File: pam_ldap.conf.5

package info (click to toggle)
libpam-ldap 43-2
  • links: PTS
  • area: main
  • in suites: potato
  • size: 300 kB
  • ctags: 105
  • sloc: ansic: 1,830; makefile: 40
file content (82 lines) | stat: -rw-r--r-- 2,646 bytes parent folder | download
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
.TH pam_ldap.conf 1 "9 March 1999"
.IX pam_ldap.conf
.SH NAME
pam_ldap.conf - Configuration file for LDAP PAM library
.SH DESCRIPTION
This file provides configuration information for various system libraries
supporting PAM LDAP authentication service.
.PP
Each line in the file is either a comment (indicated with a hash '#') or
a directive followed by a parameter. Directives which are not specified in
the file are set to their default values.
.PP
The recognized directives are as follows:
.B "host"
The LDAP directory server to direct all queries to. Must be resolveable
without using LDAP. Can be a hostname or an IP address. If not specified
the libraries will attempt to use DNS 'Resource Records' (RR) to find the
appropriate host.
.TP
.B "base"
The distinguished name of the search base. If this parameter is omitted it
the defaultdomain is used in a fashion specified by RFC2247

Commonly the elements of the domain

name prefixed with 'dc='. Example: dc=rage,dc=net. This value is required.
.TP
.B "ldap_version"
LDAP version to use. Valid values are 2 or 3.
.TP
.B "binddn"
The distinguished name to bind to the server with. If ommited the library
will bind anonomously.
.TP
.B "bindpw"
The credentials to bind with. This should only be specified in conjunction
with binddn.
.TP
.B "port"
The TCP port to bind to the server with. Defaults to 389
.TP
.B "scope"
The search scope. Should be one of 'one', 'base', or 'sub'.
.TP
.B "crypt"
The hashing algorithm your libc uses. Can be one of 'md5', 'sha', or 'des'.
Default is DES, indicating normal unix crypt'ed passwords.
.PP
The following directives are pam-specific and should be left as defaults
unless a given configuration specifies their change.
.TP
.B "pam_filter"
Filter to AND with uid searches
.TP
.B "pam_login_attribute"
The user ID attribute, defaults to 'uid' (as specified in RFC2307)
.TP
.B pam_lookup_policy
Search the root DSE for the password policy. This works with netscape
directory server. The value can be one of 'yes' or 'no'.
.TP
.B pam_groupdn
The group to enforce membership of.
.TP
.B pam_member_attribute
The group member attribute. Commonly 'uniquememeber'
.TP
.B pam_crypt
Specifies whether to encrypt passwords before updating the server, or to allow
the server to handle the encryption. May be one of 'local' or 'remote'. If you
are using the Netscape directory with NT syncronization it must be remote.
If you are using the UofM or Open LDAP servers it must be local.
server syncronizing with NT you should 
.SH FILES
.nf
/etc/pam_ldap.conf
.fi
.SH AUTHOR
.nf
Software by Luke Howard <lukeh@padl.com>
Manual page by Greg Retkowski <greg@rage.net>
.fi