000 11745064444 014055 5 ustar vorlon vorlon openldap_2.4.31.orig/doc/ 0000755 0001750 0001750 00000000000 11767221376 014625 5 ustar vorlon vorlon openldap_2.4.31.orig/doc/Makefile.in 0000644 0001750 0001750 00000001033 11745064444 016664 0 ustar vorlon vorlon ## doc Makefile.in for OpenLDAP
# $OpenLDAP$
## This work is part of OpenLDAP Software .
##
## Copyright 1998-2012 The OpenLDAP Foundation.
## All rights reserved.
##
## Redistribution and use in source and binary forms, with or without
## modification, are permitted only as authorized by the OpenLDAP
## Public License.
##
## A copy of this license is available in the file LICENSE in the
## top-level directory of the distribution or, alternatively, at
## .
SUBDIRS= man
openldap_2.4.31.orig/doc/devel/ 0000755 0001750 0001750 00000000000 11767221376 015724 5 ustar vorlon vorlon openldap_2.4.31.orig/doc/devel/template.c 0000644 0001750 0001750 00000001705 11745064444 017703 0 ustar vorlon vorlon /* template.c -- example OpenLDAP source file */
/* $OpenLDAP$ */
/* This work is part of OpenLDAP Software .
*
* Copyright YEAR The OpenLDAP Foundation.
* Portions Copyright YEAR Secondary Rights Holder.
* Portions Copyright YEAR Another Rights Holder.
* All rights reserved.
*
* Redistribution and use in source and binary forms, with or without
* modification, are permitted only as authorized by the OpenLDAP
* Public License.
*
* A copy of this license is available in the file LICENSE in the
* top-level directory of the distribution or, alternatively, at
* .
*/
/* Additional (custom) notices (where necessary).
* Please consult Kurt Zeilenga before adding
* additional notices.
*/
/* ACKNOWLEDGEMENTS:
* This work was initially developed by Jane Doe for inclusion in
* OpenLDAP Software. Additional significant contributors include:
* John Doe
*/
openldap_2.4.31.orig/doc/devel/README 0000644 0001750 0001750 00000000260 11745064444 016577 0 ustar vorlon vorlon The OpenLDAP Developer's FAQ is available at:
http://www.openldap.org/faq/index.cgi?file=4
Additional developer pages are at:
http://www.openldap.org/devel/
---
$OpenLDAP$
openldap_2.4.31.orig/doc/devel/todo 0000644 0001750 0001750 00000004056 11745064444 016616 0 ustar vorlon vorlon OpenLDAP Software To Do List
----------------------------
This is a list of projects that need getting done. They are defined
by scale of the effort as opposed to priority. Contribute to
projects based upon your personal priorities.
If you would like to work on any of these projects, please coordinate
by posting to OpenLDAP-devel mailing list:
http://www.OpenLDAP.org/lists
If you have a project you'd like added to the list, talk it up on
Developer's list or just do it.
Please read:
http://www.OpenLDAP.org/devel/programming.html
http://www.OpenLDAP.org/devel/contributing.html
OpenLDAP 2.x Projects
---------------------
SLAPD
Complete Unicode Support (ACLs, etc.)
client C API update
Implement per referral/continuation callback
clients (e.g. ldapsearch(1))
Implement referral chasing options w/ referral callback
Update manual pages
Large projects
--------------
Implement character string localization
Implement X.500 administrative models (e.g. subentries (RFC 3672), etc.)
Implement LDAP sorted search results control (RFC 2891)
Medium projects
---------------
Add syncrepl turn
Implement DIT Structure Rules and Name Forms
Implement LDAPprep
Implement native support for simple SASL mechanisms
(e.g. EXTERNAL and PLAIN)
Redesign slapd memory allocation fault handling
Localize tools
Small projects
--------------
Add BSD kqueue(2) support to slapd(8)
Add DSML capabilities to command line tools
Add LDIFv2 (XML) support to command line tools
Implement authPassword (RFC 3112)
Implement SASLprep (RFC 4013) for LDAP (draft-ietf-ldapbis-*)
Implement additional matching rules (RFC 3698)
Add dumpasn1 logging support
Add tests to test suite
Recode linked-list structs to use macros
Convert utfconv.txt into man page(s).
Update manual pages as needed.
