- note that the map backend doesn't do reference resolution any more -- the

  formatting and backend bits collude to make the right things happen

1 files changed, 14 insertions, 9 deletions

diff --git a/doc/design.txt b/doc/design.txt
index 6be771b..5f85205 100644
--- a/doc/design.txt
+++ b/doc/design.txt
@@ -111,6 +111,9 @@ multiplexing the work it does for all of its clients from inside of the
 thread.]  The actual protocol datagram parsing is performed by libnsl,
 which is provided as a part of the C library.
 
+Client requests are limited by the local tcp_wrappers configuration on
+the directory server.
+
 [Unless explicitly disabled in the module's configuration or in a
  map's configuration, the local /etc/securenets file is consulted to
  control access to map information to specific clients.  The list of
@@ -128,11 +131,6 @@ configurable via internal APIs -- the map cache itself has no forehand
 knowledge of domain names, map names, or formats, as it merely models
 data in the way that a NIS server might.
 
-[The backend requires that the cache also be able to track one or more DNs
- which are relevant to the value which is being stored for a given key
- in the map, so that it can be updated if a directory entry with that DN
- is added, removed, modified, or renamed.]
-
 Forcing queries to use the cache provides a couple of benefits over an
 alternate approach of performing an LDAP query for each NIS query:
 * While the directory server is generally only case-preserving, the NIS
@@ -219,7 +217,7 @@ double-quoted arguments. and any arguments which contain a double-quote
 need to escape the double-quote using a '\' character -- this character
 itself also needs to be escaped whenever it appears.
 
-Implemented functions:
+= Implemented Functions =
   * echo()
     - Reproduces what it is given.
     - Example: 
@@ -291,10 +289,10 @@ Implemented functions:
 	dn: uid=pete
 	uid: pete
       %deref(",","member","uid") -> bob,pete
-  * referred(SEPARATOR,THATATTRIBUTE,THATOTHERATTRIBUTE)
+  * referred(SEPARATOR,MAP,THATATTRIBUTE,THATOTHERATTRIBUTE)
     - Creates a separated list of the values of THATOTHERATTRIBUTE for
-      directory entries which have this entry's name as a value for
-      THATATTRIBUTE.
+      directory entries which have entries in the named MAP and which
+      also have this entry's name as a value for THATATTRIBUTE.
     - Example: 
         dn: cn=group
         -
@@ -320,3 +318,10 @@ Implemented functions:
 	dn: uid=pete
 	uid: pete
       %merge(",","%list(\",\",\"membername\")","%deref(\",\",\"member\",\"uid\")") -> jim,bob,pete
+
+[== Publisher ==
+The module additionally supports re-publishing the contents of the NIS
+maps through a read-only virtual backend.  The published results are
+"flattened" to resemble the original RFC2307 schema so that naive
+clients which expect a single directory server entry to contain all of
+the desired information about a user or group to make use of the data.]