ChorusOS man pages section 4CC: Files

ldap.conf(4CC)

NAME

ldap.conf- LDAP configuration file

SYNOPSIS

/etc/ldap.conf

DESCRIPTION

The ldap.conf file contains information regarding the location of the LDAP server for password management in the ChorusOS operating system.

The /etc/ldap.conf file contains:

SERVER: Used to specify the name(s) or IP address of the LDAP server(s) to which the LDAP library should connect. The name of each server can be specified as a domain-style name or an IP address and can optionally followed by a : and by the the port number that the LDAP server is on. A space separated listed of hosts can be provided.

Example: server: 122.155.122.82
PORT: Used to specify the port used for connecting to LDAP servers(s). The port can be specified as a number.

Example: PORT: 389
BASE: An LDAP server is similar to a directory tree. In BASE, you specify the root of your tree. Used to specify the default base Distinguished Name (DN).

Example: BASE: dc=sun, dc=com
bindmaxtime: Maximum time in seconds to wait for a connection to the LDAP server.

Example: bindmaxtime: 10
searchmaxtime: Maximum time in seconds to search for an entry in the LDAP server.

Example: searchmaxtime: 10

EXTENDED DESCRIPTION

In an LDAP database, the password and group object are stored in two object classes named PosixAccount and PosixGroup. The PosixAccount object class requires:

dn
object class
cn
uid
uidNumber
gidNumber
homeDirectory

The PosixAccount object class allows:

userPassword
loginShell
gecos
description

The PosixGroup object class requires:

object class
cn
gidNumber

The PosixGroup object class allows:

userPassword
memberUid
description

An LDAP search filter [RFC2254] can be used to satisfy the function call, and is included next to each function name. Parameters are denoted by %s and %d for string and integer arguments, respectively.

getpwnam() (&(objectclass=posixAccount) (uid=%s))
getpwuid() (&(objectclass=posixAccount)(uidNumber=%d))
getpwent() (objectclass=posixAccount)
getgrnam() (&(objectclass=posixGroup)(cn=%s))
getgrgid() (&(objectclass=posixGroup)(gidNumber=%d))
getgrent() (objectclass=posixGroup)

There are three search modes for password databases:

Plain files: to search through plain files only.
Plain files then NIS: to search through plain files. If not found, then searches on a NIS server.
Plain files then LDAP: to search through plain files. If not found, then searches on a LDAP server.

The switch between plain files and NIS is made by looking at the password database for an entry indexed by _PW_KEYYPENABLED. This entry is added by the pwd_mkdb(1M) command when run on a master.passwd file, where it finds one or more usernames replaced by + or -.

The switch between plain files and LDAP is made by adding a tag in the master.passwd file: %ldap. When the password database is created using the pwd_mkdb command, an entry is added indexed by _PW_KEYLDAPENABLED.

Note -

NIS or LDAP are mutualy exclusive. Checking takes place when the database is built using the pwd_mkdb command.

The /etc/ldap.conf configuration file must be added to locate the LDAP server.

EXAMPLES

Here is a typical example of a PosixAccount object class:

dn: uid=lester, dc=sun, dc=com

object class: top

object class: account

object class: posixAccount

uid: lester

cn: Lester the Nightfly

userPassword: {crypt}X5/DBrWPOQQaI

gecos: Lester

loginShell: /bin/csh

uidNumber: 10

gidNumber: 10

homeDirectory: /home/lester

Here is an example of an ldap.conf file:

server: 129.157.192.84

port:389

base:dc=sun,dc=com

bindmaxtime:10

searchmaxtime:10

FILES

/etc/ldap.conf

Sample files are also provided to help you to use the LDAP password/group management facility. These are:

os/etc/sample/master.passwd.ldap
os/etc/sample/group.ldap
os/etc/sample/ldap.conf

ATTRIBUTES

See attributes(5) for descriptions of the following attributes:

ATTRIBUTE TYPE	ATTRIBUTE VALUE
Interface Stability	Evolving