For additional TODO items, see:
http://www.openldap.org/its/index.cgi/Software%20Enhancements
http://www.openldap.org/its/index.cgi/Software%20Bugs
JLDAP TODO items, see:
http://www.openldap.org/devel/gitweb.cgi?p=openldap-jldap.git;a=blob_plain;f=design/todo.txt
---
$OpenLDAP$
openldap_2.4.31.orig/doc/devel/toolargs 0000644 0001750 0001750 00000001656 11745064444 017506 0 ustar vorlon vorlon Tools ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz
slapacl D F U X b d f o uv
slapadd F S bcd fg j l no q s uvw
slapauth F M R U X d f o v
slapcat F H abcd fg l no s v
slapdn F N P d f o v
slapindex F bcd fg no q t v
slappasswd T c h s uv
slapschema F H abcd fg l no s v
slaptest F Q d f no uv
* General flags:
-F config directory
-U authcID
-X authzID
-b suffix (slapacl: entryDN)
-c continue mode
-d debug level
-f config file
-l LDIF file
-n database number
-o options
-q "quick" mode
-s subtree
-u dryrun (slappasswd: RFC2307 userPassword)
-v verbose
---
$OpenLDAP$
openldap_2.4.31.orig/doc/devel/args 0000644 0001750 0001750 00000003301 11745064444 016575 0 ustar vorlon vorlon Tools ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz
ldapcompare * DE**HI** MNOPQR UVWXYZ de *h*** *nop* vwxyz
ldapdelete *CDE**HI** MNOPQR UVWXYZ cdef*h*** *nop* vwxyz
ldapexop * D **HI** NO QR UVWXYZ de *h*** *nop vwxy
ldapmodify *CDE**HI** MNOPQRS UVWXYZabcde *h*** *nop*r t vwxy
ldapmodrdn *CDE**HI** MNOPQR UVWXYZ cdef*h*** *nop*rs vwxy
ldappasswd A*CDE**HI** NO QRS UVWXYZa def*h*** * o * s vwxy
ldapsearch A*CDE**HI**LMNOPQRSTUVWXYZab def*h***l*nop* stuvwxyz
ldapurl * E**H ** S ab f*h*** * p* s
ldapwhoami * DE**HI** NO QR UVWXYZ def*h*** *nop* vwxy
* reserved
BFGJgijmq01235789
* General flags:
-C Chase Referrals
-D Bind DN
-E Tool-specific Extensions (e.g., -E <[!]oid[=options]>*)
-e General Extensions (e.g., -e <[!]oid[=options]>*)
-f file
-H URI
-P protocol version
-V version information
-W prompt for bind password
-d debug
-h host
-n no-op
-N no (SASLprep) normalization of simple bind password
-o general options (currently nettimeout and ldif-wrap only)
-p port
-v verbose
-V version
-x simple bind
-y Bind password-file
-w Bind password
Not used
-4 IPv4 only
-6 IPv6 only
* LDAPv3 Only
-M ManageDSAIT
-Z StartTLS
-Y SASL Mechanism (defaults to "best")
-R SASL Realm (defaults to empty)
-O SASL Security Options (defaults to "noanonymous,noplain")
-U SASL Authentication Identity (defaults to USER)
-X SASL Authorization Identity (defaults to empty)
-I SASL interactive mode (default: automatic)
-Q SASL quiet mode (default: automatic)
* LDAPv2+ Only (REMOVED)
-K LDAPv2 Kerberos Bind (Step 1 only)
-k LDAPv2 Kerberos Bind
---
$OpenLDAP$
openldap_2.4.31.orig/doc/devel/utfconv.txt 0000644 0001750 0001750 00000026504 11745064444 020155 0 ustar vorlon vorlon Dec 5, 2000
Dave Steck
Novell, Inc.
UTF-8 Conversion Functions
1. Strings in the LDAP C SDK should be encoded in UTF-8 format.
However, most platforms do not provide APIs for converting to
this format. If they do, they are platform-specific.
As a result, most applications (knowingly or not) use local strings
with LDAP functions. This works fine for 7-bit ASCII characters,
but will fail with 8-bit European characters, Asian characters, etc.
We propose adding the following platform-independent conversion functions
to the OpenLDAP SDK. There are 4 functions for converting between UTF-8
and wide characters, and 4 functions for converting between UTF-8 and
multibyte characters.
For multibyte to UTF-8 conversions, charset translation is necessary.
While a full charset translator is not practical or appropriate for the
LDAP SDK, we can pass the translator function in as an argument.
A NULL for this argument will use the ANSI C functions mbtowc, mbstowcs,
wctomb, and wcstombs.
2. UTF-8 <--> Wide Character conversions
The following new conversion routines will be added, following the pattern of
the ANSI C conversion routines (mbtowc, mbstowcs, etc). These routines use
the wchar_t type. wchar_t is 2 bytes on some systems and 4 bytes on others.
