nss-pam-ldapd commit: r1368 - nss-pam-ldapd/man

[Date Prev][Date Next] [Thread Prev][Thread Next]

From: Commits of the nss-pam-ldapd project <nss-pam-ldapd-commits [at] lists.arthurdejong.org>
To: nss-pam-ldapd-commits [at] lists.arthurdejong.org
Reply-to: nss-pam-ldapd-users [at] lists.arthurdejong.org
Subject: nss-pam-ldapd commit: r1368 - nss-pam-ldapd/man
Date: Sat, 29 Jan 2011 21:19:57 +0100 (CET)

Author: arthur
Date: Sat Jan 29 21:19:54 2011
New Revision: 1368
URL: http://arthurdejong.org/viewvc/nss-pam-ldapd?view=rev&revision=1368

Log:
document a proper replacement for pam_check_host_attr (thanks Luca Capello) and 
add a section on quoting

Modified:
   nss-pam-ldapd/man/nslcd.conf.5.xml

Modified: nss-pam-ldapd/man/nslcd.conf.5.xml
==============================================================================
--- nss-pam-ldapd/man/nslcd.conf.5.xml  Sat Jan 29 21:15:56 2011        (r1367)
+++ nss-pam-ldapd/man/nslcd.conf.5.xml  Sat Jan 29 21:19:54 2011        (r1368)
@@ -693,13 +693,13 @@
       </para>
       <para>
        For example, to check that the user has a proper 
<literal>authorizedService</literal>
-       value if the attribute is present (this emulates the
+       value if the attribute is present (this almost emulates the
        <option>pam_check_service_attr</option> option in PADL's pam_ldap):
        
<literallayout><literal>(&amp;(objectClass=posixAccount)(uid=$username)(|(authorizedService=$service)(!(authorizedService=*))))</literal></literallayout>
       </para>
       <para>
        The <option>pam_check_host_attr</option> option can be emulated with:
-       
<literallayout><literal>(&amp;(objectClass=posixAccount)(uid=$username)(|(host=$hostname)(!(host=*))))</literal></literallayout>
+       
<literallayout><literal>(&amp;(objectClass=posixAccount)(uid=$username)(|(host=$hostname)(host=$fqdn)(host=\\*)))</literal></literallayout>
       </para>
       <para>
        The default behaviour is not to do this extra search and always
@@ -776,10 +776,7 @@
   <title>Attribute mapping expressions</title>
   <para>
    For some attributes a mapping expression may be used to construct the
-   resulting value. This is currently only possible for attributes that do
-   not need to be used in search filters.
-  </para>
-  <para>
+   resulting value.
    The expressions are a subset of the double quoted string expressions in the
    Bourne (POSIX) shell.
    Instead of variable substitution, attribute lookups are done on the current
@@ -809,6 +806,11 @@
    </varlistentry>
   </variablelist>
   <para>
+   Quote (<literal>"</literal>), dollar (<literal>$</literal>) or
+   backslash (<literal>\</literal>) characters should be escaped with a
+   backslash (<literal>\</literal>).
+  </para>
+  <para>
    The <command>nslcd</command> daemon checks the expressions to figure
    out which attributes to fetch from <acronym>LDAP</acronym>.
    Some examples to demonstrate how these expressions may be used in
-- 
To unsubscribe send an email to
nss-pam-ldapd-commits-unsubscribe@lists.arthurdejong.org or see
http://lists.arthurdejong.org/nss-pam-ldapd-commits

nss-pam-ldapd commit: r1368 - nss-pam-ldapd/man, Commits of the nss-pam-ldapd project

Prev by Date: nss-pam-ldapd commit: r1367 - in nss-pam-ldapd: man nslcd
Next by Date: nss-pam-ldapd commit: r1369 - nss-pam-ldapd/nslcd
Previous by thread: nss-pam-ldapd commit: r1367 - in nss-pam-ldapd: man nslcd
Next by thread: nss-pam-ldapd commit: r1369 - nss-pam-ldapd/nslcd