[OpenBSD]

Manual Page Search Parameters
LDAPD(8) System Manager's Manual LDAPD(8)

NAME

ldapdLightweight Directory Access Protocol daemon

SYNOPSIS

ldapd [-dnv] [-D macro=value] [-f file] [-r directory] [-s file]

DESCRIPTION

ldapd is a daemon which implements version 3 of the LDAP protocol.
A running ldapd process can be controlled using the ldapctl(8) utility.
The options are as follows:
 
 
-D macro=value
Define macro to be set to value on the command line. Overrides the definition of macro in the configuration file.
 
 
-d
Do not daemonize and log to stderr.
 
 
-f file
Use file as the configuration file, instead of the default /etc/ldapd.conf.
 
 
-n
Configtest mode. Only check the configuration file for validity.
 
 
-r directory
Store and read database files in directory, instead of the default /var/db/ldap.
 
 
-s file
Specify an alternative location for the socket file.
 
 
-v
Produce more verbose output. A second -v together with the -d flag produces debug traces of decoded BER messages on stderr.

AUTHENTICATION

ldapd can authenticate users via simple binds or SASL with the PLAIN mechanism.
When using simple binds, the bind DN entry must exist in a namespace and have a userPassword attribute. The following formats of the userPassword attribute are recognized:
 
 
{SHA}digest
Verify the password against the SHA-1 digest.
 
 
{SSHA}digest
Verify the password against the salted SHA-1 digest.
 
 
{CRYPT}hash
Verify the password against the crypt(3) hash.
 
 
{BSDAUTH}username
Use BSD Authentication with the given username and authentication style “auth-ldap”. This is similar to using SASL PLAIN authentication with username as the authentication ID.
 
 
{BSDAUTH}username#class
Same as above, but overrides the login class.
Without a prefix, the userPassword attribute is compared literally with the provided plain text password.
When using SASL binds, the authentication ID should be a valid username for BSD Authentication.
For plain text passwords to be accepted, the connection must be considered secure, either by using an encrypted connection, or by using the secure keyword in the configuration file.

FILES

/etc/ldapd.conf
default ldapd configuration file
/var/run/ldapd.sock
default ldapd control socket
/var/db/ldap/*.db
ldapd database files

SEE ALSO

ldapd.conf(5), login.conf(5), ldapctl(8)

STANDARDS

J. Sermersheim, Lightweight Directory Access Protocol (LDAP): The Protocol, RFC 4511, June 2006.
K. Zeilenga, Lightweight Directory Access Protocol (LDAP): Directory Information Models, RFC 4512, June 2006.

HISTORY

The ldapd program first appeared in OpenBSD 4.8.

CAVEATS

ldapd is not yet fully LDAPv3 compliant.
Database files are not expected to work across architectures and may not work across versions.
February 1, 2016 OpenBSD-current