However the advantage of using wchar_t is that all the standard wide character
string functions may be used on these strings: wcslen, wcscpy, etc.
int ldap_x_utf8_to_wc - Convert a single UTF-8 encoded character to a wide character.
int ldap_x_utf8s_to_wcs - Convert a UTF-8 string to a wide character string.
int ldap_x_wc_to_utf8 - Convert a single wide character to a UTF-8 sequence.
int ldap_x_wcs_to_utf8s - Convert a wide character string to a UTF-8 string.
2.1 ldap_x_utf8_to_wc - Convert a single UTF-8 encoded character to a wide character.
int ldap_x_utf8_to_wc ( wchar_t *wchar, const char *utf8char )
wchar (OUT) Points to a wide character code to receive the
converted character.
utf8char (IN) Address of the UTF8 sequence of bytes.
Return Value:
If successful, the function returns the length in
bytes of the UTF-8 input character.
If utf8char is NULL or points to an empty string, the
function returns 1 and a NULL is written to wchar.
If utf8char contains an invalid UTF-8 sequence -1 is returned.
2.2 ldap_x_utf8s_to_wcs - Convert a UTF-8 string to a wide character string.
int ldap_x_utf8s_to_wcs (wchar_t *wcstr, const char *utf8str, size_t count)
wcstr (OUT) Points to a wide char buffer to receive the
converted wide char string. The output string will be
null terminated if there is space for it in the
buffer.
utf8str (IN) Address of the null-terminated UTF-8 string to convert.
count (IN) The number of UTF-8 characters to convert, or
equivalently, the size of the output buffer in wide
characters.
Return Value:
If successful, the function returns the number of wide
characters written to wcstr, excluding the null termination
character, if any.
If wcstr is NULL, the function returns the number of wide
characters required to contain the converted string,
excluding the null termination character.
If an invalid UTF-8 sequence is encountered, the
function returns -1.
If the return value equals count, there was not enough space to fit the
string and the null terminator in the buffer.
2.3 ldap_x_wc_to_utf8 - Convert a single wide character to a UTF-8 sequence.
int ldap_x_wc_to_utf8 ( char *utf8char, wchar_t wchar, count )
utf8char (OUT) Points to a byte array to receive the converted UTF-8
string.
wchar (IN) The wide character to convert.
count (IN) The maximum number of bytes to write to the output
buffer. Normally set this to LDAP_MAX_UTF8_LEN, which
is defined as 3 or 6 depending on the size of wchar_t.
A partial character will not be written.
Return Value:
If successful, the function returns the length in bytes of
the converted UTF-8 output character.
If wchar is NULL, the function returns 1 and a NULL is
written to utf8char.
If wchar cannot be converted to a UTF-8 character, the
function returns -1.
2.4 int ldap_x_wcs_to_utf8s - Convert a wide character string to a UTF-8 string.
int ldap_x_wcs_to_utf8s (char *utf8str, const wchar_t *wcstr, size_t count)
utf8str (OUT) Points to a byte array to receive the converted
UTF-8 string. The output string will be null
terminated if there is space for it in the
buffer.
wcstr (IN) Address of the null-terminated wide char string to convert.
count (IN) The size of the output buffer in bytes.
Return Value:
If successful, the function returns the number of bytes
written to utf8str, excluding the null termination
character, if any.
If utf8str is NULL, the function returns the number of
bytes required to contain the converted string, excluding
the null termination character. The 'count' parameter is ignored.
If the function encounters a wide character that cannot
be mapped to a UTF-8 sequence, the function returns -1.
If the return value equals count, there was not enough space to fit
the string and the null terminator in the buffer.
3. Multi-byte <--> UTF-8 Conversions
These functions convert the string in a two-step process, from multibyte
to Wide, then from Wide to UTF8, or vice versa. This conversion requires a
charset translation routine, which is passed in as an argument.
ldap_x_mb_to_utf8 - Convert a multi-byte character to a UTF-8 character.
ldap_x_mbs_to_utf8s - Convert a multi-byte string to a UTF-8 string.
ldap_x_utf8_to_mb - Convert a UTF-8 character to a multi-byte character.
ldap_x_utf8s_to_mbs - Convert a UTF-8 string to a multi-byte string.
