$conf = &get_config();
@access = &find("access", $conf);
if ($in{'new'}) {
- &ui_print_header(undef, $text{'eacl_title1'}, "");
+ &ui_print_header(undef, $text{'eacl_title1'}, "", "eacl");
$p = { 'what' => '*',
'by' => [ ] };
}
else {
- &ui_print_header(undef, $text{'eacl_title2'}, "");
+ &ui_print_header(undef, $text{'eacl_title2'}, "", "eacl");
$acl = $access[$in{'idx'}];
$p = &parse_ldap_access($acl);
}
--- /dev/null
+<header>Browse Database</header>
+
+This page allows you to navigate through the heirarchy of objects in your
+LDAP database, create and remove objects, and edit their attributes.
+The DN for the object being managed is always shown in the <b>Browsing</b>
+field - to quickly navigate to another object, enter a new DN and click <b>
+Show</b>. To move up the heirarchy, click on <b>Browse Parent</b>. <p>
+
+The rest of the page is divided into two tabs :
+<dl>
+<dt><b>Child objects</b>
+<dd>This table lists all objects under the current one. You can edit a
+ sub-object by clicking on it's DN, or delete objects by checking them and
+ hitting the <b>Remove Selected Children</b> button. To change the DN of
+ a sub-object, click on the <b>Rename</b> link and enter a new DN in the
+ field that appears. <p>
+ Clicking on <b>Add a new sub-object</b> will bring up a form for entering
+ the details of a new empty object under the current one. <p>
+
+<dt><b>Object attributes</b>
+<dd>This table lists all attributes of the current object. To edit the values
+ of one, click on the <b>Edit</b> link on the right. To delete attributes,
+ check the boxes next to them and then click the <b>Remove Selected
+ Attributes</b> button. In both cases, the LDAP server will enforce
+ restrictions on allowed and required attributes for the object's class. <p>
+ A new attribute can be created by clicking the <b>Add attribute to
+ object</b> link, which will display field for entering a name and value.
+ <p>
+</dl>
+
+<footer>
+
--- /dev/null
+<header>Access Control Rule</header>
+
+This page allows you to edit or create a single access control rule.
+The first section <b>Objects being granted</b> determines which DNs in
+your database the rule will apply to. You can either select <b>All objects</b>
+for the entire database, or <b>Object with DN</b> for objects matching whatever
+you enter into the adjacent field. <p>
+
+The <b>match type</b> menu determines if the rule applies to just this object,
+those under it, or if the DN is treated as a regular expression. You can also
+further control which objects are granted by entering an LDAP filter into the
+<b>Limit with object filter</b> field, like <i>(objectClass=posixAccount)</i>.
+<p>
+
+<hr>
+
+The second part of the page is a table for selecting which LDAP users have
+access to the objects. You can either select several general user classes from
+the <b>Grant access to</b> menu, or choose <b>Other</b> and enter a specific
+DN. <p>
+
+The <b>Access level</b> menu determines what these users can do with the
+objects. The lower more powerful levels imply all of those above them, so a
+user with <b>Write</b> access can also <b>Read</b> and <b>Search</b>. <p>
+
+<footer>
+
--- /dev/null
+<header>Create Object</header>
+
+This page is for creating a new object under some parent. You must enter at
+least the DN suffix for the object, such as <i>dc=people</i>, and one
+or more object classes, such as <i>top</i>. <p>
+
+If the object is to have initial attributes (required by most classes), they
+must be entered in the <b>Other attributes</b> table. If any required
+attributes are missing (or disallowed attributes given), an error will be
+displayed when you click the <b>Create</b> button. <p>
+
+<footer>
+
# Functions for configuring and talking to an LDAP server
-# XXX help pages
# XXX make sure ACLs work!
do '../web-lib.pl';