summaryrefslogtreecommitdiffabout
authorSergey Poznyakoff <gray@gnu.org.ua>2014-08-28 13:56:45 (GMT)
committer Sergey Poznyakoff <gray@gnu.org.ua>2014-08-28 13:56:45 (GMT)
commita44da19368f242cb012dd16254f4fb668cc6a891 (patch) (unidiff)
tree597ffc1bbfd247d7d7933ba0ccbcf386305bb142
parentc816d00f963cb8249a205e6fc484fc35428bb22b (diff)
downloadsmap-a44da19368f242cb012dd16254f4fb668cc6a891.tar.gz
smap-a44da19368f242cb012dd16254f4fb668cc6a891.tar.bz2
Update docs
Diffstat (more/less context) (ignore whitespace changes)
-rw-r--r--doc/smap.texi123
1 files changed, 92 insertions, 31 deletions
diff --git a/doc/smap.texi b/doc/smap.texi
index 4bc5325..cf9b56f 100644
--- a/doc/smap.texi
+++ b/doc/smap.texi
@@ -2719,8 +2719,8 @@ Default value is @samp{NOTFOUND}.
2719Directory Access Protocol. The configuration is similar to that 2719Directory Access Protocol. The configuration is similar to that
2720of SQL modules: 2720of SQL modules:
2721 2721
2722 The @acronym{LDAP} parameters may be configured either globally, when 2722 @acronym{LDAP} parameters may be configured either globally, when
2723loading the module, or locally, when defining a smap database. If a 2723loading the module, or locally, when defining a smap database. If the
2724database definition lacks some configuration statements, it looks them 2724database definition lacks some configuration statements, it looks them
2725up in a global definition. 2725up in a global definition.
2726 2726
@@ -2734,6 +2734,33 @@ template} is expanded and the result is used as a response.
2734Otherwise, if the query produced an empty set, the smap database uses 2734Otherwise, if the query produced an empty set, the smap database uses
2735the @dfn{negative reply template} to create the response. 2735the @dfn{negative reply template} to create the response.
2736 2736
2737@flindex /etc/ldap.conf
2738 The module gets its configuration from the file
2739@file{/etc/ldap.conf} and from module and database command line. The
2740settings from the command line override those from
2741@file{/etc/ldap.conf}. Alternative configuration file can be
2742specified using the @option{config-file} option.
2743The subsections that follow discuss the keywords meaningful for the
2744@command{ldap} module. Unless explicitly stated otherwise, these can
2745be used in the command line as well as in the configuration file. For
2746compatibility with other @acronym{LDAP} software, keywords in the
2747configuration file are case-insensitive. Unrecognized keywords
2748appearing in the configuration file are silently ignored. You can use
2749the @samp{ldap.2} debug level to get a listing of those. This can be
2750useful to trace possible typos.
2751
2752Unrecognized keywords appearing in the command line are treated as
2753errors, as usual.
2754
2755@kwindex config-file
2756The only keyword that can be used only in the command line is
2757@option{config-file}:
2758
2759@table @option
2760@item config-file=@var{file}
2761 Read configuration from file @var{file} instead of @file{/etc/ldap.conf}.
2762@end table
2763
2737@menu 2764@menu
2738* LDAP Configuration:: 2765* LDAP Configuration::
2739* LDAP Filter and SMAP Replies:: 2766* LDAP Filter and SMAP Replies::
@@ -2742,17 +2769,26 @@ the @dfn{negative reply template} to create the response.
2742@node LDAP Configuration 2769@node LDAP Configuration
2743@subsection LDAP Configuration 2770@subsection LDAP Configuration
2744 2771
2745@flindex /etc/ldap.conf 2772The following keywords configure access to the @acronym{LDAP} database:
2746The @acronym{LDAP} configuration is read from the file
2747@file{/etc/ldap.conf} and from module and database command line. The
2748settings from the command line override those from
2749@file{/etc/ldap.conf}. Alternative configuration file can be
2750specified using the @option{config-file} option.
2751 2773
2752@table @option 2774@table @option
2753@kwindex config-file 2775@kwindex base
2754@item config-file=@var{file} 2776@item base=@var{string}
2755 Read configuration from file @var{file} instead of @file{/etc/ldap.conf}. 2777 Sets the default base DN for ldap operations. The base must be
2778specified as a Distinguished Name in LDAP format.
