ipa-ldap-updater is really just meant to be run during upgrades, not as
a user utility. Add a blurb about that.
This also fixes a bit of formatting and adds a bit about the order of
operations.
rob
>From b7ce783956cc57cd9b2153c2da5487d0e96b242f Mon Sep 17 00:00:00 2001
From: Rob Crittenden <rcrit...@redhat.com>
Date: Tue, 13 Sep 2011 16:08:58 -0400
Subject: [PATCH] Update ipa-ldap-updater man page saying it is not an end-user utility
https://fedorahosted.org/freeipa/ticket/1792
---
install/tools/man/ipa-ldap-updater.1 | 12 ++++++++----
1 files changed, 8 insertions(+), 4 deletions(-)
diff --git a/install/tools/man/ipa-ldap-updater.1 b/install/tools/man/ipa-ldap-updater.1
index f906528..ed140b3 100644
--- a/install/tools/man/ipa-ldap-updater.1
+++ b/install/tools/man/ipa-ldap-updater.1
@@ -23,9 +23,11 @@ ipa\-ldap\-updater \- Update the IPA LDAP configuration
ipa\-ldap\-updater [options] input_file(s)
ipa\-ldap\-updater [options]
.SH "DESCRIPTION"
-Run with no file arguments, ipa\-ldap\-updater will process all files with the extension .update in /usr/share/ipa/updates.
+ipa\-ldap\-updater is used to apply updates to the IPA LDAP server when the IPA packages are being updated. It is not intended to be executed by end\-users.
-An update file describes an LDAP entry and a set of operations to be performed on that entry. It can be used to add new entries or modify existing entries. It cannot remove entries, just specific values in a given attribute.
+When run with no file arguments, ipa\-ldap\-updater will process all files with the extension .update in /usr/share/ipa/updates.
+
+An update file describes an LDAP entry and a set of operations to be performed on that entry. It can be used to add new entries or modify existing entries.
Blank lines and lines beginning with # are ignored.
@@ -37,7 +39,7 @@ There are 7 keywords:
* only: set an attribute to this
* deleteentry: remove the entry
* replace: replace an existing value, format is old: new
- * addifnew: add a new attribute and value only if the attribute doesn't already exist. Only works with single-value attributes.
+ * addifnew: add a new attribute and value only if the attribute doesn't already exist. Only works with single\-value attributes.
Values is a comma\-separated field so multi\-values may be added at one time. Double or single quotes may be put around individual values that contain embedded commas.
@@ -51,7 +53,7 @@ The available template variables are:
* $FQDN \- the fully\-qualified domain name of the IPA server being updated (ipa.example.com)
* $DOMAIN \- the domain name (example.com)
* $SUFFIX \- the IPA LDAP suffix (dc=example,dc=com)
- * $ESCAPED_SUFFIX \- the ldap-escaped IPA LDAP suffix
+ * $ESCAPED_SUFFIX \- the ldap\-escaped IPA LDAP suffix
* $LIBARCH \- set to 64 on x86_64 systems to be used for plugin paths
* $TIME \- an integer representation of current time
@@ -64,6 +66,8 @@ A few rules:
5. If a DN doesn't exist it is created from the 'default' entry and all updates are applied
6. If a DN does exist the default values are skipped
7. Only the first rule on a line is respected
+
+Adds and updates are applied from shortest to longest length of DN. Deletes are done from longest to shortest.
.SH "OPTIONS"
.TP
\fB\-d\fR, \fB\-\-debug
--
1.7.4
_______________________________________________
Freeipa-devel mailing list
Freeipa-devel@redhat.com
https://www.redhat.com/mailman/listinfo/freeipa-devel
