From f4dd34d24c22926b76da6f6e1d9f4c471ec2b2da Mon Sep 17 00:00:00 2001
From: rhaggard <rhaggard@localhost>
Date: Fri, 01 Feb 2008 17:30:23 +0000
Subject: [PATCH] commiting configuration XML files after adding info from the old config guide to be incorporated in the new generated config reference

---
 opends/src/admin/defn/org/opends/server/admin/std/DigestMD5SASLMechanismHandlerConfiguration.xml |   72 ++++++++++++++++++++++++++----------
 1 files changed, 52 insertions(+), 20 deletions(-)

diff --git a/opends/src/admin/defn/org/opends/server/admin/std/DigestMD5SASLMechanismHandlerConfiguration.xml b/opends/src/admin/defn/org/opends/server/admin/std/DigestMD5SASLMechanismHandlerConfiguration.xml
index 538b10b..c31ccc9 100644
--- a/opends/src/admin/defn/org/opends/server/admin/std/DigestMD5SASLMechanismHandlerConfiguration.xml
+++ b/opends/src/admin/defn/org/opends/server/admin/std/DigestMD5SASLMechanismHandlerConfiguration.xml
@@ -31,10 +31,18 @@
   xmlns:adm="http://www.opends.org/admin"
   xmlns:ldap="http://www.opends.org/admin-ldap">
   <adm:synopsis>
-    The
-    <adm:user-friendly-name />
+    The DIGEST-MD5 SASL mechanism
     is used to perform all processing related to SASL DIGEST-MD5
-    authentication.
+    authentication. The DIGEST-MD5 SASL mechanism is very similar 
+    to the CRAM-MD5 mechanism in that it allows for password-based 
+    authentication without exposing the password in the clear 
+    (although it does require that both the client and the server 
+    have access to the clear-text password). Like the CRAM-MD5 
+    mechanism, it uses data that is randomly generated by the server 
+    to make it resistant to replay attacks, but it also includes 
+    randomly-generated data from the client, which makes it also 
+    resistant to problems resulting from weak server-side random 
+    number generation.
   </adm:synopsis>
   <adm:profile name="ldap">
     <ldap:object-class>
@@ -53,34 +61,45 @@
   </adm:property-override>
   <adm:property name="realm">
     <adm:synopsis>
-      Specifies the realm that should be used by the server for
+      Specifies the realm that is to be used by the server for
       DIGEST-MD5 authentication.
     </adm:synopsis>
     <adm:description>
-      If this is not provided, then the server will default to using a
+      If this value is not provided, then the server defaults to use a
       set of realm names that correspond to the defined suffixes.
     </adm:description>
     <adm:default-behavior>
       <adm:alias>
         <adm:synopsis>
-          The server will default to a set of realm names that
+          The server defaults to a set of realm names that
           correspond to the defined suffixes.
         </adm:synopsis>
       </adm:alias>
     </adm:default-behavior>
     <adm:syntax>
-      <adm:string />
+      <adm:string>
+        <adm:pattern>
+          <adm:regex>.*</adm:regex>
+          <adm:usage>STRING</adm:usage>
+          <adm:synopsis>
+            Any realm string. As needed, it be a DN or matched 
+            to a realm already in use for another service.
+          </adm:synopsis>
+        </adm:pattern>
+      </adm:string>
     </adm:syntax>
     <adm:profile name="ldap">
       <ldap:attribute>
         <ldap:name>ds-cfg-realm</ldap:name>
       </ldap:attribute>
     </adm:profile>
-  </adm:property>
-  <adm:property name="identity-mapper" mandatory="true">
+  </adm:property> <adm:property name="identity-mapper" mandatory="true">
     <adm:synopsis>
-      Specifies the name of the identity mapper that should be used to
-      match client authentication and authorization IDs to user entries.
+      Specifies the name of the identity mapper that is to be used
+      with this SASL mechanism handler to match the authentication
+      or authorization
+      ID included in the SASL bind request to the corresponding
+      user in the directory.
     </adm:synopsis>
     <adm:syntax>
       <adm:aggregation relation-name="identity-mapper"
@@ -109,23 +128,36 @@
   <adm:property name="server-fqdn">
     <adm:synopsis>
       Specifies the DNS-resolvable fully-qualified domain name for the
-      system.
+      server that is used when validating the digest-uri parameter during 
+      the authentication process. If this configuration attribute is 
+      present, then the server expects that clients use a digest-uri equal 
+      to "ldap/" followed by the value of this attribute. For example, if 
+      the attribute has a value of "directory.example.com", then the 
+      server expects clients to use a digest-uri of 
+      "ldap/directory.example.com". If no value is provided, then the 
+      server does not attempt to validate the digest-uri provided by the 
+      client and accepts any value.
     </adm:synopsis>
-    <adm:description>
-      This is the value expected to be present in the host field of the
-      digest-uri-value element.
-    </adm:description>
     <adm:default-behavior>
       <adm:alias>
         <adm:synopsis>
-          The server will attempt to dynamically determine the
-          fully-qualified domain name.
+          The server attempts to determine the
+          fully-qualified domain name dynamically.
         </adm:synopsis>
       </adm:alias>
     </adm:default-behavior>
     <adm:syntax>
-      <adm:string />
-    </adm:syntax>
+      <adm:string>
+        <adm:pattern>
+          <adm:regex>.*</adm:regex>
+          <adm:usage>STRING</adm:usage>
+          <adm:synopsis>
+            The fully-qualified address that is expected for clients to use 
+            when connecting to the server and authenticating via DIGEST-MD5.
+          </adm:synopsis>
+        </adm:pattern>
+      </adm:string>
+    </adm:syntax> 
     <adm:profile name="ldap">
       <ldap:attribute>
         <ldap:name>ds-cfg-server-fqdn</ldap:name>

--
Gitblit v1.10.0