From 2384d64b2775ab1b1bfc145d714a7c1394e2f877 Mon Sep 17 00:00:00 2001
From: lfrost <lfrost@localhost>
Date: Mon, 21 Jan 2008 13:53:48 +0000
Subject: [PATCH] Doc review on identity mapper config doc
---
opends/src/admin/defn/org/opends/server/admin/std/RegularExpressionIdentityMapperConfiguration.xml | 75 +++++++++++++++++++++++++------------
opends/src/admin/defn/org/opends/server/admin/std/ExactMatchIdentityMapperConfiguration.xml | 28 +++++++++----
opends/src/admin/defn/org/opends/server/admin/std/IdentityMapperConfiguration.xml | 14 +++++--
3 files changed, 80 insertions(+), 37 deletions(-)
diff --git a/opends/src/admin/defn/org/opends/server/admin/std/ExactMatchIdentityMapperConfiguration.xml b/opends/src/admin/defn/org/opends/server/admin/std/ExactMatchIdentityMapperConfiguration.xml
index a3ddfe4..1ebcce0 100644
--- a/opends/src/admin/defn/org/opends/server/admin/std/ExactMatchIdentityMapperConfiguration.xml
+++ b/opends/src/admin/defn/org/opends/server/admin/std/ExactMatchIdentityMapperConfiguration.xml
@@ -35,7 +35,8 @@
<adm:user-friendly-name />
maps an identifier string to user entries by searching for the entry
containing a specified attribute whose value is the provided
- identifier.
+ identifier. For example, the username provided by the client for DIGEST-MD5
+ authentication must match the value of the uid attribute
</adm:synopsis>
<adm:profile name="ldap">
<ldap:object-class>
@@ -56,15 +57,23 @@
multi-valued="true">
<adm:synopsis>
Specifies the attribute whose value should exactly match the ID
- string provided to this identity mapper.
+ string provided to this identity mapper.
</adm:synopsis>
<adm:description>
At least one value must be provided. All values must refer to the
name or OID of an attribute type defined in the Directory Server
- schema. If multiple attribute type names or OIDs are provided,
- then at least one of those attributes must contain the provided ID
- string value in exactly one entry.
+ schema. If multiple attributes or OIDs are provided, at least one of
+ those attributes must contain the provided ID string value in exactly
+ one entry. The internal search performed includes a logical OR across
+ all of these values.
</adm:description>
+ <adm:default-behavior>
+ <adm:defined>
+ <adm:value>
+ uid
+ </adm:value>
+ </adm:defined>
+ </adm:default-behavior>
<adm:syntax>
<adm:attribute-type />
</adm:syntax>
@@ -74,18 +83,19 @@
</ldap:attribute>
</adm:profile>
</adm:property>
- <adm:property name="match-base-dn" multi-valued="true">
+ <adm:property name="match-base-dn" mandatory="false" multi-valued="true">
<adm:synopsis>
- Specifies the set of base DNs below which to search for users.
+ Specifies the set of base DNs below which to search for users.
</adm:synopsis>
<adm:description>
The base DNs will be used when performing searches to map the
- provided ID string to a user entry.
+ provided ID string to a user entry. If multiple values are given, searches
+ are performed below all specified base DNs.
</adm:description>
<adm:default-behavior>
<adm:alias>
<adm:synopsis>
- The server will search below all public naming contexts.
+ The server searches below all public naming contexts.
</adm:synopsis>
</adm:alias>
</adm:default-behavior>
diff --git a/opends/src/admin/defn/org/opends/server/admin/std/IdentityMapperConfiguration.xml b/opends/src/admin/defn/org/opends/server/admin/std/IdentityMapperConfiguration.xml
index 8ba8e16..d13850e 100644
--- a/opends/src/admin/defn/org/opends/server/admin/std/IdentityMapperConfiguration.xml
+++ b/opends/src/admin/defn/org/opends/server/admin/std/IdentityMapperConfiguration.xml
@@ -33,8 +33,11 @@
<adm:synopsis>
<adm:user-friendly-plural-name />
are responsible for establishing a mapping between an identifier
- string and the entry for the user that corresponds to that
- identifier.
+ string provided by a client, and the entry for the user that
+ corresponds to that identifier. <adm:user-friendly-plural-name />
+ are used to process several SASL mechanisms to map an authorization ID
+ (e.g., a Kerberos principal when using GSSAPI) to a directory user. They
+ are also used when processing requests with the proxied authorization control.
</adm:synopsis>
<adm:tag name="security" />
<adm:tag name="user-management" />
@@ -49,7 +52,7 @@
</adm:profile>
<adm:property name="enabled" mandatory="true">
<adm:synopsis>
- Indicate whether the
+ Indicates whether the
<adm:user-friendly-name />
is enabled for use.
</adm:synopsis>
@@ -64,10 +67,13 @@
</adm:property>
<adm:property name="java-class" mandatory="true">
<adm:synopsis>
- The fully-qualified name of the Java class that provides the
+ Specifies the fully-qualified name of the Java class that provides the
<adm:user-friendly-name />
implementation.
