1 .\" $OpenBSD: ypldap.conf.5,v 1.19 2012/04/30 11:28:25 jmatthew Exp $
4 .\" Copyright (c) 2008 Pierre-Yves Ritschard <pyr@openbsd.org>
6 .\" Permission to use, copy, modify, and distribute this software for any
7 .\" purpose with or without fee is hereby granted, provided that the above
8 .\" copyright notice and this permission notice appear in all copies.
10 .\" THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES
11 .\" WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF
12 .\" MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR
13 .\" ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES
14 .\" WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN
15 .\" ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF
16 .\" OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.
18 .Dd $Mdocdate: January 13 2016 $
23 .Nd LDAP YP map daemon configuration file
27 daemon provides YP maps using LDAP as a backend.
31 config file is divided into three main sections.
34 User-defined variables may be defined and used later, simplifying the
36 .It Sy Global Configuration
40 LDAP Directory specific parameters.
47 macros can be defined that will later be expanded in context.
48 Macro names must start with a letter, digit, or underscore,
49 and may contain any of those characters.
50 Macro names may not be reserved words (for example,
52 Macros are not expanded inside quotes.
55 .Bd -literal -offset indent
57 fixed_gecos="Pulled from LDAP"
59 fixed attribute gecos $fixed_gecos
61 .Sh GLOBAL CONFIGURATION
62 Global settings concern the main behaviour of the daemon.
64 .Bl -tag -width Ds -compact
66 Specify the name of the NIS domain
69 .It interval Ar seconds
70 Specify the interval in seconds at which the whole directory will be pulled
72 .It provide map Ar string
73 Specify a map that should be provided by
75 The currently implemented maps are: passwd.byname, passwd.byuid,
76 group.byname, group.bygid.
79 Directories are used to describe the LDAP schema and help
81 convert LDAP entries to
87 A directory declaration is of the following form:
88 .Bd -literal -offset indent
89 directory "some.host" {
94 Valid directives for directories are:
97 .Ic attribute Ar name Ic maps to Ar string
101 .Xr master.passwd 5 ,
104 attribute to the LDAP attribute name supplied.
105 .It Ic basedn Ar string
106 Use the supplied search base as starting point for the directory search.
107 .It Ic groupdn Ar string
108 Use the supplied search base as starting point for the directory search for
110 If not supplied, the basedn value will be used.
111 .It Ic bindcred Ar string
112 Use the supplied credentials for simple authentication against the directory.
113 .It Ic binddn Ar string
114 Use the supplied Distinguished Name to bind to the directory.
115 .It Ic fixed attribute Ar attribute string
116 Do not retrieve the specified attribute from LDAP but
117 instead set it unconditionally to the supplied value for
119 .It Ic group filter Ar string
120 Use the supplied LDAP filter to retrieve group entries.
122 .Ic list Ar name Ic maps to Ar string
126 .Xr master.passwd 5 ,
129 attribute to the LDAP attribute name supplied.
130 A list creates a comma separated list of all the LDAP attributes found.
132 Valid attributes are:
134 .Bl -tag -width groupmembers -offset indent -compact
150 .It Ic passwd filter Ar string
151 Use the supplied LDAP filter to retrieve password entries.
154 .Bl -tag -width "/etc/ypldap.conf" -compact
155 .It Pa /etc/ypldap.conf
158 .It Pa /usr/share/example/ypldap/ypldap.conf
160 configuration file example.
169 file format first appeared in