OpenBSD-4.6/usr.sbin/ypldap/ypldap.conf.5

Compare this file to the similar file:
Show the results in this format: 

.\"	$OpenBSD: ypldap.conf.5,v 1.13 2009/02/16 08:27:20 jmc Exp $
.\"
.\" Copyright (c) 2008 Pierre-Yves Ritschard <pyr@openbsd.org>
.\"
.\" Permission to use, copy, modify, and distribute this software for any
.\" purpose with or without fee is hereby granted, provided that the above
.\" copyright notice and this permission notice appear in all copies.
.\"
.\" THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES
.\" WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF
.\" MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR
.\" ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES
.\" WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN
.\" ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF
.\" OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.
.\"
.Dd $Mdocdate: February 16 2009 $
.Dt YPLDAP.CONF 5
.Os
.Sh NAME
.Nm ypldap.conf
.Nd LDAP YP map daemon configuration file
.Sh DESCRIPTION
The
.Xr ypldap 8
daemon provides YP maps using LDAP as a backend.
.Sh SECTIONS
The
.Nm
config file is divided into three main sections.
.Bl -tag -width xxxx
.It Sy Macros
User-defined variables may be defined and used later, simplifying the
configuration file.
.It Sy Global Configuration
Global settings for
.Xr ypldap 8 .
.It Sy Directories
LDAP Directory specific parameters.
.El
.Sh MACROS
Much like
.Xr cpp 1
or
.Xr m4 1 ,
macros can be defined that will later be expanded in context.
Macro names must start with a letter, and may contain letters, digits,
and underscores.
Macro names may not be reserved words (for example,
.Ic cost ) .
Macros are not expanded inside quotes.
.Pp
For example:
.Bd -literal -offset indent

fixed_gecos="Pulled from LDAP"

fixed attribute gecos $fixed_gecos
.Ed
.Sh GLOBAL CONFIGURATION
Global settings concern the main behaviour of the daemon.
.Pp
.Bl -tag -width Ds -compact
.It domain Ar string
Specify the name of the NIS domain
.Nm
will provide.
.It interval Ar seconds
Specify the interval in seconds at which the whole directory will be pulled
from LDAP.
.It provide map Ar string
Specify a map that should be provided by
.Nm
The currently implemented maps are: passwd.byname, passwd.byuid,
group.byname, group.bygid.
.El
.Sh DIRECTORIES
Directories are used to describe the LDAP schema and help
.Nm
convert LDAP entries to
.Xr passwd 5 ,
.Xr master.passwd 5 ,
and
.Xr group 5
lines.
A directory declaration is of the following form:
.Bd -literal -offset indent
directory "some.host" {
	# directives
}
.Ed
.Pp
Valid directives for directories are:
.Bl -tag -width Ds
.It Xo
.Ic attribute Ar name Ic maps to Ar string
.Xc
Map the
.Xr passwd 5 ,
.Xr master.passwd 5 ,
or
.Xr group 5
attribute to the LDAP attribute name supplied.
.It Ic basedn Ar string
Use the supplied search base as starting point for the directory search.
.It Ic bindcred Ar string
Use the supplied credentials for simple authentication against the directory.
.It Ic binddn Ar string
Use the supplied Distinguished Name to bind to the directory.
.It Ic fixed attribute Ar attribute string
Do not retrieve the specified attribute from LDAP but
instead set it unconditionally to the supplied value for
every entry.
.It Ic group filter Ar string
Use the supplied LDAP filter to retrieve group entries.
.It Xo
.Ic list Ar name Ic maps to Ar string
.Xc
Map the
.Xr passwd 5 ,
.Xr master.passwd 5 ,
or
.Xr group 5
attribute to the LDAP attribute name supplied.
A list creates a comma separated list of all the LDAP attributes found.
.Pp
Valid attributes are:
.Pp
.Bl -tag -width groupmembers -offset indent -compact
.It Ic name
.It Ic passwd
.It Ic uid
.It Ic gid
.It Ic gecos
.It Ic home
.It Ic shell
.It Ic change
.It Ic expire
.It Ic class
.It Ic groupname
.It Ic grouppasswd
.It Ic groupgid
.It Ic groupmembers
.El
.It Ic passwd filter Ar string
Use the supplied LDAP filter to retrieve password entries.
.El
.Sh DIRECTORY EXAMPLE
This configuration searches the LDAP directory 127.0.0.1 for users and groups.
On the LDAP side the RFC 2307 object classes posixAccount and posixGroup
are used.
In this example the attributes are either mapped to
their corresponding LDAP attributes or a fixed value.
A list directive is used for the groupmembers attribute
because the ldap memberUid returns multiple group members.
.Pp
.Bd -literal -offset indent
directory "127.0.0.1" {
        # directory options
        binddn "cn=Manager,dc=openbsd,dc=org"
        bindcred "secret"
        basedn "ou=Users,dc=openbsd,dc=org"

	# passwd maps configuration
        passwd filter "(objectClass=posixAccount)"

        attribute name maps to "uid"
        fixed attribute passwd "*"
        attribute uid maps to "uidNumber"
        attribute gid maps to "gidNumber"
        attribute gecos maps to "cn"
        attribute home maps to "homeDirectory"
        fixed attribute shell "/bin/ksh"
        fixed attribute change "0"
        fixed attribute expire "0"
        fixed attribute class "ldap"

        # group maps configuration
        group filter "(objectClass=posixGroup)"

        attribute groupname maps to "cn"
        fixed attribute grouppasswd "*"
        attribute groupgid maps to "gidNumber"
        list groupmembers maps to "memberUid"
}
.Ed
.Sh FILES
.Bl -tag -width "/etc/ypldap.conf" -compact
.It Pa /etc/ypldap.conf
.Xr ypldap 8
configuration file.
.El
.Sh SEE ALSO
.Xr ypbind 8 ,
.Xr ypldap 8 ,
.Xr ypserv 8
.Rs
.Sh HISTORY
The
.Nm
file format first appeared in
.Ox 4.4 .