3.1 ldap_x_mb_to_utf8 - Convert a multi-byte character to a UTF-8 character.
int ldap_x_mb_to_utf8 ( char *utf8char, const char *mbchar, size_t mbsize, int (*f_mbtowc)(wchar_t *wchar, const char *mbchar, size_t count) )
utf8char (OUT) Points to a byte buffer to receive the converted
UTF-8 character. May be NULL. The output is not
null-terminated.
mbchar (IN) Address of a sequence of bytes forming a multibyte character.
mbsize (IN) The maximum number of bytes of the mbchar argument to
check. This should normally be MB_CUR_MAX.
f_mbtowc (IN) The function to use for converting a multibyte
character to a wide character. If NULL, the local
ANSI C routine mbtowc is used.
Return Value:
If successful, the function returns the length in bytes of
the UTF-8 output character.
If utf8char is NULL, count is ignored and the funtion
returns the number of bytes that would be written to the
output char.
If count is zero, 0 is returned and nothing is written to
utf8char.
If mbchar is NULL or points to an empty string, the
function returns 1 and a null byte is written to utf8char.
If mbchar contains an invalid multi-byte character, -1 is returned.
3.2 ldap_x_mbs_to_utf8s - Convert a multi-byte string to a UTF-8 string.
int ldap_x_mbs_to_utf8s (char *utf8str, const char *mbstr, size_t count,
size_t (*f_mbstowcs)(wchar_t *wcstr, const char *mbstr, size_t count))
utf8str (OUT) Points to a buffer to receive the converted UTF-8 string.
May be NULL.
mbchar (IN) Address of the null-terminated multi-byte input string.
count (IN) The size of the output buffer in bytes.
f_mbstowcs (IN) The function to use for converting a multibyte string
to a wide character string. If NULL, the local ANSI
C routine mbstowcs is used.
Return Value:
If successful, the function returns the length in
bytes of the UTF-8 output string, excluding the null
terminator, if present.
If utf8str is NULL, count is ignored and the function
returns the number of bytes required for the output string,
excluding the NULL.
If count is zero, 0 is returned and nothing is written to utf8str.
If mbstr is NULL or points to an empty string, the
function returns 1 and a null byte is written to utf8str.
If mbstr contains an invalid multi-byte character, -1 is returned.
If the returned value is equal to count, the entire null-terminated
string would not fit in the output buffer.
3.3 ldap_x_utf8_to_mb - Convert a UTF-8 character to a multi-byte character.
int ldap_x_utf8_to_mb ( char *mbchar, const char *utf8char,
int (*f_wctomb)(char *mbchar, wchar_t wchar) )
mbchar (OUT) Points to a byte buffer to receive the converted multi-byte
character. May be NULL.
utf8char (IN) Address of the UTF-8 character sequence.
f_wctomb (IN) The function to use for converting a wide character
to a multibyte character. If NULL, the local
ANSI C routine wctomb is used.
Return Value:
If successful, the function returns the length in
bytes of the multi-byte output character.
If utf8char is NULL or points to an empty string, the
function returns 1 and a null byte is written to mbchar.
If utf8char contains an invalid UTF-8 sequence, -1 is returned.
3.4 int ldap_x_utf8s_to_mbs - Convert a UTF-8 string to a multi-byte string.
int ldap_x_utf8s_to_mbs ( char *mbstr, const char *utf8str, size_t count,
size_t (*f_wcstombs)(char *mbstr, const wchar_t *wcstr, size_t count) )
mbstr (OUT) Points to a byte buffer to receive the converted
multi-byte string. May be NULL.
utf8str (IN) Address of the null-terminated UTF-8 string to convert.
count (IN) The size of the output buffer in bytes.
f_wcstombs (IN) The function to use for converting a wide character
string to a multibyte string. If NULL, the local
ANSI C routine wcstombs is used.
Return Value:
If successful, the function returns the number of bytes
written to mbstr, excluding the null termination
character, if any.
If mbstr is NULL, count is ignored and the funtion
returns the number of bytes required for the output string,
excluding the NULL.
If count is zero, 0 is returned and nothing is written to
mbstr.
If utf8str is NULL or points to an empty string, the
function returns 1 and a null byte is written to mbstr.
If an invalid UTF-8 character is encountered, the
function returns -1.
The output string will be null terminated if there is space for it in
the output buffer.
openldap_2.4.31.orig/doc/guide/ 0000755 0001750 0001750 00000000000 11767221376 015722 5 ustar vorlon vorlon openldap_2.4.31.orig/doc/guide/README 0000644 0001750 0001750 00000001213 11745064444 016574 0 ustar vorlon vorlon This module contains OpenLDAP guides in Simple Document Format (SDF).
