From 5f5d4a285c985373567a907265f1cba9773b1b13 Mon Sep 17 00:00:00 2001
From: "Todd C. Miller" <Todd.Miller@sudo.ws>
Date: Fri, 9 Nov 2018 11:02:34 -0700
Subject: [PATCH] Mention schema.olcSudo here too.

---
 doc/sudoers.ldap.cat     | 30 +++++++++++++++++++++---------
 doc/sudoers.ldap.man.in  | 39 ++++++++++++++++++++++++++-------------
 doc/sudoers.ldap.mdoc.in | 37 ++++++++++++++++++++++++-------------
 3 files changed, 71 insertions(+), 35 deletions(-)

diff --git a/doc/sudoers.ldap.cat b/doc/sudoers.ldap.cat
index a6da4c128..0d48b9abb 100644
--- a/doc/sudoers.ldap.cat
+++ b/doc/sudoers.ldap.cat
@@ -375,13 +375,23 @@ DDEESSCCRRIIPPTTIIOONN
      In order to use ssuuddoo's LDAP support, the ssuuddoo schema must be installed on
      your LDAP server.  In addition, be sure to index the sudoUser attribute.
 
-     Three versions of the schema: one for OpenLDAP servers (_s_c_h_e_m_a_._O_p_e_n_L_D_A_P),
-     one for Netscape-derived servers (_s_c_h_e_m_a_._i_P_l_a_n_e_t), and one for Microsoft
-     Active Directory (_s_c_h_e_m_a_._A_c_t_i_v_e_D_i_r_e_c_t_o_r_y) may be found in the ssuuddoo
-     distribution.
+     The ssuuddoo distribution includes versions of the ssuuddooeerrss schema for
+     multiple LDAP servers:
 
-     The schema for ssuuddoo in OpenLDAP form is also included in the _E_X_A_M_P_L_E_S
-     section.
+     _s_c_h_e_m_a_._O_p_e_n_L_D_A_P
+           OpenLDAP slapd and OpenBSD ldapd
+
+     _s_c_h_e_m_a_._o_l_c_S_u_d_o
+           OpenLDAP slapd 2.3 and higher when on-line configuration is enabled
+
+     _s_c_h_e_m_a_._i_P_l_a_n_e_t
+           Netscape-derived servers such as the iPlanet, Oracle, and 389
+           Directory Servers
+
+     _s_c_h_e_m_a_._A_c_t_i_v_e_D_i_r_e_c_t_o_r_y
+           Microsoft Active Directory
+
+     The schema in OpenLDAP format is also included in the _E_X_A_M_P_L_E_S section.
 
    CCoonnffiigguurriinngg llddaapp..ccoonnff
      Sudo reads the _/_e_t_c_/_l_d_a_p_._c_o_n_f file for LDAP-specific configuration.
@@ -905,11 +915,13 @@ EEXXAAMMPPLLEESS
        # sasl_secprops none
        # krb5_ccname /etc/.ldapcache
 
-   SSuuddoo sscchheemmaa ffoorr OOppeennLLDDAAPP
+   SSuuddooeerrss sscchheemmaa ffoorr OOppeennLLDDAAPP
      The following schema, in OpenLDAP format, is included with ssuuddoo source
      and binary distributions as _s_c_h_e_m_a_._O_p_e_n_L_D_A_P.  Simply copy it to the
      schema directory (e.g., _/_e_t_c_/_o_p_e_n_l_d_a_p_/_s_c_h_e_m_a), add the proper include
-     line in _s_l_a_p_d_._c_o_n_f and restart ssllaappdd.
+     line in _s_l_a_p_d_._c_o_n_f and restart ssllaappdd.  Sites using the optional on-line
+     configuration supported by OpenLDAP 2.3 and higher should apply the
+     _s_c_h_e_m_a_._o_l_c_S_u_d_o file instead.
 
        attributetype ( 1.3.6.1.4.1.15953.9.1.1
           NAME 'sudoUser'
@@ -1018,4 +1030,4 @@ DDIISSCCLLAAIIMMEERR
      file distributed with ssuuddoo or https://www.sudo.ws/license.html for
      complete details.
 
