LDAPD(8) | System Manager's Manual | LDAPD(8) |
ldapd
—
ldapd |
[-dnv ] [-D
macro=value]
[-f file]
[-r directory]
[-s file] |
ldapd
is a daemon which implements version 3 of the LDAP
protocol.
A running ldapd
process can be controlled
using the ldapctl(8) utility.
The options are as follows:
-D
macro=value-d
-f
file-n
-r
directory-s
file-v
-v
together
with the -d
flag produces debug traces of decoded
BER messages on stderr.ldapd
can authenticate users via simple binds or SASL
with the PLAIN mechanism.
When using simple binds, the bind DN entry must exist in a
namespace and have a userPassword
attribute. The
following formats of the userPassword
attribute are
recognized:
{SHA}digest
{SSHA}digest
{CRYPT}hash
{BSDAUTH}username
{BSDAUTH}username#class
Without a prefix, the userPassword
attribute is compared literally with the provided plain text password.
When using SASL binds, the authentication ID should be a valid username for BSD Authentication.
For plain text passwords to be accepted, the connection must be
considered secure, either by using an encrypted connection, or by using the
secure
keyword in the configuration file.
ldapd
configuration fileldapd
control socketldapd
database filesK. Zeilenga, Lightweight Directory Access Protocol (LDAP): Directory Information Models, RFC 4512, June 2006.
ldapd
program first appeared in
OpenBSD 4.8.
ldapd
is not yet fully LDAPv3 compliant.
Database files are not expected to work across architectures and may not work across versions.
February 1, 2016 | OpenBSD-current |