</adm:synopsis>
+ <adm:requires-admin-action>
+ <adm:component-restart />
+ </adm:requires-admin-action>
<adm:syntax>
<adm:java-class>
<adm:instance-of>
diff --git a/opends/src/admin/defn/org/opends/server/admin/std/RegularExpressionIdentityMapperConfiguration.xml b/opends/src/admin/defn/org/opends/server/admin/std/RegularExpressionIdentityMapperConfiguration.xml
index daac5c7..9c246fd 100644
--- a/opends/src/admin/defn/org/opends/server/admin/std/RegularExpressionIdentityMapperConfiguration.xml
+++ b/opends/src/admin/defn/org/opends/server/admin/std/RegularExpressionIdentityMapperConfiguration.xml
@@ -33,7 +33,7 @@
<adm:synopsis>
The
<adm:user-friendly-name />
- provides a means of using a regular expression to translate the
+ provides a way to use a regular expression to translate the
provided identifier when searching for the appropriate user entry.
</adm:synopsis>
<adm:description>
@@ -42,9 +42,8 @@
username portion (the part before the "@" symbol) should be used in
the mapping process. Note that a replacement will be made only if
all or part of the provided ID string matches the given match
- pattern. If no part of the provided ID string matches the provided
- pattern, then the given ID string will be used without any
- alteration.
+ pattern. If no part of the ID string matches the provided
+ pattern, the given ID string is used without any alteration.
</adm:description>
<adm:profile name="ldap">
<ldap:object-class>
@@ -66,14 +65,21 @@
<adm:synopsis>
Specifies the name or OID of the attribute whose value should
match the provided identifier string after it has been processed
- by the associated regular expression.
+ by the associated regular expression.
</adm:synopsis>
<adm:description>
All values must refer to the name or OID of an attribute type
- defined in the Directory Server schema. If multiple attribute type
- names or OIDs are provided, then at least one of those attributes
- must contain the provided ID string value in exactly one entry.
+ defined in the Directory Server schema. If multiple attributes
+ or OIDs are provided, at least one of those attributes must contain
+ the provided ID string value in exactly one entry.
</adm:description>
+ <adm:default-behavior>
+ <adm:defined>
+ <adm:value>
+ uid
+ </adm:value>
+ </adm:defined>
+ </adm:default-behavior>
<adm:syntax>
<adm:attribute-type />
</adm:syntax>
@@ -83,15 +89,16 @@
</ldap:attribute>
</adm:profile>
</adm:property>
- <adm:property name="match-base-dn" multi-valued="true">
+ <adm:property name="match-base-dn" mandatory="false" multi-valued="true">
<adm:synopsis>
Specifies the base DN(s) that should be used when performing
- searches to map the provided ID string to a user entry.
+ searches to map the provided ID string to a user entry. If multiple
+ values are given, searches are performed below all the specified base DNs.
</adm:synopsis>
<adm:default-behavior>
<adm:alias>
<adm:synopsis>
- The server will search below all public naming contexts.
+ The server searches below all public naming contexts.
</adm:synopsis>
</adm:alias>
</adm:default-behavior>
@@ -106,24 +113,35 @@
</adm:property>
<adm:property name="match-pattern" mandatory="true">
<adm:synopsis>
- Specifies the regular expression pattern that will be used to
- identify portions of the ID string which will be replaced.
+ Specifies the regular expression pattern that is used to
+ identify portions of the ID string that will be replaced.
</adm:synopsis>
<adm:description>
- Any portion of the ID string which matches this pattern will be
- replaced in accordance with the provided replace pattern (or will
- be removed if no replace pattern is specified). If multiple
- substrings within the given ID string match this pattern, then all
- occurrences will be replaced. If no part of the given ID string
- matches this pattern, then the ID string will not be altered.
- Exactly one match pattern value must be provided, and it must be a
+ Any portion of the ID string that matches this pattern is
+ replaced in accordance with the provided replace pattern (or is
+ removed if no replace pattern is specified). If multiple
+ substrings within the given ID string match this pattern, all
+ occurrences are replaced. If no part of the given ID string
+ matches this pattern, the ID string is not altered. Exactly one
+ match pattern value must be provided, and it must be a
valid regular expression as described in the API documentation for
the java.util.regex.Pattern class, including support for capturing
groups.
</adm:description>
<adm:syntax>
- <adm:string />
- </adm:syntax>
+ <adm:string>
+ <adm:pattern>
+ <adm:regex>.*</adm:regex>
+ <adm:usage>REGEXP</adm:usage>
+ <adm:synopsis>
+ Any valid regular expression pattern which is supported by the
+ javax.util.regex.Pattern class
+ (see http://java.sun.com/j2se/1.5.0/docs/api/java/util/regex/Pattern.html
+ for documentation about this class for Java SE 5).
+ </adm:synopsis>
+ </adm:pattern>
+ </adm:string>
+ </adm:syntax>
<adm:profile name="ldap">
<ldap:attribute>
<ldap:name>ds-cfg-match-pattern</ldap:name>
@@ -151,8 +169,17 @@
</adm:alias>
</adm:default-behavior>
<adm:syntax>
- <adm:string />
- </adm:syntax>
+ <adm:string>
+ <adm:pattern>
+ <adm:regex>.*</adm:regex>
+ <adm:usage>REGEXP</adm:usage>
+ <adm:synopsis>
+ Any valid replacement string that is allowed by the
+ javax.util.regex.Matcher class.
+ </adm:synopsis>
+ </adm:pattern>
+ </adm:string>
+ </adm:syntax>
<adm:profile name="ldap">
<ldap:attribute>
<ldap:name>ds-cfg-replace-pattern</ldap:name>
--
Gitblit v1.10.0