SDF is a freely available documentation system. Based on a
simple, readable markup language, SDF generates high quality
output in multiple formats.
cd admin # OpenLDAP Administrator's Guide
sdf -2topics index.sdf # generate HTML for WWW publishing
sdf -2html guide.sdf # generate HTML for release
sdf -2txt guide.sdf # generate TXT for release
More information about STF can be obtained from the CPAN at:
http://search.cpan.org/src/IANC/sdf-2.001/doc/catalog.html
SDF itself can be obtained at:
http://search.cpan.org/~ianc/sdf-2.001/
openldap_2.4.31.orig/doc/guide/admin/ 0000755 0001750 0001750 00000000000 11767221376 017012 5 ustar vorlon vorlon openldap_2.4.31.orig/doc/guide/admin/glossary.sdf 0000644 0001750 0001750 00000000743 11745064444 021354 0 ustar vorlon vorlon # $OpenLDAP$
# Copyright 2006-2012 The OpenLDAP Foundation, All Rights Reserved.
# COPYING RESTRICTIONS APPLY, see COPYRIGHT.
H1: Glossary
H2: Terms
!catalog terms ''; headings; columns="Term,Definition"
H2: Related Organizations
!catalog organisations ''; headings; columns="ORG:Name,Long,URL:Jump"
H2: Related Products
!catalog products ''; headings; columns="PRD:Name,URL:Jump"
H2: References
!catalog references ''; headings; columns="REF:Reference,Document,Status,URL:Jump"
openldap_2.4.31.orig/doc/guide/admin/troubleshooting.sdf 0000644 0001750 0001750 00000007756 11745064444 022753 0 ustar vorlon vorlon # $OpenLDAP$
# Copyright 2007-2012 The OpenLDAP Foundation, All Rights Reserved.
# COPYING RESTRICTIONS APPLY, see COPYRIGHT.
H1: Troubleshooting
If you're having trouble using OpenLDAP, get onto the
OpenLDAP-Software mailing list, or:
* Browse the list archives at {{URL:http://www.openldap.org/lists/#archives}}
* Search the FAQ at {{URL:http://www.openldap.org/faq/}}
* Search the Issue Tracking System at {{URL:http://www.openldap.org/its/}}
Chances are the problem has been solved and explained in detail many times before.
H2: User or Software errors?
More often than not, an error is caused by a configuration problem or a misunderstanding
of what you are trying to implement and/or achieve.
We will now attempt to discuss common user errors.
H2: Checklist
The following checklist can help track down your problem. Please try to use if {{B:before}}
posting to the list, or in the rare circumstances of reporting a bug.
.{{S: }}
^{{B: Use the {{slaptest}} tool to verify configurations before starting {{slapd}}}}
.{{S: }}
+{{B: Verify that {{slapd}} is listening to the specified port(s) (389 and 636, generally) before trying the {{ldapsearch}}}}
.{{S: }}
+{{B: Can you issue an {{ldapsearch}}?}}
.{{S: }}
+{{B: If not, have you enabled complex ACLs without fully understanding them?}}
.{{S: }}
+{{B: Do you have a system wide LDAP setting pointing to the wrong LDAP Directory?}}
.{{S: }}
+{{B: Are you using TLS?}}
.{{S: }}
+{{B: Have your certificates expired?}}
H2: OpenLDAP Bugs
Sometimes you may encounter an actual OpenLDAP bug, in which case please visit
our Issue Tracking system {{URL:http://www.openldap.org/its/}} and report it.
However, make sure it's not already a known bug or a common user problem.
* bugs in historic versions of OpenLDAP will not be considered;
* bugs in released versions that are no longer present in the Git master branch,
either because they have been fixed or because they no longer apply,
will not be considered as well;
* bugs in distributions of OpenLDAP software that are not related to the
software as provided by OpenLDAP will not be considered; in those cases please
refer to the distributor.
Note: Our Issue Tracking system is {{B:NOT}} for OpenLDAP {{B:Support}}, please join our
mailing Lists: {{URL:http://www.openldap.org/lists/}} for that.
The information you should provide in your bug report is discussed in our FAQ-O-MATIC at
{{URL:http://www.openldap.org/faq/data/cache/59.html}}
H2: 3rd party software error
The OpenLDAP Project only supports OpenLDAP software.
