From 8101af84048197bd67be6f030fff6f3dd0b90eec Mon Sep 17 00:00:00 2001 From: Ken Raeburn Date: Wed, 20 Dec 2006 21:12:35 +0000 Subject: Merge r18962 to trunk, with minor tweaks; ready to merge to 1.6 branch Changes fix up some sample names used, remove some options described from certain commands, and fix filling in man pages. ticket: 5116 git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@19000 dc483132-0cff-0310-8789-dd5450dbe970 --- src/kadmin/cli/kadmin.M | 12 ++++++++---- 1 file changed, 8 insertions(+), 4 deletions(-) (limited to 'src/kadmin/cli') diff --git a/src/kadmin/cli/kadmin.M b/src/kadmin/cli/kadmin.M index 6706083e6..20958e88e 100644 --- a/src/kadmin/cli/kadmin.M +++ b/src/kadmin/cli/kadmin.M @@ -162,11 +162,13 @@ Options supported for LDAP database are: specifies the LDAP server to connect to by a LDAP URI. .TP \-x binddn= +.fi specifies the DN of the object used by the administration server to bind to the LDAP server. -This object should have the read rights on the realm container and write rights on the subtree -that is referenced by the realm. +This object should have the read and write rights on the realm container, principal container +and the subtree that is referenced by the realm. .TP \-x bindpwd= +.fi specifies the password for the above mentioned binddn. It is recommended not to use this option. Instead, the password can be stashed using the stashsrvpw command of kdb5_ldap_util. .RE @@ -227,8 +229,9 @@ Specifies the LDAP object that will contain the Kerberos principal being created. .TP \-x linkdn= +.fi Specifies the LDAP object to which the newly created Kerberos principal object - will point to. +will point to. .TP \-x containerdn= Specifies the container object under which the Kerberos principal is to be created. @@ -475,8 +478,9 @@ Denotes the database specific options. The options for LDAP database are: Associates a ticket policy to the Kerberos principal. .TP \-x linkdn= +.fi Associates a Kerberos principal with a LDAP object. This option is honored only - if the Kerberos principal is not already associated with a LDAP object. +if the Kerberos principal is not already associated with a LDAP object. .RE .TP ERRORS: -- cgit