mirror of
https://git.hardenedbsd.org/hardenedbsd/HardenedBSD.git
synced 2024-11-26 10:53:39 +01:00
cdb51c125a
PR: 244743 Submitted by: alex@i.org.ua Patch by: alex@i.org.ua Approved by: bcr@(mentor), 0mp MFC after: 1 day Differential Revision: https://reviews.freebsd.org/D24144
171 lines
4.3 KiB
Groff
171 lines
4.3 KiB
Groff
.\" $OpenBSD: ypldap.conf.5,v 1.19 2012/04/30 11:28:25 jmatthew Exp $
|
|
.\" $FreeBSD$
|
|
.\"
|
|
.\" Copyright (c) 2008 Pierre-Yves Ritschard <pyr@openbsd.org>
|
|
.\"
|
|
.\" Permission to use, copy, modify, and distribute this software for any
|
|
.\" purpose with or without fee is hereby granted, provided that the above
|
|
.\" copyright notice and this permission notice appear in all copies.
|
|
.\"
|
|
.\" THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES
|
|
.\" WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF
|
|
.\" MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR
|
|
.\" ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES
|
|
.\" WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN
|
|
.\" ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF
|
|
.\" OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.
|
|
.\"
|
|
.Dd $Mdocdate: March 22 2020 $
|
|
.Dt YPLDAP.CONF 5
|
|
.Os
|
|
.Sh NAME
|
|
.Nm ypldap.conf
|
|
.Nd LDAP YP map daemon configuration file
|
|
.Sh DESCRIPTION
|
|
The
|
|
.Xr ypldap 8
|
|
daemon provides YP maps using LDAP as a backend.
|
|
.Sh SECTIONS
|
|
The
|
|
.Nm
|
|
config file is divided into three main sections.
|
|
.Bl -tag -width xxxx
|
|
.It Sy Macros
|
|
User-defined variables may be defined and used later, simplifying the
|
|
configuration file.
|
|
.It Sy Global Configuration
|
|
Global settings for
|
|
.Xr ypldap 8 .
|
|
.It Sy Directories
|
|
LDAP Directory specific parameters.
|
|
.El
|
|
.Sh MACROS
|
|
Much like
|
|
.Xr cpp 1
|
|
or
|
|
.Xr m4 1 ,
|
|
macros can be defined that will later be expanded in context.
|
|
Macro names must start with a letter, digit, or underscore,
|
|
and may contain any of those characters.
|
|
Macro names may not be reserved words (for example,
|
|
.Ic domain ) .
|
|
Macros are not expanded inside quotes.
|
|
.Pp
|
|
For example:
|
|
.Bd -literal -offset indent
|
|
|
|
fixed_gecos="Pulled from LDAP"
|
|
|
|
fixed attribute gecos $fixed_gecos
|
|
.Ed
|
|
.Sh GLOBAL CONFIGURATION
|
|
Global settings concern the main behaviour of the daemon.
|
|
.Pp
|
|
.Bl -tag -width Ds -compact
|
|
.It domain Ar string
|
|
Specify the name of the NIS domain
|
|
.Nm
|
|
will provide.
|
|
.It interval Ar seconds
|
|
Specify the interval in seconds at which the whole directory will be pulled
|
|
from LDAP.
|
|
.It provide map Ar string
|
|
Specify a map that should be provided by
|
|
.Nm
|
|
The currently implemented maps are: passwd.byname, passwd.byuid,
|
|
group.byname, group.bygid.
|
|
.El
|
|
.Sh DIRECTORIES
|
|
Directories are used to describe the LDAP schema and help
|
|
.Nm
|
|
convert LDAP entries to
|
|
.Xr passwd 5 ,
|
|
.Xr master.passwd 5 ,
|
|
and
|
|
.Xr group 5
|
|
lines.
|
|
A directory declaration is of the following form:
|
|
.Bd -literal -offset indent
|
|
directory "some.host" {
|
|
# directives
|
|
}
|
|
.Ed
|
|
.Pp
|
|
Valid directives for directories are:
|
|
.Bl -tag -width Ds
|
|
.It Xo
|
|
.Ic attribute Ar name Ic maps to Ar string
|
|
.Xc
|
|
Map the
|
|
.Xr passwd 5 ,
|
|
.Xr master.passwd 5 ,
|
|
or
|
|
.Xr group 5
|
|
attribute to the LDAP attribute name supplied.
|
|
.It Ic basedn Ar string
|
|
Use the supplied search base as starting point for the directory search.
|
|
.It Ic groupdn Ar string
|
|
Use the supplied search base as starting point for the directory search for
|
|
groups.
|
|
If not supplied, the basedn value will be used.
|
|
.It Ic bindcred Ar string
|
|
Use the supplied credentials for simple authentication against the directory.
|
|
.It Ic binddn Ar string
|
|
Use the supplied Distinguished Name to bind to the directory.
|
|
.It Ic fixed attribute Ar attribute string
|
|
Do not retrieve the specified attribute from LDAP but
|
|
instead set it unconditionally to the supplied value for
|
|
every entry.
|
|
.It Ic group filter Ar string
|
|
Use the supplied LDAP filter to retrieve group entries.
|
|
.It Xo
|
|
.Ic list Ar name Ic maps to Ar string
|
|
.Xc
|
|
Map the
|
|
.Xr passwd 5 ,
|
|
.Xr master.passwd 5 ,
|
|
or
|
|
.Xr group 5
|
|
attribute to the LDAP attribute name supplied.
|
|
A list creates a comma separated list of all the LDAP attributes found.
|
|
.Pp
|
|
Valid attributes are:
|
|
.Pp
|
|
.Bl -tag -width groupmembers -offset indent -compact
|
|
.It Ic name
|
|
.It Ic passwd
|
|
.It Ic uid
|
|
.It Ic gid
|
|
.It Ic gecos
|
|
.It Ic home
|
|
.It Ic shell
|
|
.It Ic change
|
|
.It Ic expire
|
|
.It Ic class
|
|
.It Ic groupname
|
|
.It Ic grouppasswd
|
|
.It Ic groupgid
|
|
.It Ic groupmembers
|
|
.El
|
|
.It Ic passwd filter Ar string
|
|
Use the supplied LDAP filter to retrieve password entries.
|
|
.El
|
|
.Sh FILES
|
|
.Bl -tag -width "/etc/ypldap.conf" -compact
|
|
.It Pa /etc/ypldap.conf
|
|
.Xr ypldap 8
|
|
configuration file.
|
|
.It Pa /usr/share/examples/ypldap/ypldap.conf
|
|
.Xr ypldap 8
|
|
configuration file example.
|
|
.El
|
|
.Sh SEE ALSO
|
|
.Xr ypbind 8 ,
|
|
.Xr ypldap 8 ,
|
|
.Xr ypserv 8
|
|
.Sh HISTORY
|
|
The
|
|
.Nm
|
|
file format first appeared in
|
|
.Ox 4.4 .
|