diff options
author | Nalin Dahyabhai <nalin.dahyabhai@pobox.com> | 2008-06-06 16:51:44 -0400 |
---|---|---|
committer | Nalin Dahyabhai <nalin.dahyabhai@pobox.com> | 2008-06-06 16:51:44 -0400 |
commit | 3e613a2810c48606aa1c2305e79d95b0b3046597 (patch) | |
tree | 430ec5e748e192773d9537e8375c6115daab31cb | |
parent | 1cb88dfb6b0b15cbbae6be5bf3e1423f52cf2ab0 (diff) | |
download | slapi-nis-3e613a2810c48606aa1c2305e79d95b0b3046597.tar.gz slapi-nis-3e613a2810c48606aa1c2305e79d95b0b3046597.tar.xz slapi-nis-3e613a2810c48606aa1c2305e79d95b0b3046597.zip |
- note that the map backend doesn't do reference resolution any more -- the
formatting and backend bits collude to make the right things happen
-rw-r--r-- | doc/design.txt | 23 |
1 files changed, 14 insertions, 9 deletions
diff --git a/doc/design.txt b/doc/design.txt index 6be771b..5f85205 100644 --- a/doc/design.txt +++ b/doc/design.txt @@ -111,6 +111,9 @@ multiplexing the work it does for all of its clients from inside of the thread.] The actual protocol datagram parsing is performed by libnsl, which is provided as a part of the C library. +Client requests are limited by the local tcp_wrappers configuration on +the directory server. + [Unless explicitly disabled in the module's configuration or in a map's configuration, the local /etc/securenets file is consulted to control access to map information to specific clients. The list of @@ -128,11 +131,6 @@ configurable via internal APIs -- the map cache itself has no forehand knowledge of domain names, map names, or formats, as it merely models data in the way that a NIS server might. -[The backend requires that the cache also be able to track one or more DNs - which are relevant to the value which is being stored for a given key - in the map, so that it can be updated if a directory entry with that DN - is added, removed, modified, or renamed.] - Forcing queries to use the cache provides a couple of benefits over an alternate approach of performing an LDAP query for each NIS query: * While the directory server is generally only case-preserving, the NIS @@ -219,7 +217,7 @@ double-quoted arguments. and any arguments which contain a double-quote need to escape the double-quote using a '\' character -- this character itself also needs to be escaped whenever it appears. -Implemented functions: += Implemented Functions = * echo() - Reproduces what it is given. - Example: @@ -291,10 +289,10 @@ Implemented functions: dn: uid=pete uid: pete %deref(",","member","uid") -> bob,pete - * referred(SEPARATOR,THATATTRIBUTE,THATOTHERATTRIBUTE) + * referred(SEPARATOR,MAP,THATATTRIBUTE,THATOTHERATTRIBUTE) - Creates a separated list of the values of THATOTHERATTRIBUTE for - directory entries which have this entry's name as a value for - THATATTRIBUTE. + directory entries which have entries in the named MAP and which + also have this entry's name as a value for THATATTRIBUTE. - Example: dn: cn=group - @@ -320,3 +318,10 @@ Implemented functions: dn: uid=pete uid: pete %merge(",","%list(\",\",\"membername\")","%deref(\",\",\"member\",\"uid\")") -> jim,bob,pete + +[== Publisher == +The module additionally supports re-publishing the contents of the NIS +maps through a read-only virtual backend. The published results are +"flattened" to resemble the original RFC2307 schema so that naive +clients which expect a single directory server entry to contain all of +the desired information about a user or group to make use of the data.] |