1.\" $OpenBSD: ypldap.conf.5,v 1.19 2012/04/30 11:28:25 jmatthew Exp $ 2.\" 3.\" Copyright (c) 2008 Pierre-Yves Ritschard <pyr@openbsd.org> 4.\" 5.\" Permission to use, copy, modify, and distribute this software for any 6.\" purpose with or without fee is hereby granted, provided that the above 7.\" copyright notice and this permission notice appear in all copies. 8.\" 9.\" THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES 10.\" WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF 11.\" MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR 12.\" ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES 13.\" WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN 14.\" ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF 15.\" OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE. 16.\" 17.Dd $Mdocdate: March 22 2020 $ 18.Dt YPLDAP.CONF 5 19.Os 20.Sh NAME 21.Nm ypldap.conf 22.Nd LDAP YP map daemon configuration file 23.Sh DESCRIPTION 24The 25.Xr ypldap 8 26daemon provides YP maps using LDAP as a backend. 27.Sh SECTIONS 28The 29.Nm 30config file is divided into three main sections. 31.Bl -tag -width xxxx 32.It Sy Macros 33User-defined variables may be defined and used later, simplifying the 34configuration file. 35.It Sy Global Configuration 36Global settings for 37.Xr ypldap 8 . 38.It Sy Directories 39LDAP Directory specific parameters. 40.El 41.Sh MACROS 42Much like 43.Xr cpp 1 44or 45.Xr m4 1 , 46macros can be defined that will later be expanded in context. 47Macro names must start with a letter, digit, or underscore, 48and may contain any of those characters. 49Macro names may not be reserved words (for example, 50.Ic domain ) . 51Macros are not expanded inside quotes. 52.Pp 53For example: 54.Bd -literal -offset indent 55 56fixed_gecos="Pulled from LDAP" 57 58fixed attribute gecos $fixed_gecos 59.Ed 60.Sh GLOBAL CONFIGURATION 61Global settings concern the main behaviour of the daemon. 62.Pp 63.Bl -tag -width Ds -compact 64.It domain Ar string 65Specify the name of the NIS domain 66.Nm 67will provide. 68.It interval Ar seconds 69Specify the interval in seconds at which the whole directory will be pulled 70from LDAP. 71.It provide map Ar string 72Specify a map that should be provided by 73.Nm 74The currently implemented maps are: passwd.byname, passwd.byuid, 75group.byname, group.bygid. 76.El 77.Sh DIRECTORIES 78Directories are used to describe the LDAP schema and help 79.Nm 80convert LDAP entries to 81.Xr passwd 5 , 82.Xr master.passwd 5 , 83and 84.Xr group 5 85lines. 86A directory declaration is of the following form: 87.Bd -literal -offset indent 88directory "some.host" { 89 # directives 90} 91.Ed 92.Pp 93Valid directives for directories are: 94.Bl -tag -width Ds 95.It Xo 96.Ic attribute Ar name Ic maps to Ar string 97.Xc 98Map the 99.Xr passwd 5 , 100.Xr master.passwd 5 , 101or 102.Xr group 5 103attribute to the LDAP attribute name supplied. 104.It Ic basedn Ar string 105Use the supplied search base as starting point for the directory search. 106.It Ic groupdn Ar string 107Use the supplied search base as starting point for the directory search for 108groups. 109If not supplied, the basedn value will be used. 110.It Ic bindcred Ar string 111Use the supplied credentials for simple authentication against the directory. 112.It Ic binddn Ar string 113Use the supplied Distinguished Name to bind to the directory. 114.It Ic fixed attribute Ar attribute string 115Do not retrieve the specified attribute from LDAP but 116instead set it unconditionally to the supplied value for 117every entry. 118.It Ic group filter Ar string 119Use the supplied LDAP filter to retrieve group entries. 120.It Xo 121.Ic list Ar name Ic maps to Ar string 122.Xc 123Map the 124.Xr passwd 5 , 125.Xr master.passwd 5 , 126or 127.Xr group 5 128attribute to the LDAP attribute name supplied. 129A list creates a comma separated list of all the LDAP attributes found. 130.Pp 131Valid attributes are: 132.Pp 133.Bl -tag -width groupmembers -offset indent -compact 134.It Ic name 135.It Ic passwd 136.It Ic uid 137.It Ic gid 138.It Ic gecos 139.It Ic home 140.It Ic shell 141.It Ic change 142.It Ic expire 143.It Ic class 144.It Ic groupname 145.It Ic grouppasswd 146.It Ic groupgid 147.It Ic groupmembers 148.El 149.It Ic passwd filter Ar string 150Use the supplied LDAP filter to retrieve password entries. 151.El 152.Sh FILES 153.Bl -tag -width "/etc/ypldap.conf" -compact 154.It Pa /etc/ypldap.conf 155.Xr ypldap 8 156configuration file. 157.It Pa /usr/share/examples/ypldap/ypldap.conf 158.Xr ypldap 8 159configuration file example. 160.El 161.Sh SEE ALSO 162.Xr ypbind 8 , 163.Xr ypldap 8 , 164.Xr ypserv 8 165.Sh HISTORY 166The 167.Nm 168file format first appeared in 169.Ox 4.4 . 170