ldap.conf(4) ldap.conf(4)
ldap.conf - Lightweight Directory Access Protocol configuration file
/var/ns/ldap.conf
This file controls the behavior of the Lightweight Directory Access
Protocol (LDAP) client implementation for nsd. It is read by the
initialization routine of the ldap(7P) library when the nsd daemon is
started, or sent the SIGHUP signal. This file contains information about
remote LDAP daemons database schemas, and format rules.
The file is made up of comment lines, table entries, server entries and
the domain command. Comment lines begin with either a '#' or a ';'
character, and are ignored by the parser. Table entries begin with the
keyword table followed by the name of the table, and a series of
attributes. Table entries are separated by one or more blank lines.
Server entries begin with the keyword server, and are followed by a
series of attributes. Server entries are separated by one or more blank
lines.
domain [domainname]
The domain command changes the domain context. Each of the
following entries and command lines set information for this domain.
If the domainname is not given then it sets the context for the
default, or null, domain.
server hostname[:port]
A given domain may specify one or more ldap servers to send requests
to. hostname refers to the hostname of the ldap server. The
hostname may be given directly as an IP address. If no port number
is given, the default LDAP port (389) is assumed. The attribute,
attribute value pairs following the server keyword define attributes
for a particular server. Attributes include:
base Defines the distinguished name (dn) of the base for the ldap
search.
scope Defines the depth used in searching for ldap entries. The
value may be one of the following: subtree - will search all
entries below the base (default), onelevel - will search one
level below base, and sbase - will search only at the base
level.
binddn Specifies the distinguished name used in binding to the
server. This attribute is optional.
bindpwd Specifies the password used in binding to the server. This
attribute is also optional.
table tablename The table entries define the way in which the ldap
library responds to a particular request from the nsd daemon. tablename
defines the name of the map requested. The attribute list must include
the following three items:
Page 1
ldap.conf(4) ldap.conf(4)
filter_lookup
Defines the ldap filter used for lookup type searches made
against this map. The filter may contain one (or more)
strings "%s" which will be replaced by the key requested (or
a split of the key, split by the characters ",", "/" or
".".).
filter_list
Defines the ldap filter used for list type searches made
against this map.
format Defines the way in which ldap responses are formatted into
output strings. Alphanumeric strings conforming to the ldap
attribute protocol are replaced by server responses for that
attribute. If an attribute is placed inside of brackets,
and followed by a separator (eg. (MEMBERUID,)+), then
multiple responses of that attribute will be added to the
output string. If the special string "KEY" is used in the
format attribute, this string will be replaced with the key
requested by the nsd daemon.
require A particular LDAP entry will be returned only if that entry
contains a value corresponding to the named attribute.
default In the case of a split key (i.e. two substitutions in the
filter), the second substitution may be given a default
value with this attribute.
single_line
If this tag is set, multiple entries returned for a
particular query will be placed on a single output line.
The value for this tag may be null. If it is not null, the
value is interpreted as a prefix string conforming to the
format syntax defined above. This string will be placed
before the formatted output corresponding to individual ldap
entries.
Part of an example ldap.conf file follow, demonstrating the domain
command, server and table entries:
domain foo.com
server test.foo.com:390
base "o=Your Organization Name, c=US"
binddn "cn=root, o=Your Organization Name, c=US"
bindpwd secret
table group.byname
filter (&(OBJECTCLASS=POSIXGROUP)(CN=%s))
format "CN:GROUPPASSWORD:POSIXGIDNUMBER:(MEMBERUID,)+"
type lookup
/var/ns/ldap.conf
Page 2
ldap.conf(4) ldap.conf(4)
nsd(1M), ldap(7P)
IRIX Admin: Networking and Mail
P�P�P�Pa�a�a�ag�g�g�ge�e�e�e 3�3�3�3 [ Back ]
|
