← Back to branch summary

~ttx/openldap/lucid-gssapi-495418

« back to all changes in this revision

Viewing changes to doc/man/man5/slapd-relay.5

  • Committer: Bazaar Package Importer
  • Author(s): Steve Langasek
  • Date: 2009-07-28 10:17:15 UTC
  • mto: (0.3.1 squeeze)
  • mto: This revision was merged to the branch mainline in revision 16.
  • Revision ID: james.westby@ubuntu.com-20090728101715-g0isvetelfeqm48k
Tags: upstream-2.4.17
ImportĀ upstreamĀ versionĀ 2.4.17

Show diffs side-by-side

added added

removed removed

Lines of Context:
doc/man/man5/slapd-relay.5
1
1
.TH SLAPD-RELAY 5 "RELEASEDATE" "OpenLDAP LDVERSION"
2
 
.\" Copyright 2004-2009 The OpenLDAP Foundation All Rights Reserved.
 
2
.\" Copyright 1998-2009 The OpenLDAP Foundation All Rights Reserved.
3
3
.\" Copying restrictions apply.  See COPYRIGHT/LICENSE.
4
 
.\" $OpenLDAP: pkg/ldap/doc/man/man5/slapd-relay.5,v 1.4.4.3 2009/01/30 20:14:10 quanah Exp $
 
4
.\" $OpenLDAP: pkg/ldap/doc/man/man5/slapd-relay.5,v 1.4.4.4 2009/06/03 01:41:57 quanah Exp $
5
5
.SH NAME
6
 
slapd-relay \- relay backend to slapd
 
6
slapd\-relay \- relay backend to slapd
7
7
.SH SYNOPSIS
8
8
ETCDIR/slapd.conf
9
9
.SH DESCRIPTION
15
15
instance into a virtual naming context, with attributeType
16
16
and objectClass manipulation, if required.
17
17
It requires the
18
 
.BR slapo-rwm (5)
 
18
.BR slapo\-rwm (5)
19
19
overlay.
20
20
.LP
21
21
This backend and the above mentioned overlay are experimental.
47
47
database does not automatically rewrite the naming context
48
48
of requests and responses.
49
49
For this purpose, the
50
 
.BR slapo-rwm (5)
 
50
.BR slapo\-rwm (5)
51
51
overlay must be explicitly instantiated, and configured
52
52
as appropriate.
53
53
Usually, the
54
 
.B rwm-suffixmassage
 
54
.B rwm\-suffixmassage
55
55
directive suffices if only naming context rewriting is required.
56
56
 
57
57
.SH ACCESS RULES
61
61
frontend sees the operation as performed by the identity in the
62
62
real naming context.
63
63
Moreover, since
64
 
.B back-relay
 
64
.B back\-relay
65
65
bypasses the real database frontend operations by short-circuiting
66
66
operations through the internal backend API, the original database
67
67
access rules do not apply but in selected cases, i.e. when the
103
103
  suffix                  "dc=virtual,dc=naming,dc=context"
104
104
  relay                   "dc=real,dc=naming,dc=context"
105
105
  overlay                 rwm
106
 
  rwm-suffixmassage       "dc=real,dc=naming,dc=context"
 
106
  rwm\-suffixmassage       "dc=real,dc=naming,dc=context"
107
107
.fi
108
108
.LP
109
109
To implement a plain virtual naming context mapping
113
113
  database                relay
114
114
  suffix                  "dc=virtual,dc=naming,dc=context"
115
115
  overlay                 rwm
116
 
  rwm-suffixmassage       "dc=real,dc=naming,dc=context"
 
116
  rwm\-suffixmassage       "dc=real,dc=naming,dc=context"
117
117
.fi
118
118
.LP
119
119
This is useful, for instance, to relay different databases that
129
129
  suffix                  "dc=virtual,dc=naming,dc=context"
130
130
  relay                   "dc=real,dc=naming,dc=context"
131
131
  overlay                 rwm
132
 
  rwm-rewriteEngine       on
133
 
  rwm-rewriteContext      default
134
 
  rwm-rewriteRule         "dc=virtual,dc=naming,dc=context"
 
132
  rwm\-rewriteEngine       on
 
133
  rwm\-rewriteContext      default
 
134
  rwm\-rewriteRule         "dc=virtual,dc=naming,dc=context"
135
135
                          "dc=real,dc=naming,dc=context" ":@"
136
 
  rwm-rewriteContext      searchFilter
137
 
  rwm-rewriteContext      searchEntryDN
138
 
  rwm-rewriteContext      searchAttrDN
139
 
  rwm-rewriteContext      matchedDN
 
136
  rwm\-rewriteContext      searchFilter
 
137
  rwm\-rewriteContext      searchEntryDN
 
138
  rwm\-rewriteContext      searchAttrDN
 
139
  rwm\-rewriteContext      matchedDN
140
140
.fi
141
141
.LP
142
142
Note that the 
143
 
.BR slapo-rwm (5)
 
143
.BR slapo\-rwm (5)
144
144
overlay is instantiated, but the rewrite rules are written explicitly,
145
145
rather than automatically as with the
146
 
.B rwm-suffixmassage
 
146
.B rwm\-suffixmassage
147
147
statement, to map all the virtual to real naming context data flow,
148
148
but none of the real to virtual.
149
149
.LP
161
161
  suffix                  "o=Example,c=US"
162
162
  relay                   "dc=example,dc=com"
163
163
  overlay                 rwm
164
 
  rwm-suffixmassage       "dc=example,dc=com"
 
164
  rwm\-suffixmassage       "dc=example,dc=com"
165
165
  # skip ...
166
166
  access to dn.subtree="o=Example,c=US"
167
167
          by dn.exact="cn=Supervisor,dc=example,dc=com" write
203
203
.SH SEE ALSO
204
204
.BR slapd.conf (5),
205
205
.BR slapd\-config (5),
206
 
.BR slapo-rwm (5),
 
206
.BR slapo\-rwm (5),
207
207
.BR slapd (8).