.\" $OpenBSD: ypldap.conf.5,v 1.21 2017/05/30 12:17:17 jmc Exp $ .\" .\" Copyright (c) 2008 Pierre-Yves Ritschard .\" .\" Permission to use, copy, modify, and distribute this software for any .\" purpose with or without fee is hereby granted, provided that the above .\" copyright notice and this permission notice appear in all copies. .\" .\" THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES .\" WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF .\" MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR .\" ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES .\" WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN .\" ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF .\" OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE. .\" .Dd $Mdocdate: May 30 2017 $ .Dt YPLDAP.CONF 5 .Os .Sh NAME .Nm ypldap.conf .Nd LDAP YP map daemon configuration file .Sh DESCRIPTION The .Xr ypldap 8 daemon provides YP maps using LDAP as a backend. .Sh SECTIONS The .Nm config file is divided into three main sections. .Bl -tag -width xxxx .It Sy Macros User-defined variables may be defined and used later, simplifying the configuration file. .It Sy Global Configuration Global settings for .Xr ypldap 8 . .It Sy Directories LDAP Directory specific parameters. .El .Sh MACROS Much like .Xr cpp 1 or .Xr m4 1 , macros can be defined that will later be expanded in context. Macro names must start with a letter, digit, or underscore, and may contain any of those characters. Macro names may not be reserved words (for example, .Ic domain ) . Macros are not expanded inside quotes. .Pp For example: .Bd -literal -offset indent fixed_gecos="Pulled from LDAP" fixed attribute gecos $fixed_gecos .Ed .Sh GLOBAL CONFIGURATION Global settings concern the main behaviour of the daemon. .Pp .Bl -tag -width Ds -compact .It domain Ar string Specify the name of the NIS domain .Nm will provide. .It interval Ar seconds Specify the interval in seconds at which the whole directory will be pulled from LDAP. .It provide map Ar string Specify a map that should be provided by .Nm The currently implemented maps are: passwd.byname, passwd.byuid, group.byname, group.bygid. .It Ic cafile Ar filename Load CA certificates from the specified file to validate the server certificate. If not specified, CA certificates will be loaded from .Pa /etc/ssl/cert.pem . .El .Sh DIRECTORIES Directories are used to describe the LDAP schema and help .Nm convert LDAP entries to .Xr passwd 5 , .Xr master.passwd 5 , and .Xr group 5 lines. Each directory section consists of a declaration of the directory server name and a set of directives describing how entries from the directory are used to construct YP map entries. .Bl -tag -width Ds .It Ic directory Ar hostname Oo Ic port Ar port Oc Oo tls Oc Brq ... Defines a directory by hostname and optionally port number. If the .Ar tls argument is not specified, no transport-level security will be used. Valid options are: .Bl -tag -width Ds .It Ic tls Use STARTTLS to negotiate TLS, by default on port 389. .It Ic ldaps Connect with TLS enabled, by default on port 636. .El .El .Pp Valid directives for directories are: .Bl -tag -width Ds .It Xo .Ic attribute Ar name Ic maps to Ar string .Xc Map the .Xr passwd 5 , .Xr master.passwd 5 , or .Xr group 5 attribute to the LDAP attribute name supplied. .It Ic basedn Ar string Use the supplied search base as starting point for the directory search. .It Ic groupdn Ar string Use the supplied search base as starting point for the directory search for groups. If not supplied, the basedn value will be used. .It Ic bindcred Ar string Use the supplied credentials for simple authentication against the directory. .It Ic binddn Ar string Use the supplied Distinguished Name to bind to the directory. .It Ic fixed attribute Ar attribute string Do not retrieve the specified attribute from LDAP but instead set it unconditionally to the supplied value for every entry. .It Ic group filter Ar string Use the supplied LDAP filter to retrieve group entries. .It Xo .Ic list Ar name Ic maps to Ar string .Xc Map the .Xr passwd 5 , .Xr master.passwd 5 , or .Xr group 5 attribute to the LDAP attribute name supplied. A list creates a comma separated list of all the LDAP attributes found. .Pp Valid attributes are: .Pp .Bl -tag -width groupmembers -offset indent -compact .It Ic name .It Ic passwd .It Ic uid .It Ic gid .It Ic gecos .It Ic home .It Ic shell .It Ic change .It Ic expire .It Ic class .It Ic groupname .It Ic grouppasswd .It Ic groupgid .It Ic groupmembers .El .It Ic passwd filter Ar string Use the supplied LDAP filter to retrieve password entries. .El .Sh FILES .Bl -tag -width "/etc/ypldap.conf" -compact .It Pa /etc/ypldap.conf .Xr ypldap 8 configuration file. .El .Sh SEE ALSO .Xr ypbind 8 , .Xr ypldap 8 , .Xr ypserv 8 .Sh HISTORY The .Nm file format first appeared in .Ox 4.4 .