1.\" $OpenBSD: ypldap.conf.5,v 1.19 2012/04/30 11:28:25 jmatthew Exp $ 2.\" $FreeBSD$ 3.\" 4.\" Copyright (c) 2008 Pierre-Yves Ritschard <pyr@openbsd.org> 5.\" 6.\" Permission to use, copy, modify, and distribute this software for any 7.\" purpose with or without fee is hereby granted, provided that the above 8.\" copyright notice and this permission notice appear in all copies. 9.\" 10.\" THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES 11.\" WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF 12.\" MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR 13.\" ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES 14.\" WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN 15.\" ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF 16.\" OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE. 17.\" 18.Dd $Mdocdate: April 30 2012 $ 19.Dt YPLDAP.CONF 5 20.Os 21.Sh NAME 22.Nm ypldap.conf 23.Nd LDAP YP map daemon configuration file 24.Sh DESCRIPTION 25The 26.Xr ypldap 8 27daemon provides YP maps using LDAP as a backend. 28.Sh SECTIONS 29The 30.Nm 31config file is divided into three main sections. 32.Bl -tag -width xxxx 33.It Sy Macros 34User-defined variables may be defined and used later, simplifying the 35configuration file. 36.It Sy Global Configuration 37Global settings for 38.Xr ypldap 8 . 39.It Sy Directories 40LDAP Directory specific parameters. 41.El 42.Sh MACROS 43Much like 44.Xr cpp 1 45or 46.Xr m4 1 , 47macros can be defined that will later be expanded in context. 48Macro names must start with a letter, digit, or underscore, 49and may contain any of those characters. 50Macro names may not be reserved words (for example, 51.Ic domain ) . 52Macros are not expanded inside quotes. 53.Pp 54For example: 55.Bd -literal -offset indent 56 57fixed_gecos="Pulled from LDAP" 58 59fixed attribute gecos $fixed_gecos 60.Ed 61.Sh GLOBAL CONFIGURATION 62Global settings concern the main behaviour of the daemon. 63.Pp 64.Bl -tag -width Ds -compact 65.It domain Ar string 66Specify the name of the NIS domain 67.Nm 68will provide. 69.It interval Ar seconds 70Specify the interval in seconds at which the whole directory will be pulled 71from LDAP. 72.It provide map Ar string 73Specify a map that should be provided by 74.Nm 75The currently implemented maps are: passwd.byname, passwd.byuid, 76group.byname, group.bygid. 77.El 78.Sh DIRECTORIES 79Directories are used to describe the LDAP schema and help 80.Nm 81convert LDAP entries to 82.Xr passwd 5 , 83.Xr master.passwd 5 , 84and 85.Xr group 5 86lines. 87A directory declaration is of the following form: 88.Bd -literal -offset indent 89directory "some.host" { 90 # directives 91} 92.Ed 93.Pp 94Valid directives for directories are: 95.Bl -tag -width Ds 96.It Xo 97.Ic attribute Ar name Ic maps to Ar string 98.Xc 99Map the 100.Xr passwd 5 , 101.Xr master.passwd 5 , 102or 103.Xr group 5 104attribute to the LDAP attribute name supplied. 105.It Ic basedn Ar string 106Use the supplied search base as starting point for the directory search. 107.It Ic groupdn Ar string 108Use the supplied search base as starting point for the directory search for 109groups. 110If not supplied, the basedn value will be used. 111.It Ic bindcred Ar string 112Use the supplied credentials for simple authentication against the directory. 113.It Ic binddn Ar string 114Use the supplied Distinguished Name to bind to the directory. 115.It Ic fixed attribute Ar attribute string 116Do not retrieve the specified attribute from LDAP but 117instead set it unconditionally to the supplied value for 118every entry. 119.It Ic group filter Ar string 120Use the supplied LDAP filter to retrieve group entries. 121.It Xo 122.Ic list Ar name Ic maps to Ar string 123.Xc 124Map the 125.Xr passwd 5 , 126.Xr master.passwd 5 , 127or 128.Xr group 5 129attribute to the LDAP attribute name supplied. 130A list creates a comma separated list of all the LDAP attributes found. 131.Pp 132Valid attributes are: 133.Pp 134.Bl -tag -width groupmembers -offset indent -compact 135.It Ic name 136.It Ic passwd 137.It Ic uid 138.It Ic gid 139.It Ic gecos 140.It Ic home 141.It Ic shell 142.It Ic change 143.It Ic expire 144.It Ic class 145.It Ic groupname 146.It Ic grouppasswd 147.It Ic groupgid 148.It Ic groupmembers 149.El 150.It Ic passwd filter Ar string 151Use the supplied LDAP filter to retrieve password entries. 152.El 153.Sh FILES 154.Bl -tag -width "/etc/ypldap.conf" -compact 155.It Pa /etc/ypldap.conf 156.Xr ypldap 8 157configuration file. 158.El 159.Sh SEE ALSO 160.Xr ypbind 8 , 161.Xr ypldap 8 , 162.Xr ypserv 8 163.Sh HISTORY 164The 165.Nm 166file format first appeared in 167.Ox 4.4 . 168