You may however seek commercial support ({{URL:http://www.openldap.org/support/}}) or join
the general LDAP forum for non-commercial discussions and information relating to LDAP at:
{{URL:http://www.umich.edu/~dirsvcs/ldap/mailinglist.html}}
H2: How to contact the OpenLDAP Project
* Mailing Lists: {{URL:http://www.openldap.org/lists/}}
* Project: {{URL: http://www.openldap.org/project/}}
* Issue Tracking: {{URL:http://www.openldap.org/its/}}
H2: How to present your problem
H2: Debugging {{slapd}}(8)
After reading through the above sections and before e-mailing the OpenLDAP lists, you
might want to try out some of the following to track down the cause of your problems:
* Loglevel stats (256) is generally a good first loglevel to try for getting
information useful to list members on issues
* Running {{slapd -d -1}} can often track down fairly simple issues, such as
missing schemas and incorrect file permissions for the {{slapd}} user to things like certs
* Check your logs for errors, as discussed at {{URL:http://www.openldap.org/faq/data/cache/358.html}}
H2: Commercial Support
The firms listed at {{URL:http://www.openldap.org/support/}} offer technical support services catering to OpenLDAP community.
The listing of any given firm should not be viewed as an endorsement or recommendation of any kind, nor as otherwise indicating
there exists a business relationship or an affiliation between any listed firm and the OpenLDAP Foundation or the OpenLDAP Project or its contributors.
openldap_2.4.31.orig/doc/guide/admin/dbtools.sdf 0000644 0001750 0001750 00000031054 11745064444 021156 0 ustar vorlon vorlon # $OpenLDAP$
# Copyright 1999-2012 The OpenLDAP Foundation, All Rights Reserved.
# COPYING RESTRICTIONS APPLY, see COPYRIGHT.
H1: Database Creation and Maintenance Tools
This section tells you how to create a slapd database from scratch,
and how to do trouble shooting if you run into problems. There are
two ways to create a database. First, you can create the database
on-line using {{TERM:LDAP}}. With this method, you simply start up slapd
and add entries using the LDAP client of your choice. This method
is fine for relatively small databases (a few hundred or thousand
entries, depending on your requirements). This method works for
database types which support updates.
The second method of database creation is to do it off-line using
special utilities provided with {{slapd}}(8). This method is best if you
have many thousands of entries to create, which would take an
unacceptably long time using the LDAP method, or if you want to
ensure the database is not accessed while it is being created. Note
that not all database types support these utilities.
H2: Creating a database over LDAP
With this method, you use the LDAP client of your choice (e.g.,
the {{ldapadd}}(1)) to add entries, just like you would once the
database is created. You should be sure to set the following
options in the configuration file before starting {{slapd}}(8).
> suffix
As described in the {{SECT:General Database Directives}} section,
this option defines which entries are to be held by this database.
You should set this to the DN of the root of the subtree you are
trying to create. For example:
> suffix "dc=example,dc=com"
You should be sure to specify a directory where the index files
should be created:
> directory
For example:
> directory /usr/local/var/openldap-data
You need to create this directory with appropriate permissions such
that slapd can write to it.
You need to configure slapd so that you can connect to it as a
directory user with permission to add entries. You can configure
the directory to support a special {{super-user}} or {{root}} user
just for this purpose. This is done through the following two
options in the database definition:
> rootdn
> rootpw
For example:
> rootdn "cn=Manager,dc=example,dc=com"
> rootpw secret
These options specify a DN and password that can be used to
authenticate as the {{super-user}} entry of the database (i.e.,
the entry allowed to do anything). The DN and password specified
here will always work, regardless of whether the entry named actually
exists or has the password given. This solves the chicken-and-egg
problem of how to authenticate and add entries before any entries
yet exist.
Finally, you should make sure that the database definition contains
the index definitions you want:
> index { | default} [pres,eq,approx,sub,none]
For example, to index the {{EX:cn}}, {{EX:sn}}, {{EX:uid}} and
{{EX:objectclass}} attributes, the following {{EX:index}} directives
could be used:
> index cn,sn,uid pres,eq,approx,sub
> index objectClass eq
This would create presence, equality, approximate, and substring
indices for the {{EX:cn}}, {{EX:sn}}, and {{EX:uid}} attributes and
an equality index for the {{EX:objectClass}} attribute. Note that
not all index types are available with all attribute types. See
{{SECT:The slapd Configuration File}} section for more information
on this option.
