xref: /freebsd/usr.sbin/ypldap/ypldap.conf.5 (revision ebacd8013fe5f7fdf9f6a5b286f6680dd2891036)
1.\"	$OpenBSD: ypldap.conf.5,v 1.19 2012/04/30 11:28:25 jmatthew Exp $
2.\"	$FreeBSD$
3.\"
4.\" Copyright (c) 2008 Pierre-Yves Ritschard <pyr@openbsd.org>
5.\"
6.\" Permission to use, copy, modify, and distribute this software for any
7.\" purpose with or without fee is hereby granted, provided that the above
8.\" copyright notice and this permission notice appear in all copies.
9.\"
10.\" THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES
11.\" WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF
12.\" MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR
13.\" ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES
14.\" WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN
15.\" ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF
16.\" OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.
17.\"
18.Dd $Mdocdate: March 22 2020 $
19.Dt YPLDAP.CONF 5
20.Os
21.Sh NAME
22.Nm ypldap.conf
23.Nd LDAP YP map daemon configuration file
24.Sh DESCRIPTION
25The
26.Xr ypldap 8
27daemon provides YP maps using LDAP as a backend.
28.Sh SECTIONS
29The
30.Nm
31config file is divided into three main sections.
32.Bl -tag -width xxxx
33.It Sy Macros
34User-defined variables may be defined and used later, simplifying the
35configuration file.
36.It Sy Global Configuration
37Global settings for
38.Xr ypldap 8 .
39.It Sy Directories
40LDAP Directory specific parameters.
41.El
42.Sh MACROS
43Much like
44.Xr cpp 1
45or
46.Xr m4 1 ,
47macros can be defined that will later be expanded in context.
48Macro names must start with a letter, digit, or underscore,
49and may contain any of those characters.
50Macro names may not be reserved words (for example,
51.Ic domain ) .
52Macros are not expanded inside quotes.
53.Pp
54For example:
55.Bd -literal -offset indent
56
57fixed_gecos="Pulled from LDAP"
58
59fixed attribute gecos $fixed_gecos
60.Ed
61.Sh GLOBAL CONFIGURATION
62Global settings concern the main behaviour of the daemon.
63.Pp
64.Bl -tag -width Ds -compact
65.It domain Ar string
66Specify the name of the NIS domain
67.Nm
68will provide.
69.It interval Ar seconds
70Specify the interval in seconds at which the whole directory will be pulled
71from LDAP.
72.It provide map Ar string
73Specify a map that should be provided by
74.Nm
75The currently implemented maps are: passwd.byname, passwd.byuid,
76group.byname, group.bygid.
77.El
78.Sh DIRECTORIES
79Directories are used to describe the LDAP schema and help
80.Nm
81convert LDAP entries to
82.Xr passwd 5 ,
83.Xr master.passwd 5 ,
84and
85.Xr group 5
86lines.
87A directory declaration is of the following form:
88.Bd -literal -offset indent
89directory "some.host" {
90	# directives
91}
92.Ed
93.Pp
94Valid directives for directories are:
95.Bl -tag -width Ds
96.It Xo
97.Ic attribute Ar name Ic maps to Ar string
98.Xc
99Map the
100.Xr passwd 5 ,
101.Xr master.passwd 5 ,
102or
103.Xr group 5
104attribute to the LDAP attribute name supplied.
105.It Ic basedn Ar string
106Use the supplied search base as starting point for the directory search.
107.It Ic groupdn Ar string
108Use the supplied search base as starting point for the directory search for
109groups.
110If not supplied, the basedn value will be used.
111.It Ic bindcred Ar string
112Use the supplied credentials for simple authentication against the directory.
113.It Ic binddn Ar string
114Use the supplied Distinguished Name to bind to the directory.
115.It Ic fixed attribute Ar attribute string
116Do not retrieve the specified attribute from LDAP but
117instead set it unconditionally to the supplied value for
118every entry.
119.It Ic group filter Ar string
120Use the supplied LDAP filter to retrieve group entries.
121.It Xo
122.Ic list Ar name Ic maps to Ar string
123.Xc
124Map the
125.Xr passwd 5 ,
126.Xr master.passwd 5 ,
127or
128.Xr group 5
129attribute to the LDAP attribute name supplied.
130A list creates a comma separated list of all the LDAP attributes found.
131.Pp
132Valid attributes are:
133.Pp
134.Bl -tag -width groupmembers -offset indent -compact
135.It Ic name
136.It Ic passwd
137.It Ic uid
138.It Ic gid
139.It Ic gecos
140.It Ic home
141.It Ic shell
142.It Ic change
143.It Ic expire
144.It Ic class
145.It Ic groupname
146.It Ic grouppasswd
147.It Ic groupgid
148.It Ic groupmembers
149.El
150.It Ic passwd filter Ar string
151Use the supplied LDAP filter to retrieve password entries.
152.El
153.Sh FILES
154.Bl -tag -width "/etc/ypldap.conf" -compact
155.It Pa /etc/ypldap.conf
156.Xr ypldap 8
157configuration file.
158.It Pa /usr/share/examples/ypldap/ypldap.conf
159.Xr ypldap 8
160configuration file example.
161.El
162.Sh SEE ALSO
163.Xr ypbind 8 ,
164.Xr ypldap 8 ,
165.Xr ypserv 8
166.Sh HISTORY
167The
168.Nm
169file format first appeared in
170.Ox 4.4 .
171