-Sudo 1.8.26                    October 28, 2018                    Sudo 1.8.26
+Sudo 1.8.26                    November 9, 2018                    Sudo 1.8.26
diff --git a/doc/sudoers.ldap.man.in b/doc/sudoers.ldap.man.in
index b2b99ffce..c1ee55039 100644
--- a/doc/sudoers.ldap.man.in
+++ b/doc/sudoers.ldap.man.in
@@ -14,7 +14,7 @@
 .\" ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF
 .\" OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.
 .\"
-.TH "SUDOERS.LDAP" "5" "October 28, 2018" "Sudo @PACKAGE_VERSION@" "File Formats Manual"
+.TH "SUDOERS.LDAP" "5" "November 9, 2018" "Sudo @PACKAGE_VERSION@" "File Formats Manual"
 .nh
 .if n .ad l
 .SH "NAME"
@@ -656,19 +656,28 @@ In addition, be sure to index the
 \fRsudoUser\fR
 attribute.
 .PP
-Three versions of the schema: one for OpenLDAP servers
-(\fIschema.OpenLDAP\fR),
-one for Netscape-derived servers
-(\fIschema.iPlanet\fR),
-and one for Microsoft Active Directory
-(\fIschema.ActiveDirectory\fR)
-may be found in the
+The
 \fBsudo\fR
-distribution.
+distribution includes versions of the
+\fBsudoers\fR
+schema for multiple LDAP servers:
+.TP 6n
+\fIschema.OpenLDAP\fR
+OpenLDAP slapd and
+OpenBSD
+ldapd
+.TP 6n
+\fIschema.olcSudo\fR
+OpenLDAP slapd 2.3 and higher when on-line configuration is enabled
+.TP 6n
+\fIschema.iPlanet\fR
+Netscape-derived servers such as the iPlanet, Oracle,
+and 389 Directory Servers
+.TP 6n
+\fIschema.ActiveDirectory\fR
+Microsoft Active Directory
 .PP
-The schema for
-\fBsudo\fR
-in OpenLDAP form is also included in the
+The schema in OpenLDAP format is also included in the
 \fIEXAMPLES\fR
 section.
 .SS "Configuring ldap.conf"
@@ -1560,7 +1569,7 @@ sudoers_base   ou=SUDOers,dc=my-domain,dc=com
 # krb5_ccname /etc/.ldapcache
 .RE
 .fi
-.SS "Sudo schema for OpenLDAP"
+.SS "Sudoers schema for OpenLDAP"
 The following schema, in OpenLDAP format, is included with
 \fBsudo\fR
 source and binary distributions as
@@ -1574,6 +1583,10 @@ line in
 \fIslapd.conf\fR
 and restart
 \fBslapd\fR.
+Sites using the optional on-line configuration supported by OpenLDAP 2.3
+and higher should apply the
+\fIschema.olcSudo\fR
+file instead.
 .nf
 .sp
 .RS 2n
diff --git a/doc/sudoers.ldap.mdoc.in b/doc/sudoers.ldap.mdoc.in
index 58b3bd06f..c7ab8a827 100644
--- a/doc/sudoers.ldap.mdoc.in
+++ b/doc/sudoers.ldap.mdoc.in
@@ -13,7 +13,7 @@
 .\" ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF
 .\" OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.
 .\"
-.Dd October 28, 2018
+.Dd November 9, 2018
 .Dt SUDOERS.LDAP @mansectform@
 .Os Sudo @PACKAGE_VERSION@
 .Sh NAME
@@ -617,19 +617,26 @@ In addition, be sure to index the
 .Li sudoUser
 attribute.
 .Pp
-Three versions of the schema: one for OpenLDAP servers
-.Pq Pa schema.OpenLDAP ,
-one for Netscape-derived servers
-.Pq Pa schema.iPlanet ,
-and one for Microsoft Active Directory
-.Pq Pa schema.ActiveDirectory
-may be found in the
+The
 .Nm sudo
-distribution.
+distribution includes versions of the
+.Nm sudoers
+schema for multiple LDAP servers:
+.Bl -tag -width 4n
+.It Pa schema.OpenLDAP
+OpenLDAP slapd and
+.Ox
+ldapd
+.It Pa schema.olcSudo
+OpenLDAP slapd 2.3 and higher when on-line configuration is enabled
+.It Pa schema.iPlanet
+Netscape-derived servers such as the iPlanet, Oracle,
+and 389 Directory Servers
+.It Pa schema.ActiveDirectory
+Microsoft Active Directory
+.El
 .Pp
-The schema for
-.Nm sudo
-in OpenLDAP form is also included in the
+The schema in OpenLDAP format is also included in the
 .Sx EXAMPLES
 section.
 .Ss Configuring ldap.conf
@@ -1421,7 +1428,7 @@ sudoers_base   ou=SUDOers,dc=my-domain,dc=com
 # sasl_secprops none
 # krb5_ccname /etc/.ldapcache
 .Ed
-.Ss Sudo schema for OpenLDAP
+.Ss Sudoers schema for OpenLDAP
 The following schema, in OpenLDAP format, is included with
 .Nm sudo
 source and binary distributions as
@@ -1435,6 +1442,10 @@ line in
 .Pa slapd.conf
 and restart
 .Nm slapd .
+Sites using the optional on-line configuration supported by OpenLDAP 2.3
+and higher should apply the
+.Pa schema.olcSudo
+file instead.
 .Bd -literal -offset 2n
 attributetype ( 1.3.6.1.4.1.15953.9.1.1
    NAME 'sudoUser'
-- 
2.40.0