YPLDAP.CONF(5) OpenBSD Programmer's Manual YPLDAP.CONF(5)NAMEypldap.conf - LDAP YP map daemon configuration file
DESCRIPTION
The ypldap(8) daemon provides YP maps using LDAP as a backend.
SECTIONS
The ypldap.conf config file is divided into three main sections.
Macros
User-defined variables may be defined and used later, simplifying
the configuration file.
Global Configuration
Global settings for ypldap(8).
Directories
LDAP Directory specific parameters.
MACROS
Much like cpp(1) or m4(1), macros can be defined that will later be
expanded in context. Macro names must start with a letter, and may
contain letters, digits, and underscores. Macro names may not be
reserved words (for example, domain). Macros are not expanded inside
quotes.
For example:
fixed_gecos="Pulled from LDAP"
fixed attribute gecos $fixed_gecos
GLOBAL CONFIGURATION
Global settings concern the main behaviour of the daemon.
domain string
Specify the name of the NIS domain ypldap.conf will provide.
interval seconds
Specify the interval in seconds at which the whole directory will
be pulled from LDAP.
provide map string
Specify a map that should be provided by ypldap.conf The
currently implemented maps are: passwd.byname, passwd.byuid,
group.byname, group.bygid.
DIRECTORIES
Directories are used to describe the LDAP schema and help ypldap.conf
convert LDAP entries to passwd(5), master.passwd(5), and group(5) lines.
A directory declaration is of the following form:
directory "some.host" {
# directives
}
Valid directives for directories are:
attribute name maps to string
Map the passwd(5), master.passwd(5), or group(5) attribute to the
LDAP attribute name supplied.
basedn string
Use the supplied search base as starting point for the directory
search.
bindcred string
Use the supplied credentials for simple authentication against
the directory.
binddn string
Use the supplied Distinguished Name to bind to the directory.
fixed attribute attribute string
Do not retrieve the specified attribute from LDAP but instead set
it unconditionally to the supplied value for every entry.
group filter string
Use the supplied LDAP filter to retrieve group entries.
list name maps to string
Map the passwd(5), master.passwd(5), or group(5) attribute to the
LDAP attribute name supplied. A list creates a comma separated
list of all the LDAP attributes found.
Valid attributes are:
name
passwd
uid
gid
gecos
home
shell
change
expire
class
groupname
grouppasswd
groupgid
groupmembers
passwd filter string
Use the supplied LDAP filter to retrieve password entries.
DIRECTORY EXAMPLE
This configuration searches the LDAP directory 127.0.0.1 for users and
groups. On the LDAP side the RFC 2307 object classes posixAccount and
posixGroup are used. In this example the attributes are either mapped to
their corresponding LDAP attributes or a fixed value. A list directive
is used for the groupmembers attribute because the ldap memberUid returns
multiple group members.
directory "127.0.0.1" {
# directory options
binddn "cn=Manager,dc=openbsd,dc=org"
bindcred "secret"
basedn "ou=Users,dc=openbsd,dc=org"
# passwd maps configuration
passwd filter "(objectClass=posixAccount)"
attribute name maps to "uid"
fixed attribute passwd "*"
attribute uid maps to "uidNumber"
attribute gid maps to "gidNumber"
attribute gecos maps to "cn"
attribute home maps to "homeDirectory"
attribute shell maps to "loginShell"
fixed attribute change "0"
fixed attribute expire "0"
fixed attribute class "ldap"
# group maps configuration
group filter "(objectClass=posixGroup)"
attribute groupname maps to "cn"
fixed attribute grouppasswd "*"
attribute groupgid maps to "gidNumber"
list groupmembers maps to "memberUid"
}
FILES
/etc/ypldap.conf ypldap(8) configuration file.
SEE ALSOypbind(8), ypldap(8), ypserv(8)HISTORY
The ypldap.conf file format first appeared in OpenBSD 4.4.
OpenBSD 4.9 June 3, 2010 OpenBSD 4.9
