Blame: pam_ldap.conf(5) - Waikato Linux Users Group

Annotated edit history of pam_ldap.conf(5) version 1, including all changes. View license author blame.

Rev	Author	#	Line
1	perry	1	`pam_ldap.conf`
		2	`!!!pam_ldap.conf`
		3	`NAME`
		4	`DESCRIPTION`
		5	`PARAMETERS`
		6	`PASSWORD HASHES`
		7	`OBSOLETE`
		8	`FILES`
		9	`AUTHOR`
		10	`----`
		11	`!!NAME`
		12
		13
		14	`pam_ldap.conf - Configuration file for PAM LDAP Authentication library`
		15	`!!DESCRIPTION`
		16
		17
		18	`This file provides configuration information for PAM LDAP`
		19	`Authenticationb library.`
		20
		21
		22	`Each line in the file is either a comment (indicated with a`
		23	`hash '#') or a directive followed by a parameter. Directives`
		24	`which are not specified in the file are set to their default`
		25	`values.`
		26	`!!PARAMETERS`
		27
		28
		29	`The recognized directives are as follows: __host__ The`
		30	`LDAP directory server to direct all queries to. Must be`
		31	`resolvable without using LDAP. Can be a hostname or an IP`
		32	`address. If not specified the libraries will attempt to use`
		33	`DNS 'Resource Records' (RR) to find the appropriate`
		34	`host.`
		35
		36
		37	`__base__`
		38
		39
		40	`The distinguished name of the search base. If this parameter`
		41	`is omitted it the defaultdomain is used in a fashion`
		42	`specified by RFC2247`
		43
		44
		45	`Commonly the elements of the domain`
		46
		47
		48	`name prefixed with 'dc='. Example: dc=rage,dc=net. This`
		49	`value is required.`
		50
		51
		52	`__uri__`
		53
		54
		55	`Another way to specify your LDAP server is to provide an uri`
		56	`with the server name. This allows to use Unix Domain Sockets`
		57	`to connect to a local LDAP Server.`
		58
		59
		60	`uri ldap://127.0.0.1/`
		61	`uri ldaps://127.0.0.1/`
		62	`uri ldapi://%2fvar%2frun%2fldapi_sock/`
		63	`Note: %2f encodes the '/' used as directory`
		64	`separator`
		65
		66
		67	`__ldap_version__`
		68
		69
		70	`LDAP version to use. Valid values are 2 or 3.`
		71
		72
		73	`__binddn__`
		74
		75
		76	`The distinguished name to bind to the server with. If`
		77	`omitted the library will bind anonymously.`
		78
		79
		80	`__bindpw__`
		81
		82
		83	`The credentials to bind with. This should only be specified`
		84	`in conjunction with binddn.`
		85
		86
		87	`__rootbinddn__`
		88
		89
		90	`The distinguished name to bind to the server with if the`
		91	`effective user ID is root.`
		92
		93
		94	`Password is stored in /etc/ldap.secret (mode`
		95	`600)`
		96
		97
		98	`__port__`
		99
		100
		101	`The TCP port to bind to the server with. Defaults to`
		102	`389`
		103
		104
		105	`__scope__`
		106
		107
		108	`The search scope. Should be one of 'one', 'base', or`
		109	`'sub'.`
		110
		111
		112	`__timelimit__`
		113
		114
		115	`Timelimit for searches`
		116
		117
		118	`__bind_timelimit__`
		119
		120
		121	`Timelimit for binding to LDAP server.`
		122	`If using Netscape SDK 4.x, this is used to set the TCP`
		123	`connection timeout as well as the bind`
		124	`timelimit.`
		125
		126
		127	`The following directives are pam-specific and should be left`
		128	`as defaults unless a given configuration specifies their`
		129	`change.`
		130
		131
		132	`__pam_filter__`
		133
		134
		135	`Filter to AND with uid searches`
		136
		137
		138	`__pam_login_attribute__`
		139
		140
		141	`The user ID attribute, defaults to 'uid' (as specified in`
		142	`RFC2307)`
		143
		144
		145	`__pam_lookup_policy__`
		146
		147
		148	`Search the root DSE for the password policy. This works with`
		149	`Netscape directory server. The value can be one of 'yes' or`
		150	`'no'.`
		151
		152
		153	`__pam_groupdn__`
		154
		155
		156	`The group to enforce membership of.`
		157
		158
		159	`__pam_member_attribute__`
		160
		161
		162	`The group member attribute. Commonly`
		163	`'uniquememeber'`
		164
		165
		166	`__pam_login_attribute__`
		167
		168
		169	`__pam_template_login_attribute pam_template_login__`
		170	`Template login attribute, default template user (can be`
		171	`overriden by value of former attribute in user's`
		172	`entry)`
		173
		174
		175	`__pam_password__`
		176
		177
		178	`Select the crypt to use when changing passwords. Possible`
		179	`choices are: clear, crypt, nds, ad and exop.`
		180	`!!PASSWORD HASHES`
		181
		182
		183	`libpam_ldap supports many types of hashes for passwords, the`
		184	`possible choices for pam_password are explained`
		185	`here.`
		186
		187
		188	`clear`
		189
		190
		191	`Don't set any encryptions, this is useful with servers that`
		192	`automatically encrypt userPassword entry.`
		193
		194
		195	`crypt`
		196
		197
		198	`make userPassword use the same format as the flat`
		199	`filesystem. this will work for most`
		200	`configurations`
		201
		202
		203	`nds`
		204
		205
		206	`Use Novell Directory Services-style updating, first remove`
		207	`the old password and then update with cleartext`
		208	`password.`
		209
		210
		211	`ad`
		212
		213
		214	`Active Directory-style. Create Unicode password and update`
		215	`unicodePwd attribute`
		216
		217
		218	`exop`
		219
		220
		221	`Use the OpenLDAP password change extended operation to`
		222	`update the password.`
		223	`!!OBSOLETE`
		224
		225
		226	`The pam_crypt, pam_nds_passwd, and pam_ad_passwd options are`
		227	`no longer supported.`
		228	`!!FILES`
		229
		230
		231	`/etc/pam_ldap.conf`
		232	`!!AUTHOR`
		233
		234
		235	`Software by Luke Howard`
		236	`----`

This page is a man page (or other imported legacy content). We are unable to automatically determine the license status of this page.

Last edited on Monday, June 3, 2002 6:56:00 pm by "perry"

Edit PageHistory Diff Info LikePages