Once you have configured things to your liking, start up slapd,
connect with your LDAP client, and start adding entries. For
example, to add an organization entry and an organizational role
entry using the {{I:ldapadd}} tool, you could create an {{TERM:LDIF}}
file called {{EX:entries.ldif}} with the contents:
> # Organization for Example Corporation
> dn: dc=example,dc=com
> objectClass: dcObject
> objectClass: organization
> dc: example
> o: Example Corporation
> description: The Example Corporation
>
> # Organizational Role for Directory Manager
> dn: cn=Manager,dc=example,dc=com
> objectClass: organizationalRole
> cn: Manager
> description: Directory Manager
and then use a command like this to actually create the entry:
> ldapadd -f entries.ldif -x -D "cn=Manager,dc=example,dc=com" -w secret
The above command assumes settings provided in the above examples.
H2: Creating a database off-line
The second method of database creation is to do it off-line, using
the slapd database tools described below. This method is best if
you have many thousands of entries to create, which would take an
unacceptably long time to add using the LDAP method described above.
These tools read the slapd configuration file and an input file
containing a text representation of the entries to add. For database
types which support the tools, they produce the database files
directly (otherwise you must use the on-line method above). There
are several important configuration options you will want to be
sure and set in the config file database definition first:
> suffix
As described in the {{SECT:General Database Directives}} section,
this option defines which entries are to be held by this database.
You should set this to the DN of the root of the subtree you are
trying to create. For example:
> suffix "dc=example,dc=com"
You should be sure to specify a directory where the index files
should be created:
> directory
For example:
> directory /usr/local/var/openldap-data
Finally, you need to specify which indices you want to build. This
is done by one or more index options.
> index { | default} [pres,eq,approx,sub,none]
For example:
> index cn,sn,uid pres,eq,approx,sub
> index objectClass eq
This would create presence, equality, approximate, and substring
indices for the {{EX:cn}}, {{EX:sn}}, and {{EX:uid}} attributes and
an equality index for the {{EX:objectClass}} attribute. Note that
not all index types are available with all attribute types. See
{{SECT:The slapd Configuration File}} section for more information
on this option.
H3: The {{EX:slapadd}} program
Once you've configured things to your liking, you create the primary
database and associated indices by running the {{slapadd}}(8)
program:
> slapadd -l -f
> [-d ] [-n |-b ]
The arguments have the following meanings:
> -l
Specifies the {{TERM:LDIF}} input file containing the entries to
add in text form (described below in the {{SECT:The LDIF text entry
format}} section).
> -f
Specifies the slapd configuration file that tells where to create
the indices, what indices to create, etc.
> -F
Specifies a config directory. If both {{EX:-f}} and {{EX:-F}} are specified,
the config file will be read and converted to config directory format and
written to the specified directory. If neither option is specified, an attempt
to read the default config directory will be made before trying to use the
default config file. If a valid config directory exists then the default
config file is ignored. If dryrun mode is also specified, no conversion will occur.
> -d
Turn on debugging, as specified by {{EX:}}. The debug
levels are the same as for slapd. See the {{SECT:Command-Line
Options}} section in {{SECT:Running slapd}}.
> -n
An optional argument that specifies which database to modify. The
first database listed in the configuration file is {{EX:1}}, the
second {{EX:2}}, etc. By default, the first database in the
configuration file is used. Should not be used in conjunction with
{{EX:-b}}.
> -b
An optional argument that specifies which database to modify. The
provided suffix is matched against a database {{EX:suffix}} directive
to determine the database number. Should not be used in conjunction
with {{EX:-n}}.
H3: The {{EX:slapindex}} program
Sometimes it may be necessary to regenerate indices (such as after
modifying {{slapd.conf}}(5)). This is possible using the {{slapindex}}(8)
program. {{slapindex}} is invoked like this
> slapindex -f
> [-d ] [-n |-b ]
Where the {{EX:-f}}, {{EX:-d}}, {{EX:-n}} and {{EX:-b}} options
are the same as for the {{slapadd}}(1) program. {{slapindex}}
rebuilds all indices based upon the current database contents.
H3: The {{EX:slapcat}} program
The {{EX:slapcat}} program is used to dump the database to an
{{TERM:LDIF}} file. This can be useful when you want to make a
human-readable backup of your database or when you want to edit
your database off-line. The program is invoked like this:
> slapcat -l -f
> [-d ] [-n |-b ]
where {{EX:-n}} or {{EX:-b}} is used to select the database in the
{{slapd.conf}}(5) specified using {{EX:-f}}. The corresponding
{{TERM:LDIF}} output is written to standard output or to the file
specified using the {{EX:-l}} option.
!if 0
H3: The {{EX:ldif}} program
The {{ldif}}(1) program is used to convert arbitrary data values
to {{TERM:LDIF}} format. This can be useful when writing a program
or script to create the LDIF file you will feed into the {{slapadd}}(8)
or {{ldapadd}}(1) program, or when writing a SHELL backend.
