Fix documentation of ldap_map_principal hook

Fix the Wallet::Config documentation for the ldap-attr verifier to
reference an ldap_map_principal hook, not ldap_map_attribute, matching
the implementation.

Change-Id: I258edcf69d4dcb3d2ec8dc66db4b768d91645fc4
Reviewed-on: https://gerrit.stanford.edu/1204
Reviewed-by: Russ Allbery <rra@stanford.edu>
Tested-by: Russ Allbery <rra@stanford.edu>

2 files changed, 6 insertions, 2 deletions

diff --git a/NEWS b/NEWS
index 460d475..5ff85d0 100644
--- a/NEWS
+++ b/NEWS
@@ -5,6 +5,10 @@ wallet 1.1 (unreleased)
     Fix the code to set enctype restrictions for keytab objects in the
     wallet server.
 
+    Fix the Wallet::Config documentation for the ldap-attr verifier to
+    reference an ldap_map_principal hook, not ldap_map_attribute, matching
+    the implementation.
+
 wallet 1.0 (2013-03-27)
 
     Owners of wallet objects are now allowed to destroy them.  In previous
diff --git a/perl/Wallet/Config.pm b/perl/Wallet/Config.pm
index af153e7..c3f6d15 100644
--- a/perl/Wallet/Config.pm
+++ b/perl/Wallet/Config.pm
@@ -511,7 +511,7 @@ matches the Kerberos principal.  The attribute designated by
 LDAP_FILTER_ATTR may instead hold a transformation of the principal name
 (such as the principal with the local realm stripped off, or rewritten
 into an LDAP DN form).  If this is the case, define a Perl function named
-ldap_map_attribute.  This function will be called whenever an LDAP
+ldap_map_principal.  This function will be called whenever an LDAP
 attribute ACL is being verified.  It will take one argument, the
 principal, and is expected to return the value to search for in the LDAP
 directory server.
@@ -520,7 +520,7 @@ For example, if the principal name without the local realm is stored in
 the C<uid> attribute in the directory, set LDAP_FILTER_ATTR to C<uid> and
 then define ldap_map_attribute as follows:
 
-    sub ldap_map_attribute {
+    sub ldap_map_principal {
         my ($principal) = @_;
         $principal =~ s/\@EXAMPLE\.COM$//;
         return $principal;