2779
2780@kwindex binddn
2781@item binddn=@var{dn}
2782 The DN to bind as.
2783
2784@kwindex bindpw
2785@item bindpw=@var{password}
2786 Password for @code{binddn}.
2787
2788@kwindex bindpwfile
2789@item bindpwfile=@var{file}
2790 Read password from @var{file}. This is a safer alternative to
2791@option{bindpw}.
2756 2792
2757@kwindex tls-cacert 2793@kwindex tls-cacert
2758@kwindex tls_cacert 2794@kwindex tls_cacert
@@ -2772,42 +2808,67 @@ address of the remote server. Optional @var{port} specifies the TCP
2772port to use instead of the default one. For @samp{ldapi}, @var{name} 2808port to use instead of the default one. For @samp{ldapi}, @var{name}
2773is the pathname of the UNIX socket and @var{port} is not used. Note, 2809is the pathname of the UNIX socket and @var{port} is not used. Note,
2774that directory separators must be URL-encoded (using @samp{%2F} 2810that directory separators must be URL-encoded (using @samp{%2F}
2775instead of @samp{/}). 2811instead of @samp{/}).
2776
2777@kwindex base
2778@item base=@var{string}
2779 Sets the default base DN for ldap operations. The base must be
2780specified as a Distinguished Name in LDAP format.
2781
2782@kwindex binddn
2783@item binddn=@var{dn}
2784 The DN to bind as.
2785
2786@kwindex bindpw
2787@item bindpw=@var{password}
2788 Password for @code{binddn}.
2789
2790@kwindex bindpwfile
2791@item bindpwfile=@var{file}
2792 Read password from @var{file}. This is a safer alternative to
2793@option{bindpw}.
2794@end table 2812@end table
2795 2813
2796@node LDAP Filter and SMAP Replies 2814@node LDAP Filter and SMAP Replies
2797@subsection LDAP Filter and SMAP Replies 2815@subsection LDAP Filter and SMAP Replies
2798 2816
2817The following keywords configure @acronym{LDAP} lookups and
2818replies.
2819
2799@table @option 2820@table @option
2800@kwindex filter 2821@kwindex filter
2801@item filter=@var{pattern} 2822@item filter=@var{pattern}
2802 2823 Specifies @acronym{LDAP} filter. The @var{pattern} can use the
2824usual variables (@pxref{expansion}). For example:
2825
2826@example
2827database user ldap filter=(&(objectClass=posixAccount)(uid=$key))
2828@end example
2829
2830There is no default for this option, so it is mandatory.
2831@end table
2832
2833 Replies are configured via the following three keywords:
2834
2835@table @option
2803@kwindex positive-reply 2836@kwindex positive-reply
2804@item positive-reply=@var{reply} 2837@item positive-reply=@var{reply}
2838 Defines a positive reply string. It is used when the @acronym{LDAP}
2839lookup using the defined filter returned one or more objects. Only
2840the first returned object is used. The @var{reply} string can contain
2841the basic @command{smap} variables @samp{$db}, @samp{$map}, and
2842@samp{$key}. It can also refer to values of any attribute from the
2843returned object using the variable notation. For example:
2844
2845@example
2846positive-reply="OK $uid"
2847@end example
2848
2849@noindent
2850returns the string @samp{OK} followed by the value of the @option{uid}
2851attribute.
2852
2853The default positive reply string is @samp{OK}.
2805 2854
2806@kwindex negative-reply 2855@kwindex negative-reply
2807@item negative-reply=@var{reply} 2856@item negative-reply=@var{reply}
2808 2857
2858Defines the negative reply string, which is used when the
2859@acronym{LDAP} lookup returns empy set of objects. The @var{reply}
2860string can contain the basic @command{smap} variables @samp{$db},
2861@samp{$map}, and @samp{$key}.
2862
2863The default negative reply string is @samp{NOTFOUND}.
2864
2809@kwindex onerror-reply 2865@kwindex onerror-reply
2810@item onerror-reply=@var{reply} 2866@item onerror-reply=@var{reply}
2867Defines the string to be returned if the @acronym{LDAP} lookup fails.
2868The @var{reply} argument can contain the basic @command{smap}
2869variables @samp{$db}, @samp{$map}, and @samp{$key}.
2870
2871The default value is @samp{NOTFOUND}.
2811@end table 2872@end table
2812 2873
2813@node sed 2874@node sed

Return to:

Send suggestions and report system problems to the System administrator.