1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
|
.TH "libnss-ldap.conf" "1" "14 April 2001"
.SH "NAME"
libnss-ldap.conf \- Configuration file for LDAP NSS library
.SH "DESCRIPTION"
This file provides configuration information for NSS LDAP library.
.PP
Each line in the file is either a comment (indicated with a hash '#') or
a directive followed by a parameter. Directives which are not specified in
the file are set to their default values.
.SH "PARAMETERS"
.PP
The recognized directives are as follows:
.B "host"
The LDAP directory server to direct all queries to. Must be resolvable
without using LDAP. Can be a hostname or an IP address. If not specified
the libraries will attempt to use DNS 'Resource Records' (RR) to find the
appropriate host.
.TP
.B "base"
The distinguished name of the search base. If this parameter is omitted it
the defaultdomain is used in a fashion specified by RFC2247
Commonly the elements of the domain
name prefixed with 'dc='. Example: dc=rage,dc=net. This value is required.
.TP
.B "uri"
Another way to specify your LDAP server is to provide an uri with the server
name. This allows to use Unix Domain Sockets to connect to a local LDAP Server.
uri ldap://127.0.0.1/
.br
uri ldaps://127.0.0.1/
.br
uri ldapi://%2fvar%2frun%2fldapi_sock/
.br
Note: %2f encodes the '/' used as directory separator
.TP
.B "ldap_version"
LDAP version to use. Valid values are 2 or 3.
.TP
.B "binddn"
The distinguished name to bind to the server with. If omitted the library
will bind anonymously.
.TP
.B "bindpw"
The credentials to bind with. This should only be specified in conjunction
with binddn.
.TP
.B "rootbinddn"
The distinguished name to bind to the server with if the effective user ID is
root.
Password is stored in /etc/ldap.secret (mode 600)
.TP
.B "port"
The TCP port to bind to the server with. Defaults to 389
.TP
.B "scope"
The search scope. Should be one of 'one', 'base', or 'sub'.
.TP
.B "timelimit"
Timelimit for searches
.TP
.B "bind_timelimit"
Timelimit for binding to LDAP server.
.PP
The following parameters are NSS specific. They modify the default behaviour of
NSS library. All of these are optional.
.TP
.B "nss_base_XXX"
these parameters control where certain data is found. if you define a filter,
it will be &'d with the default filter.
example:
.BR
nss_base_XXX base?scope?filter
you can also omit the suffix, and base DN will be appended to it. This may
incur a small performance impact.
example:
.BR
nss_base_passwd ou=People,
Valid parameters are:
nss_base_passwd
.br
nss_base_shadow
.br
nss_base_group
.br
nss_base_hosts
.br
nss_base_services
.br
nss_base_networks
.br
nss_base_protocols
.br
nss_base_rpc
.br
nss_base_ethers
.br
nss_base_netmasks
.br
nss_base_bootparams
.br
nss_base_aliases
.br
nss_base_netgroup
.SH "FILES"
.nf
/etc/libnss-ldap.conf
.fi
.SH "AUTHOR"
.nf
Software by Luke Howard <lukeh@padl.com>
Manual page created by Greg Retkowski <greg@rage.net>
and updated by Sami Haahtinen <ressu@debian.org>
.fi
|
