ypldap.conf
—
LDAP YP map daemon configuration file
TABLE OF CONTENTS
The
ypldap(8) daemon provides YP maps using
LDAP as a backend.
The ypldap.conf
config file is divided
into the following main sections:
- Macros
- User-defined variables may be defined and used later, simplifying the
configuration file.
- Global Configuration
- Global settings for ypldap(8).
- Directories
- LDAP Directory specific parameters.
Much like
cpp(1) or
m4(1), macros can be defined that will later be
expanded in context. Macro names must start with a letter, digit, or
underscore, and may contain any of those characters. Macro names may not be
reserved words (for example,
domain
). Macros are not
expanded inside quotes.
For example:
fixed_gecos="Pulled from LDAP"
fixed attribute gecos $fixed_gecos
Global settings concern the main behaviour of the daemon.
- domain string
- Specify the name of the NIS domain
ypldap.conf
will provide.
- interval seconds
- Specify the interval in seconds at which the whole directory will be
pulled from LDAP.
- provide map string
- Specify a map that should be provided by
ypldap.conf
The currently implemented maps are:
passwd.byname, passwd.byuid, group.byname, group.bygid.
cafile
filename
- Load CA certificates from the specified file to validate the server
certificate. If not specified, CA certificates will be loaded from
/etc/ssl/cert.pem.
Directories are used to describe the LDAP schema and help
ypldap.conf
convert LDAP entries to
passwd(5),
master.passwd(5), and
group(5) lines. Each directory section
consists of a declaration of the directory server name and a set of directives
describing how entries from the directory are used to construct YP map
entries.
directory
hostname [port
port] [tls] {...}
- Defines a directory by hostname and optionally port number. If the
tls argument is not specified, no transport-level
security will be used. Valid options are:
tls
- Use STARTTLS to negotiate TLS, by default on port 389.
ldaps
- Connect with TLS enabled, by default on port 636.
Valid directives for directories are:
attribute
name maps to
string
- Map the passwd(5),
master.passwd(5), or
group(5) attribute to the LDAP attribute
name supplied.
basedn
string
- Use the supplied search base as starting point for the directory
search.
groupdn
string
- Use the supplied search base as starting point for the directory search
for groups. If not supplied, the basedn value will be used.
bindcred
string
- Use the supplied credentials for simple authentication against the
directory.
binddn
string
- Use the supplied Distinguished Name to bind to the directory.
fixed
attribute
attribute string
- Do not retrieve the specified attribute from LDAP but instead set it
unconditionally to the supplied value for every entry.
group
filter
string
- Use the supplied LDAP filter to retrieve group entries.
list
name maps to
string
- Map the passwd(5),
master.passwd(5), or
group(5) attribute to the LDAP attribute
name supplied. A list creates a comma separated list of all the LDAP
attributes found.
Valid attributes are:
passwd
filter
string
- Use the supplied LDAP filter to retrieve password entries.
- /etc/ypldap.conf
- ypldap(8) configuration file.
ypbind(8),
ypldap(8),
ypserv(8)
The
ypldap.conf
file format first appeared in
OpenBSD 4.4.