LinuxGuruz
  • Last 5 Forum Topics
    Replies
    Views
    Last post


The Web Only This Site
  • BOOKMARK

  • ADD TO FAVORITES

  • REFERENCES


  • MARC

    Mailing list ARChives
    - Search by -
     Subjects
     Authors
     Bodies





    FOLDOC

    Computing Dictionary




  • Text Link Ads






  • LINUX man pages
  • Linux Man Page Viewer


    The following form allows you to view linux man pages.

    Command:

    slapo-constraint

    
    
    

    SYNOPSIS

           /etc/openldap/slapd.conf
    
    
    

    DESCRIPTION

           The  constraint  overlay  is used to ensure that attribute values match
           some constraints beyond basic LDAP syntax.  Attributes can have  multi-
           ple  constraints placed upon them, and all must be satisfied when modi-
           fying an attribute value under constraint.
    
           This overlay is intended to be used to force syntactic regularity  upon
           certain  string represented data which have well known canonical forms,
           like telephone numbers, post codes, FQDNs, etc.
    
           It constrains only LDAP add, modify and rename commands and only  seeks
           to control the add and replace values of modify and rename requests.
    
           No constraints are applied for operations performed with the relax con-
           trol set.
    
    
    

    CONFIGURATION

           This slapd.conf option applies to the constraint  overlay.   It  should
           appear after the overlay directive.
    
           constraint_attribute  <attribute_name>[,...]  <type>  <value>  [<extra>
           [...]]
                  Specifies  the  constraint which should apply to the comma-sepa-
                  rated attribute list named as the first parameter.   Five  types
                  of constraint are currently supported - regex, size, count, uri,
                  and set.
    
                  The parameter following the regex type is a Unix  style  regular
                  expression (See regex(7) ). The parameter following the uri type
                  is an LDAP URI. The URI will  be  evaluated  using  an  internal
                  search.   It  must not include a hostname, and it must include a
                  list of attributes to evaluate.
    
                  The parameter following the set type is a string that is  inter-
                  preted according to the syntax in use for ACL sets.  This allows
                  to construct constraints based on the contents of the entry.
    
                  The size type can be used to enforce a  limit  on  an  attribute
                  length,  and  the  count  type limits the number of values of an
                  attribute.
    
                  Extra parameters can occur in any order  after  those  described
                  above.
    
                  <extra> : restrict=<uri>
    
                  This  extra  parameter allows to restrict the application of the
                  corresponding constraint only to entries that  match  the  base,
                  scope  and  filter  portions  of  the  LDAP  URI.   The base, if
                  constraint_attribute title uri
                    ldap:///dc=catalog,dc=example,dc=com?title?sub?(objectClass=titleCatalog)
                  constraint_attribute cn,sn,givenName set
                    "(this/givenName + [ ] + this/sn) & this/cn"
                    restrict="ldap:///ou=People,dc=example,dc=com??sub?(objectClass=inetOrgPerson)"
    
           A specification like the above would reject any  mail  attribute  which
           did  not  look like <alpha-numeric string>@mydomain.com.  It would also
           reject any title attribute whose values were not listed  in  the  title
           attribute  of  any  titleCatalog entries in the given scope. (Note that
           the "dc=catalog,dc=example,dc=com" subtree ought to reside in  a  sepa-
           rate  database, otherwise the initial set of titleCatalog entries could
           not be populated while the  constraint  is  in  effect.)   Finally,  it
           requires  the  values  of the attribute cn to be constructed by pairing
           values of the attributes sn and givenName, separated by  a  space,  but
           only for entries derived from the objectClass inetOrgPerson.
    
    
    

    FILES

           /etc/openldap/slapd.conf
                  default slapd configuration file
    
    
    

    SEE ALSO

           slapd.conf(5), slapd-config(5),
    
    
    

    ACKNOWLEDGEMENTS

           This  module  was written in 2005 by Neil Dunbar of Hewlett-Packard and
           subsequently extended by Howard Chu  and  Emmanuel  Dreyfus.   OpenLDAP
           Software   is   developed   and  maintained  by  The  OpenLDAP  Project
           <http://www.openldap.org/>.  OpenLDAP Software is derived from  Univer-
           sity of Michigan LDAP 3.3 Release.
    
    
    

    OpenLDAP 2.4.40 2014/09/20 SLAPO-CONSTRAINT(5)

    
    
  • MORE RESOURCE


  • Linux

    The Distributions





    Linux

    The Software





    Linux

    The News



  • MARKETING






  • Toll Free

webmaster@linuxguruz.com
Copyright © 1999 - 2016 by LinuxGuruz