libnss-ldap.conf(5) - Waikato Linux Users Group

libnss-ldap.conf

NAME DESCRIPTION PARAMETERS FILES AUTHOR

NAME

libnss-ldap.conf - Configuration file for LDAP NSS library

DESCRIPTION

This file provides configuration information for NSS LDAP library.

Each line in the file is either a comment (indicated with a hash '#') or a directive followed by a parameter. Directives which are not specified in the file are set to their default values.

PARAMETERS

The recognized directives are as follows: host The LDAP directory server to direct all queries to. Must be resolvable without using LDAP. Can be a hostname or an IP address. If not specified the libraries will attempt to use DNS 'Resource Records' (RR) to find the appropriate host.

base

The distinguished name of the search base. If this parameter is omitted it the defaultdomain is used in a fashion specified by RFC2247

Commonly the elements of the domain

name prefixed with 'dc='. Example: dc=rage,dc=net. This value is required.

uri

Another way to specify your LDAP server is to provide an uri with the server name. This allows to use Unix Domain Sockets to connect to a local LDAP Server.

uri ldap://127.0.0.1/ uri ldaps://127.0.0.1/ uri ldapi://%2fvar%2frun%2fldapi_sock/ Note: %2f encodes the '/' used as directory separator

ldap_version

LDAP version to use. Valid values are 2 or 3.

binddn

The distinguished name to bind to the server with. If omitted the library will bind anonymously.

bindpw

The credentials to bind with. This should only be specified in conjunction with binddn.

rootbinddn

The distinguished name to bind to the server with if the effective user ID is root.

Password is stored in /etc/ldap.secret (mode 600)

port

The TCP port to bind to the server with. Defaults to 389

scope

The search scope. Should be one of 'one', 'base', or 'sub'.

timelimit

Timelimit for searches

bind_timelimit

Timelimit for binding to LDAP server.

The following parameters are NSS specific. They modify the default behaviour of NSS library. All of these are optional.

nss_base_XXX

these parameters control where certain data is found. if you define a filter, it will be

example: nss_base_XXX base?scope?filter

you can also omit the suffix, and base DN will be appended to it. This may incur a small performance impact.

example: nss_base_passwd ou=People,

Valid parameters are:

nss_base_passwd nss_base_shadow nss_base_group nss_base_hosts nss_base_services nss_base_networks nss_base_protocols nss_base_rpc nss_base_ethers nss_base_netmasks nss_base_bootparams nss_base_aliases nss_base_netgroup

FILES

/etc/libnss-ldap.conf

AUTHOR

Software by Luke Howard

2 pages link to libnss-ldap.conf(5):

This page is a man page (or other imported legacy content). We are unable to automatically determine the license status of this page.

Last edited on Monday, June 3, 2002 6:55:58 pm by "perry"

Edit PageHistory Diff Info LikePages