Museum

Home

Lab Overview

Retrotechnology Articles

Online Manuals

⇒ ldap.conf(4) — IRIX 6.5.3f

Media Vault

Software Library

Restoration Projects

Artifacts Sought

Related Articles

nsd(1M)

ldap(7P)



ldap.conf(4)                                                      ldap.conf(4)



NAME
     ldap.conf - Lightweight Directory Access Protocol configuration file

SYNOPSIS
     /var/ns/ldap.conf

DESCRIPTION
     This file controls the behavior of the Lightweight Directory Access
     Protocol (LDAP) client implementation for nsd.  It is read by the
     initialization routine of the ldap(7P) library when the nsd daemon is
     started, or sent the SIGHUP signal.  This file contains information about
     remote LDAP daemons database schemas, and format rules.

     The file is made up of comment lines, table entries, server entries and
     the domain command.  Comment lines begin with either a '#' or a ';'
     character, and are ignored by the parser.  Table entries begin with the
     keyword table followed by the name of the table, and a series of
     attributes.  Table entries are separated by one or more blank lines.
     Server entries begin with the keyword server, and are followed by a
     series of attributes.  Server entries are separated by one or more blank
     lines.

     domain [domainname]
          The domain command changes the domain context.  Each of the
          following entries and command lines set information for this domain.
          If the domainname is not given then it sets the context for the
          default, or null, domain.

     server hostname[:port]
          A given domain may specify one or more ldap servers to send requests
          to.  hostname refers to the hostname of the ldap server.  The
          hostname may be given directly as an IP address.  If no port number
          is given, the default LDAP port (389) is assumed.  The attribute,
          attribute value pairs following the server keyword define attributes
          for a particular server.  Attributes include:

          base    Defines the distinguished name (dn) of the base for the ldap
                  search.
          scope   Defines the depth used in searching for ldap entries.  The
                  value may be one of the following: subtree - will search all
                  entries below the base (default), onelevel - will search one
                  level below base, and sbase - will search only at the base
                  level.
          binddn  Specifies the distinguished name used in binding to the
                  server.  This attribute is optional.
          bindpwd Specifies the password used in binding to the server.  This
                  attribute is also optional.

     table tablename The table entries define the way in which the ldap
     library responds to a particular request from the nsd daemon. tablename
     defines the name of the map requested. The attribute list must include
     the following three items:



                                                                        Page 1





ldap.conf(4)                                                      ldap.conf(4)



          filterlookup
                  Defines the ldap filter used for lookup type searches made
                  against this map. The filter may contain one (or more)
                  strings "%s" which will be replaced by the key requested (or
                  a split of the key, split by the characters ",", "/" or
                  ".".).
          filterlist
                  Defines the ldap filter used for list type searches made
                  against this map.
          format  Defines the way in which ldap responses are formatted into
                  output strings.  Alphanumeric strings conforming to the ldap
                  attribute protocol are replaced by server responses for that
                  attribute.  If an attribute is placed inside of brackets,
                  and followed by a separator (eg. (MEMBERUID,)+), then
                  multiple responses of that attribute will be added to the
                  output string.  If the special string "KEY" is used in the
                  format attribute, this string will be replaced with the key
                  requested by the nsd daemon.
          require A particular LDAP entry will be returned only if that entry
                  contains a value corresponding to the named attribute.
          default In the case of a split key (i.e. two substitutions in the
                  filter), the second substitution may be given a default
                  value with this attribute.
          singleline
                  If this tag is set, multiple entries returned for a
                  particular query will be placed on a single output line.
                  The value for this tag may be null.  If it is not null, the
                  value is interpreted as a prefix string conforming to the
                  format syntax defined above.  This string will be placed
                  before the formatted output corresponding to individual ldap
                  entries.

EXAMPLE
     Part of an example ldap.conf file follow, demonstrating the domain
     command, server and table entries:

     domain  foo.com

     server  test.foo.com:390
     base    "o=Your Organization Name, c=US"
     binddn  "cn=root, o=Your Organization Name, c=US"
     bindpwd secret

     table   group.byname
     filter  (&(OBJECTCLASS=POSIXGROUP)(CN=%s))
     format  "CN:GROUPPASSWORD:POSIXGIDNUMBER:(MEMBERUID,)+"
     type    lookup

FILES
     /var/ns/ldap.conf





                                                                        Page 2





ldap.conf(4)                                                      ldap.conf(4)



SEE ALSO
     nsd(1M), ldap(7P)

     IRIX Admin: Networking and Mail



















































                                                                        Page 3



Typewritten Software • bear@typewritten.org • Edmonds, WA 98026