ypldap.conf —
LDAP YP map daemon configuration file
The
ypldap(8) daemon provides YP
maps using LDAP as a backend.
The
ypldap.conf config file is divided into
the following main sections:
-
-
- Macros
- User-defined variables may be defined and used later, simplifying the
configuration file.
-
-
- Global Configuration
- Global settings for
ypldap(8).
-
-
- Directories
- LDAP Directory specific parameters.
Much like
cpp(1) or
m4(1), macros can be defined that
will later be expanded in context. Macro names must start with a letter,
digit, or underscore, and may contain any of those characters. Macro names may
not be reserved words (for example,
domain). Macros are not expanded inside
quotes.
For example:
fixed_gecos="Pulled from LDAP"
fixed attribute gecos $fixed_gecos
Global settings concern the main behaviour of the daemon.
- domain string
- Specify the name of the NIS domain
ypldap.conf will provide.
- interval seconds
- Specify the interval in seconds at which the whole directory will be
pulled from LDAP.
- provide map string
- Specify a map that should be provided by
ypldap.conf The currently implemented
maps are: passwd.byname, passwd.byuid, group.byname, group.bygid.
cafile
filename- Load CA certificates from the specified file to validate the server
certificate. If not specified, CA certificates will be loaded from
/etc/ssl/cert.pem.
Directories are used to describe the LDAP schema and help
ypldap.conf convert LDAP entries to
passwd(5),
master.passwd(5), and
group(5) lines. Each directory
section consists of a declaration of the directory server name and a set of
directives describing how entries from the directory are used to construct YP
map entries.
-
-
directory
hostname
[port
port
] [tls
]
{...}- Defines a directory by hostname and optionally port number. If the
tls argument is not specified, no
transport-level security will be used. Valid options are:
-
-
tls- Use STARTTLS to negotiate TLS, by default on port 389.
-
-
ldaps- Connect with TLS enabled, by default on port 636.
Valid directives for directories are:
-
-
attribute
name maps
to string- Map the passwd(5),
master.passwd(5), or
group(5) attribute to the
LDAP attribute name supplied.
-
-
basedn
string- Use the supplied search base as starting point for the directory
search.
-
-
groupdn
string- Use the supplied search base as starting point for the directory search
for groups. If not supplied, the basedn value will be used.
-
-
bindcred
string- Use the supplied credentials for simple authentication against the
directory.
-
-
binddn
string- Use the supplied Distinguished Name to bind to the directory.
-
-
fixed
attribute attribute string- Do not retrieve the specified attribute from LDAP but instead set it
unconditionally to the supplied value for every entry.
-
-
group
filter string- Use the supplied LDAP filter to retrieve group entries.
-
-
list
name maps
to string- Map the passwd(5),
master.passwd(5), or
group(5) attribute to the
LDAP attribute name supplied. A list creates a comma separated list of all
the LDAP attributes found.
Valid attributes are:
-
-
passwd
filter string- Use the supplied LDAP filter to retrieve password entries.
- /etc/ypldap.conf
- ypldap(8) configuration
file.
ypbind(8),
ypldap(8),
ypserv(8)
The
ypldap.conf file format first appeared in
OpenBSD 4.4.
![[OpenBSD]](/openbsd.gif){kind=small}