Free Knowledge Resources


Linux Manual Pages


Free Software * Books

Source Code

Free Media

Linux

slapo-constraint(5)


NAME

   slapo-constraint - Attribute Constraint Overlay to slapd

SYNOPSIS

   /etc/ldap/slapd.conf

DESCRIPTION

   The  constraint  overlay  is used to ensure that attribute values match
   some  constraints  beyond  basic  LDAP  syntax.   Attributes  can  have
   multiple  constraints  placed upon them, and all must be satisfied when
   modifying an attribute value under constraint.

   This overlay is intended to be used to force syntactic regularity  upon
   certain  string represented data which have well known canonical forms,
   like telephone numbers, post codes, FQDNs, etc.

   It constrains only LDAP add, modify and rename commands and only  seeks
   to control the add and replace values of modify and rename requests.

   No  constraints  are  applied  for  operations performed with the relax
   control set.

CONFIGURATION

   This slapd.conf option applies to the constraint  overlay.   It  should
   appear after the overlay directive.

   constraint_attribute  <attribute_name>[,...]  <type>  <value>  [<extra>
   [...]]
          Specifies the  constraint  which  should  apply  to  the  comma-
          separated  attribute  list  named  as the first parameter.  Five
          types of constraint  are  currently  supported  -  regex,  size,
          count, uri, and set.

          The  parameter  following the regex type is a Unix style regular
          expression (See regex(7) ). The parameter following the uri type
          is  an  LDAP  URI.  The  URI will be evaluated using an internal
          search.  It must not include a hostname, and it must  include  a
          list of attributes to evaluate.

          The  parameter  following  the  set  type  is  a  string that is
          interpreted according to the syntax in use for ACL  sets.   This
          allows  to  construct  constraints  based on the contents of the
          entry.

          The size type can be used to enforce a  limit  on  an  attribute
          length,  and  the  count  type limits the number of values of an
          attribute.

          Extra parameters can occur in any order  after  those  described
          above.

          <extra> : restrict=<uri>

          This  extra  parameter allows to restrict the application of the
          corresponding constraint only to entries that  match  the  base,
          scope  and  filter  portions  of  the  LDAP  URI.   The base, if
          present, must be within the naming context of the database.  The
          scope  is  only  used  when  the base is present; it defaults to
          base.  The other parameters of the URI are not allowed.

   Any attempt to add  or  modify  an  attribute  named  as  part  of  the
   constraint  overlay  specification  which  does  not fit the constraint
   listed will fail with a LDAP_CONSTRAINT_VIOLATION error.

EXAMPLES

          overlay constraint
          constraint_attribute jpegPhoto size 131072
          constraint_attribute userPassword count 3
          constraint_attribute mail regex ^[[:alnum:]]+@mydomain.com$
          constraint_attribute title uri
            ldap:///dc=catalog,dc=example,dc=com?title?sub?(objectClass=titleCatalog)
          constraint_attribute cn,sn,givenName set
            "(this/givenName + [ ] + this/sn) & this/cn"
            restrict="ldap:///ou=People,dc=example,dc=com??sub?(objectClass=inetOrgPerson)"

   A specification like the above would reject any  mail  attribute  which
   did  not  look like <alpha-numeric string>@mydomain.com.  It would also
   reject any title attribute whose values were not listed  in  the  title
   attribute  of  any  titleCatalog entries in the given scope. (Note that
   the  "dc=catalog,dc=example,dc=com"  subtree  ought  to  reside  in   a
   separate  database,  otherwise  the initial set of titleCatalog entries
   could not be populated while the constraint is in effect.)  Finally, it
   requires  the  values  of the attribute cn to be constructed by pairing
   values of the attributes sn and givenName, separated by  a  space,  but
   only for entries derived from the objectClass inetOrgPerson.

FILES

   /etc/ldap/slapd.conf
          default slapd configuration file

SEE ALSO

   slapd.conf(5), slapd-config(5),

ACKNOWLEDGEMENTS

   This  module  was written in 2005 by Neil Dunbar of Hewlett-Packard and
   subsequently extended by Howard Chu  and  Emmanuel  Dreyfus.   OpenLDAP
   Software   is   developed   and  maintained  by  The  OpenLDAP  Project
   <http://www.openldap.org/>.   OpenLDAP   Software   is   derived   from
   University of Michigan LDAP 3.3 Release.



Opportunity


Personal Opportunity - Free software gives you access to billions of dollars of software at no cost. Use this software for your business, personal use or to develop a profitable skill. Access to source code provides access to a level of capabilities/information that companies protect though copyrights. Open source is a core component of the Internet and it is available to you. Leverage the billions of dollars in resources and capabilities to build a career, establish a business or change the world. The potential is endless for those who understand the opportunity.

Business Opportunity - Goldman Sachs, IBM and countless large corporations are leveraging open source to reduce costs, develop products and increase their bottom lines. Learn what these companies know about open source and how open source can give you the advantage.



Free Software


Free Software provides computer programs and capabilities at no cost but more importantly, it provides the freedom to run, edit, contribute to, and share the software. The importance of free software is a matter of access, not price. Software at no cost is a benefit but ownership rights to the software and source code is far more significant.

Free Office Software - The Libre Office suite provides top desktop productivity tools for free. This includes, a word processor, spreadsheet, presentation engine, drawing and flowcharting, database and math applications. Libre Office is available for Linux or Windows.



Free Books


The Free Books Library is a collection of thousands of the most popular public domain books in an online readable format. The collection includes great classical literature and more recent works where the U.S. copyright has expired. These books are yours to read and use without restrictions.

Source Code - Want to change a program or know how it works? Open Source provides the source code for its programs so that anyone can use, modify or learn how to write those programs themselves. Visit the GNU source code repositories to download the source.



Education


Study at Harvard, Stanford or MIT - Open edX provides free online courses from Harvard, MIT, Columbia, UC Berkeley and other top Universities. Hundreds of courses for almost all major subjects and course levels. Open edx also offers some paid courses and selected certifications.

Linux Manual Pages - A man or manual page is a form of software documentation found on Linux/Unix operating systems. Topics covered include computer programs (including library and system calls), formal standards and conventions, and even abstract concepts.


birds banner