Home
Main website
Display Sidebar
Hide Ads
Recent Changes
View Source:
pam_ldap.conf(5)
Edit
PageHistory
Diff
Info
LikePages
pam_ldap.conf !!!pam_ldap.conf NAME DESCRIPTION PARAMETERS PASSWORD HASHES OBSOLETE FILES AUTHOR ---- !!NAME pam_ldap.conf - Configuration file for PAM LDAP Authentication library !!DESCRIPTION This file provides configuration information for PAM LDAP Authenticationb library. Each line in the file is either a comment (indicated with a hash '#') or a directive followed by a parameter. Directives which are not specified in the file are set to their default values. !!PARAMETERS The recognized directives are as follows: __host__ The LDAP directory server to direct all queries to. Must be resolvable without using LDAP. Can be a hostname or an IP address. If not specified the libraries will attempt to use DNS 'Resource Records' (RR) to find the appropriate host. __base__ The distinguished name of the search base. If this parameter is omitted it the defaultdomain is used in a fashion specified by RFC2247 Commonly the elements of the domain name prefixed with 'dc='. Example: dc=rage,dc=net. This value is required. __uri__ Another way to specify your LDAP server is to provide an uri with the server name. This allows to use Unix Domain Sockets to connect to a local LDAP Server. uri ldap://127.0.0.1/ uri ldaps://127.0.0.1/ uri ldapi://%2fvar%2frun%2fldapi_sock/ Note: %2f encodes the '/' used as directory separator __ldap_version__ LDAP version to use. Valid values are 2 or 3. __binddn__ The distinguished name to bind to the server with. If omitted the library will bind anonymously. __bindpw__ The credentials to bind with. This should only be specified in conjunction with binddn. __rootbinddn__ The distinguished name to bind to the server with if the effective user ID is root. Password is stored in /etc/ldap.secret (mode 600) __port__ The TCP port to bind to the server with. Defaults to 389 __scope__ The search scope. Should be one of 'one', 'base', or 'sub'. __timelimit__ Timelimit for searches __bind_timelimit__ Timelimit for binding to LDAP server. If using Netscape SDK 4.x, this is used to set the TCP connection timeout as well as the bind timelimit. The following directives are pam-specific and should be left as defaults unless a given configuration specifies their change. __pam_filter__ Filter to AND with uid searches __pam_login_attribute__ The user ID attribute, defaults to 'uid' (as specified in RFC2307) __pam_lookup_policy__ Search the root DSE for the password policy. This works with Netscape directory server. The value can be one of 'yes' or 'no'. __pam_groupdn__ The group to enforce membership of. __pam_member_attribute__ The group member attribute. Commonly 'uniquememeber' __pam_login_attribute__ __pam_template_login_attribute pam_template_login__ Template login attribute, default template user (can be overriden by value of former attribute in user's entry) __pam_password__ Select the crypt to use when changing passwords. Possible choices are: clear, crypt, nds, ad and exop. !!PASSWORD HASHES libpam_ldap supports many types of hashes for passwords, the possible choices for pam_password are explained here. clear Don't set any encryptions, this is useful with servers that automatically encrypt userPassword entry. crypt make userPassword use the same format as the flat filesystem. this will work for most configurations nds Use Novell Directory Services-style updating, first remove the old password and then update with cleartext password. ad Active Directory-style. Create Unicode password and update unicodePwd attribute exop Use the OpenLDAP password change extended operation to update the password. !!OBSOLETE The pam_crypt, pam_nds_passwd, and pam_ad_passwd options are no longer supported. !!FILES /etc/pam_ldap.conf !!AUTHOR Software by Luke Howard ----
One page links to
pam_ldap.conf(5)
:
Man5p
This page is a man page (or other imported legacy content). We are unable to automatically determine the license status of this page.
