ldapd —
Lightweight Directory Access Protocol
daemon
| ldapd |
[-dnv]
[-D
macro=value]
[-f
file]
[-r
directory]
[-s
file] |
ldapd is a daemon which implements version 3 of the
LDAP protocol.
A running
ldapd process can be controlled using the
ldapctl(8) utility.
The options are as follows:
-
-
- -D
macro=value
- Define macro to be set to
value on the command line. Overrides the
definition of macro in the configuration
file.
-
-
- -d
- Do not daemonize and log to
stderr.
-
-
- -f
file
- Use file as the
configuration file, instead of the default
/etc/ldapd.conf.
-
-
- -n
- Configtest mode. Only check the configuration file for
validity.
-
-
- -r
directory
- Store and read database files in
directory, instead of the default
/var/db/ldap.
-
-
- -s
file
- Specify an alternative location for the socket file.
-
-
- -v
- Produce more verbose output. A second
-v together with the
-d flag produces debug traces of decoded BER
messages on stderr.
ldapd can authenticate users via simple binds or
SASL with the PLAIN mechanism.
When using simple binds, the bind DN entry must exist in a namespace and have a
userPassword attribute. The following formats of
the
userPassword attribute are recognized:
-
-
- {SHA}digest
- Verify the password against the SHA-1 digest.
-
-
- {SSHA}digest
- Verify the password against the salted SHA-1 digest.
-
-
- {CRYPT}hash
- Verify the password against the
crypt(3) hash.
-
-
- {BSDAUTH}username
- Use BSD Authentication with the
given username and authentication style “auth-ldap”. This is
similar to using SASL PLAIN authentication with
username as the authentication ID.
-
-
- {BSDAUTH}username#class
- Same as above, but overrides the login class.
Without a prefix, the
userPassword attribute is
compared literally with the provided plain text password.
When using SASL binds, the authentication ID should be a valid username for
BSD Authentication.
For plain text passwords to be accepted, the connection must be considered
secure, either by using an encrypted connection, or by using the
secure keyword in the configuration file.
- /etc/ldapd.conf
- default ldapd configuration
file
- /var/run/ldapd.sock
- default ldapd control
socket
- /var/db/ldap/*.db
- ldapd database files
ldapd.conf(5),
login.conf(5),
ldapctl(8)
J. Sermersheim,
Lightweight Directory Access Protocol (LDAP): The
Protocol, RFC 4511, June
2006.
K. Zeilenga,
Lightweight Directory Access Protocol (LDAP): Directory
Information Models, RFC 4512,
June 2006.
The
ldapd program first appeared in
OpenBSD 4.8.
ldapd is not yet fully LDAPv3 compliant.
Database files are not expected to work across architectures and may not work
across versions.
![[OpenBSD]](/openbsd.gif){kind=small}