diff options
author | Sergey Poznyakoff <gray@gnu.org.ua> | 2014-08-28 16:56:45 +0300 |
---|---|---|
committer | Sergey Poznyakoff <gray@gnu.org.ua> | 2014-08-28 16:56:45 +0300 |
commit | a44da19368f242cb012dd16254f4fb668cc6a891 (patch) | |
tree | 597ffc1bbfd247d7d7933ba0ccbcf386305bb142 | |
parent | c816d00f963cb8249a205e6fc484fc35428bb22b (diff) | |
download | smap-a44da19368f242cb012dd16254f4fb668cc6a891.tar.gz smap-a44da19368f242cb012dd16254f4fb668cc6a891.tar.bz2 |
Update docs
-rw-r--r-- | doc/smap.texi | 123 |
1 files changed, 92 insertions, 31 deletions
diff --git a/doc/smap.texi b/doc/smap.texi index 4bc5325..cf9b56f 100644 --- a/doc/smap.texi +++ b/doc/smap.texi | |||
@@ -2719,8 +2719,8 @@ Default value is @samp{NOTFOUND}. | |||
2719 | Directory Access Protocol. The configuration is similar to that | 2719 | Directory Access Protocol. The configuration is similar to that |
2720 | of SQL modules: | 2720 | of SQL modules: |
2721 | 2721 | ||
2722 | The @acronym{LDAP} parameters may be configured either globally, when | 2722 | @acronym{LDAP} parameters may be configured either globally, when |
2723 | loading the module, or locally, when defining a smap database. If a | 2723 | loading the module, or locally, when defining a smap database. If the |
2724 | database definition lacks some configuration statements, it looks them | 2724 | database definition lacks some configuration statements, it looks them |
2725 | up in a global definition. | 2725 | up in a global definition. |
2726 | 2726 | ||
@@ -2734,6 +2734,33 @@ template} is expanded and the result is used as a response. | |||
2734 | Otherwise, if the query produced an empty set, the smap database uses | 2734 | Otherwise, if the query produced an empty set, the smap database uses |
2735 | the @dfn{negative reply template} to create the response. | 2735 | the @dfn{negative reply template} to create the response. |
2736 | 2736 | ||
2737 | @flindex /etc/ldap.conf | ||
2738 | The module gets its configuration from the file | ||
2739 | @file{/etc/ldap.conf} and from module and database command line. The | ||
2740 | settings from the command line override those from | ||
2741 | @file{/etc/ldap.conf}. Alternative configuration file can be | ||
2742 | specified using the @option{config-file} option. | ||
2743 | The subsections that follow discuss the keywords meaningful for the | ||
2744 | @command{ldap} module. Unless explicitly stated otherwise, these can | ||
2745 | be used in the command line as well as in the configuration file. For | ||
2746 | compatibility with other @acronym{LDAP} software, keywords in the | ||
2747 | configuration file are case-insensitive. Unrecognized keywords | ||
2748 | appearing in the configuration file are silently ignored. You can use | ||
2749 | the @samp{ldap.2} debug level to get a listing of those. This can be | ||
2750 | useful to trace possible typos. | ||
2751 | |||
2752 | Unrecognized keywords appearing in the command line are treated as | ||
2753 | errors, as usual. | ||
2754 | |||
2755 | @kwindex config-file | ||
2756 | The only keyword that can be used only in the command line is | ||
2757 | @option{config-file}: | ||
2758 | |||
2759 | @table @option | ||
2760 | @item config-file=@var{file} | ||
2761 | Read configuration from file @var{file} instead of @file{/etc/ldap.conf}. | ||
2762 | @end table | ||
2763 | |||
2737 | @menu | 2764 | @menu |
2738 | * LDAP Configuration:: | 2765 | * LDAP Configuration:: |
2739 | * LDAP Filter and SMAP Replies:: | 2766 | * LDAP Filter and SMAP Replies:: |
@@ -2742,17 +2769,26 @@ the @dfn{negative reply template} to create the response. | |||
2742 | @node LDAP Configuration | 2769 | @node LDAP Configuration |
2743 | @subsection LDAP Configuration | 2770 | @subsection LDAP Configuration |
2744 | 2771 | ||
2745 | @flindex /etc/ldap.conf | 2772 | The following keywords configure access to the @acronym{LDAP} database: |
2746 | The @acronym{LDAP} configuration is read from the file | ||
2747 | @file{/etc/ldap.conf} and from module and database command line. The | ||
2748 | settings from the command line override those from | ||
2749 | @file{/etc/ldap.conf}. Alternative configuration file can be | ||
2750 | specified using the @option{config-file} option. | ||
2751 | 2773 | ||
2752 | @table @option | 2774 | @table @option |
2753 | @kwindex config-file | 2775 | @kwindex base |
2754 | @item config-file=@var{file} | 2776 | @item base=@var{string} |
2755 | Read configuration from file @var{file} instead of @file{/etc/ldap.conf}. | 2777 | Sets the default base DN for ldap operations. The base must be |
2778 | specified as a Distinguished Name in LDAP format. | ||
2779 | |||
2780 | @kwindex binddn | ||
2781 | @item binddn=@var{dn} | ||