{{ldif}}(1) takes an attribute description as an argument and reads
the attribute value(s) from standard input. It produces the LDIF
formatted attribute line(s) on standard output. The usage is:
> ldif [-b]
where {{EX:}} is an attribute description. Without the
{{EX-b}} option, the {{ldif}} program will consider each line of
standard input to be a separate value of the attribute.
> ldif description << EOF
> leading space
> # leading hash mark
> EOF
The {{EX:-b}} option can be used to force the {{ldif}} program to
interpret its input as a single raw binary value. This option is
useful when converting binary data such as a {{EX:jpegPhoto}} or
{{EX:audio}} attribute. For example:
> ldif -b jpegPhoto < photo.jpeg
!endif
H2: The LDIF text entry format
The {{TERM[expand]LDIF}} (LDIF) is used to represent LDAP entries
in a simple text format. This section provides a brief description
of the LDIF entry format which complements {{ldif}}(5) and the
technical specification {{REF:RFC2849}}.
The basic form of an entry is:
> # comment
> dn:
> :
> :
>
> ...
Lines starting with a '{{EX:#}}' character are comments. An
attribute description may be a simple attribute type like {{EX:cn}}
or {{EX:objectClass}} or {{EX:1.2.3}} (an {{TERM:OID}} associated
with an attribute type) or may include options such as {{EX:cn;lang_en_US}}
or {{EX:userCertificate;binary}}.
A line may be continued by starting the next line with a {{single}}
space or tab character. For example:
> dn: cn=Barbara J Jensen,dc=example,dc=
> com
> cn: Barbara J
> Jensen
is equivalent to:
> dn: cn=Barbara J Jensen,dc=example,dc=com
> cn: Barbara J Jensen
Multiple attribute values are specified on separate lines. e.g.,
> cn: Barbara J Jensen
> cn: Babs Jensen
If an {{EX:}} contains non-printing characters or begins
with a space, a colon ('{{EX::}}'), or a less than ('{{EX:<}}'),
the {{EX:}} is followed by a double colon and the base64
encoding of the value. For example, the value "{{EX: begins with
a space}}" would be encoded like this:
> cn:: IGJlZ2lucyB3aXRoIGEgc3BhY2U=
You can also specify a {{TERM:URL}} containing the attribute value.
For example, the following specifies the {{EX:jpegPhoto}} value
should be obtained from the file {{F:/path/to/file.jpeg}}.
> cn:< file:///path/to/file.jpeg
Multiple entries within the same LDIF file are separated by blank
lines. Here's an example of an LDIF file containing three entries.
> # Barbara's Entry
> dn: cn=Barbara J Jensen,dc=example,dc=com
> cn: Barbara J Jensen
> cn: Babs Jensen
> objectClass: person
> sn: Jensen
>
> # Bjorn's Entry
> dn: cn=Bjorn J Jensen,dc=example,dc=com
> cn: Bjorn J Jensen
> cn: Bjorn Jensen
> objectClass: person
> sn: Jensen
> # Base64 encoded JPEG photo
> jpegPhoto:: /9j/4AAQSkZJRgABAAAAAQABAAD/2wBDABALD
> A4MChAODQ4SERATGCgaGBYWGDEjJR0oOjM9PDkzODdASFxOQ
> ERXRTc4UG1RV19iZ2hnPk1xeXBkeFxlZ2P/2wBDARESEhgVG
>
> # Jennifer's Entry
> dn: cn=Jennifer J Jensen,dc=example,dc=com
> cn: Jennifer J Jensen
> cn: Jennifer Jensen
> objectClass: person
> sn: Jensen
> # JPEG photo from file
> jpegPhoto:< file:///path/to/file.jpeg
Notice that the {{EX:jpegPhoto}} in Bjorn's entry is base 64 encoded
and the {{EX:jpegPhoto}} in Jennifer's entry is obtained from the
location indicated by the URL.
Note: Trailing spaces are not trimmed from values in an LDIF file.
Nor are multiple internal spaces compressed. If you don't want them
in your data, don't put them there.
openldap_2.4.31.orig/doc/guide/admin/push-based-complete.png 0000644 0001750 0001750 00000127715 11745064444 023373 0 ustar vorlon vorlon PNG
IHDR 3 sBIT|d pHYs
B(x tEXtSoftware www.inkscape.org< IDATxwUՇ]Hw5vh1jID1L3רQc4bE
T*?ls>~sϚYf̌ $Vaf3g{ʐ;p