File: lcmaps_ldap_enf.mod.8

package info (click to toggle)
lcmaps-plugins-basic 1.7.1-2
  • links: PTS, VCS
  • area: main
  • in suites: forky, sid, trixie
  • size: 1,996 kB
  • sloc: sh: 11,020; ansic: 4,124; makefile: 128
file content (86 lines) | stat: -rw-r--r-- 2,327 bytes parent folder | download | duplicates (3) 
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
 
.TH LCMAPS_LDAP_ENF.MOD 8 "March 22, 2011" 
.SH NAME
lcmaps_ldap_enf.mod \- LCMAPS plugin to update ldap according to credentials
.SH SYNOPSIS
.B lcmaps_ldap_enf.mod -maxuid
.I maxuid
.B -maxpgid
.I maxpgid
.B -maxsgid
.I maxsgid
.B -hostname
.I hostname
.B -port
.I port
.RB [ "-require_all_groups " { yes | no }]
.B -dn_manager
.I DN
.B -ldap_pw
.I filename
.B -sb_groups
.I searchbase
.B -sb_user
.I searchbase
.B -timeout
.I seconds
.SH  DESCRIPTION
Ldap enforcement plugin will alter the user and group settings in the
ldap database, using the user and groups settings provided by the
credential acquisition plugins.  Note that LDAP has to be used as the
source of account information for PAM or NSS and has to be RFC\~2307
compliant.
.SH OPTIONS
.TP
.BI -maxuid \ maxuid
Maximum number of uids to be used. Strongly advised is to set this to 1.
.TP
.BI -maxpgid \ maxpgid
Maximum number of primary gids to be used.
.TP
.BI -maxsgid \ maxsgid
Maximum number of (secondary) gids to be used (not including primary
group). Advised is to set this to 1.
.TP
.BI -hostname \ hostname
The hostname on which the LDAP server is running, e.g. asen.nikhef.nl
.TP
.BI -port \ port
The port number to which to connect, e.g. 389
.TP
.BR -require_all_groups \ { yes | no }
Specify if all groups set by the PluginManager shall be used. Default is 'yes'.
.TP
.BI -dn_manager \ DN
DN of the LDAP manager, e.g. "cn=Manager,dc=root"
.TP
.BI -ldap_pw \ filename
Path to the file containing the password of the LDAP manager.
Note: the mode of the file containing the password must be read-only for root (400),
otherwise the plugin will not run.
.TP
.BI -sb_groups \ searchbase
Search base for the (secondary) groups, e.g. "ou=LocalGroups, dc=example, dc=com"
.TP
.BI -sb_user \ searchbase
Search base for the user, e.g. "ou=LocalUsers, dc=example, dc=com"
.TP
.BI -timeout \ timeout\ value
timeout (in seconds) that will be applied to the ldap binding
.SH "RETURN VALUE"
.TP
.B LCMAPS_MOD_SUCCESS
Success.
.TP 
.B LCMAPS_MOD_FAIL
Failure.

.SH BUGS
Please report any errors to the Nikhef Grid Middleware Security Team
<grid-mw-security-support@nikhef.nl>.
.SH "SEE ALSO"
.BR lcmaps.db (5), 
.BR lcmaps (3),
.BR ldap (3).
.SH AUTHORS
LCMAPS and the LCMAPS plug-ins were written by the Grid Middleware Security Team 
<grid-mw-security@nikhef.nl>.