NAME
ypldap.conf
—
LDAP YP map daemon configuration
file
DESCRIPTION
The ypldap(8) daemon provides YP maps using LDAP as a backend.
The ypldap.conf
config file is divided
into the following main sections:
- Macros
- User-defined variables may be defined and used later, simplifying the configuration file.
- Global Configuration
- Global settings for ypldap(8).
- Directories
- LDAP Directory specific parameters.
MACROS
Much like cpp(1) or
m4(1),
macros can be defined that will later be expanded in context. Macro names
must start with a letter, digit, or underscore, and may contain any of those
characters. Macro names may not be reserved words (for example,
domain
). Macros are not expanded inside quotes.
For example:
fixed_gecos="Pulled from LDAP" fixed attribute gecos $fixed_gecos
GLOBAL CONFIGURATION
Global settings concern the main behaviour of the daemon.
- domain string
- Specify the name of the NIS domain
ypldap.conf
will provide. - interval seconds
- Specify the interval in seconds at which the whole directory will be pulled from LDAP.
- provide map string
- Specify a map that should be provided by
ypldap.conf
The currently implemented maps are: passwd.byname, passwd.byuid, group.byname, group.bygid. cafile
filename- Load CA certificates from the specified file to validate the server certificate. If not specified, CA certificates will be loaded from /etc/ssl/cert.pem.
DIRECTORIES
Directories are used to describe the LDAP schema and help
ypldap.conf
convert LDAP entries to
passwd(5),
master.passwd(5), and
group(5) lines. Each directory section consists of a declaration of
the directory server name and a set of directives describing how entries
from the directory are used to construct YP map entries.
directory
hostname [port
port] [tls] {...}- Defines a directory by hostname and optionally port number. If the
tls argument is not specified, no transport-level
security will be used. Valid options are:
tls
- Use STARTTLS to negotiate TLS, by default on port 389.
ldaps
- Connect with TLS enabled, by default on port 636.
Valid directives for directories are:
attribute
namemaps to
string- Map the passwd(5), master.passwd(5), or group(5) attribute to the LDAP attribute name supplied.
basedn
string- Use the supplied search base as starting point for the directory search.
groupdn
string- Use the supplied search base as starting point for the directory search for groups. If not supplied, the basedn value will be used.
bindcred
string- Use the supplied credentials for simple authentication against the directory.
binddn
string- Use the supplied Distinguished Name to bind to the directory.
fixed attribute
attribute string- Do not retrieve the specified attribute from LDAP but instead set it unconditionally to the supplied value for every entry.
group filter
string- Use the supplied LDAP filter to retrieve group entries.
list
namemaps to
string- Map the passwd(5),
master.passwd(5), or
group(5) attribute to the LDAP attribute name supplied. A list
creates a comma separated list of all the LDAP attributes found.
Valid attributes are:
passwd filter
string- Use the supplied LDAP filter to retrieve password entries.
FILES
- /etc/ypldap.conf
- ypldap(8) configuration file.
- /etc/examples/ypldap.conf
- Example configuration file.
SEE ALSO
HISTORY
The ypldap.conf
file format first appeared
in OpenBSD 4.4.