2782 | The DN to bind as. | ||
2783 | |||
2784 | @kwindex bindpw | ||
2785 | @item bindpw=@var{password} | ||
2786 | Password for @code{binddn}. | ||
2787 | |||
2788 | @kwindex bindpwfile | ||
2789 | @item bindpwfile=@var{file} | ||
2790 | Read password from @var{file}. This is a safer alternative to | ||
2791 | @option{bindpw}. | ||
2756 | 2792 | ||
2757 | @kwindex tls-cacert | 2793 | @kwindex tls-cacert |
2758 | @kwindex tls_cacert | 2794 | @kwindex tls_cacert |
@@ -2772,42 +2808,67 @@ address of the remote server. Optional @var{port} specifies the TCP | |||
2772 | port to use instead of the default one. For @samp{ldapi}, @var{name} | 2808 | port to use instead of the default one. For @samp{ldapi}, @var{name} |
2773 | is the pathname of the UNIX socket and @var{port} is not used. Note, | 2809 | is the pathname of the UNIX socket and @var{port} is not used. Note, |
2774 | that directory separators must be URL-encoded (using @samp{%2F} | 2810 | that directory separators must be URL-encoded (using @samp{%2F} |
2775 | instead of @samp{/}). | 2811 | instead of @samp{/}). |
2776 | |||
2777 | @kwindex base | ||
2778 | @item base=@var{string} | ||
2779 | Sets the default base DN for ldap operations. The base must be | ||
2780 | specified as a Distinguished Name in LDAP format. | ||
2781 | |||
2782 | @kwindex binddn | ||
2783 | @item binddn=@var{dn} | ||
2784 | The DN to bind as. | ||
2785 | |||
2786 | @kwindex bindpw | ||
2787 | @item bindpw=@var{password} | ||
2788 | Password for @code{binddn}. | ||
2789 | |||
2790 | @kwindex bindpwfile | ||
2791 | @item bindpwfile=@var{file} | ||
2792 | Read password from @var{file}. This is a safer alternative to | ||
2793 | @option{bindpw}. | ||
2794 | @end table | 2812 | @end table |
2795 | 2813 | ||
2796 | @node LDAP Filter and SMAP Replies | 2814 | @node LDAP Filter and SMAP Replies |
2797 | @subsection LDAP Filter and SMAP Replies | 2815 | @subsection LDAP Filter and SMAP Replies |
2798 | 2816 | ||
2817 | The following keywords configure @acronym{LDAP} lookups and | ||
2818 | replies. | ||
2819 | |||
2799 | @table @option | 2820 | @table @option |
2800 | @kwindex filter | 2821 | @kwindex filter |
2801 | @item filter=@var{pattern} | 2822 | @item filter=@var{pattern} |
2802 | 2823 | Specifies @acronym{LDAP} filter. The @var{pattern} can use the | |
2824 | usual variables (@pxref{expansion}). For example: | ||
2825 | |||
2826 | @example | ||
2827 | database user ldap filter=(&(objectClass=posixAccount)(uid=$key)) | ||
2828 | @end example | ||
2829 | |||
2830 | There is no default for this option, so it is mandatory. | ||
2831 | @end table | ||
2832 | |||
2833 | Replies are configured via the following three keywords: | ||
2834 | |||
2835 | @table @option | ||
2803 | @kwindex positive-reply | 2836 | @kwindex positive-reply |
2804 | @item positive-reply=@var{reply} | 2837 | @item positive-reply=@var{reply} |
2838 | Defines a positive reply string. It is used when the @acronym{LDAP} | ||
2839 | lookup using the defined filter returned one or more objects. Only | ||
2840 | the first returned object is used. The @var{reply} string can contain | ||
2841 | the basic @command{smap} variables @samp{$db}, @samp{$map}, and | ||
2842 | @samp{$key}. It can also refer to values of any attribute from the | ||
2843 | returned object using the variable notation. For example: | ||
2844 | |||
2845 | @example | ||
2846 | positive-reply="OK $uid" | ||
2847 | @end example | ||
2848 | |||
2849 | @noindent | ||
2850 | returns the string @samp{OK} followed by the value of the @option{uid} | ||
2851 | attribute. | ||
2852 | |||
2853 | The default positive reply string is @samp{OK}. | ||
2805 | 2854 | ||
2806 | @kwindex negative-reply | 2855 | @kwindex negative-reply |
2807 | @item negative-reply=@var{reply} | 2856 | @item negative-reply=@var{reply} |
2808 | 2857 | ||
2858 | Defines the negative reply string, which is used when the | ||
2859 | @acronym{LDAP} lookup returns empy set of objects. The @var{reply} | ||
2860 | string can contain the basic @command{smap} variables @samp{$db}, | ||
2861 | @samp{$map}, and @samp{$key}. | ||
2862 | |||
2863 | The default negative reply string is @samp{NOTFOUND}. | ||
2864 | |||
2809 | @kwindex onerror-reply | 2865 | @kwindex onerror-reply |
2810 | @item onerror-reply=@var{reply} | 2866 | @item onerror-reply=@var{reply} |
2867 | Defines the string to be returned if the @acronym{LDAP} lookup fails. | ||
2868 | The @var{reply} argument can contain the basic @command{smap} | ||
2869 | variables @samp{$db}, @samp{$map}, and @samp{$key}. | ||
2870 | |||
2871 | The default value is @samp{NOTFOUND}. | ||
2811 | @end table | 2872 | @end table |
2812 | 2873 | ||
2813 | @node sed | 2874 | @node sed |