diff options
author | Sergey Poznyakoff <gray@gnu.org> | 2014-08-26 08:15:00 +0300 |
---|---|---|
committer | Sergey Poznyakoff <gray@gnu.org> | 2014-08-26 08:15:00 +0300 |
commit | c816d00f963cb8249a205e6fc484fc35428bb22b (patch) | |
tree | 3a5f275c8141da283321c12b906240e59711ed30 /doc | |
parent | 124b8aa2497703558fcebe5b10b675e1d426759d (diff) | |
download | smap-c816d00f963cb8249a205e6fc484fc35428bb22b.tar.gz smap-c816d00f963cb8249a205e6fc484fc35428bb22b.tar.bz2 |
ldap: use /etc/ldap.conf by default
* NEWS: Update.
* doc/smap.texi: Document the LDAP module.
* modules/ldap/ldap.c (dfl_config_file): New static.
(make_options): New function.
(mod_ldap_init_db): Read settings from /etc/ldap.conf
(or a file specified with config-file option) first.
Then override them with the settings from the command
line.
Diffstat (limited to 'doc')
-rw-r--r-- | doc/smap.texi | 103 |
1 files changed, 102 insertions, 1 deletions
diff --git a/doc/smap.texi b/doc/smap.texi index 08af20b..4bc5325 100644 --- a/doc/smap.texi +++ b/doc/smap.texi @@ -113,6 +113,7 @@ Modules Shipped with Smap * guile:: * mysql:: * postgres:: +* ldap:: * sed:: Mailutils @@ -1661,6 +1662,7 @@ in detail in the following sections. * guile:: * mysql:: * postgres:: +* ldap:: * sed:: @end menu @@ -2380,7 +2382,7 @@ attempts to use a globally defined connection. a set of @dfn{smap reply templates} to use. When dispatched a sockmap query, the database expands the SQL query template using the actual values of @samp{$@{map@}} (the map name) and -@samp{$@{key@}} (the key value) and sends the expanded query to the | +@samp{$@{key@}} (the key value) and sends the expanded query to the MySQL server. If the server responds with a non-empty set of tuples, the @dfn{positive reply template} is expanded and the result is used as a response. Otherwise, if the query produced an empty set, the @@ -2709,6 +2711,105 @@ query. The @var{template} may refer to the variables described in Default value is @samp{NOTFOUND}. @end table +@node ldap +@section ldap +@cindex ldap module +@cindex @acronym{LDAP} + The @command{ldap} module provides interface to the Lightweight +Directory Access Protocol. The configuration is similar to that +of SQL modules: + + The @acronym{LDAP} parameters may be configured either globally, when +loading the module, or locally, when defining a smap database. If a +database definition lacks some configuration statements, it looks them +up in a global definition. + + Each database has a @dfn{filter template} and up to three @dfn{smap +reply templates}. When dispatched a sockmap query, the database +expands the filter template using the actual values of @samp{$@{map@}} +(the map name) and @samp{$@{key@}} (the key value) and uses the +obtained filter to query the @acronym{LDAP} server. If the server +responds with a non-empty set of tuples, the @dfn{positive reply +template} is expanded and the result is used as a response. +Otherwise, if the query produced an empty set, the smap database uses +the @dfn{negative reply template} to create the response. + +@menu +* LDAP Configuration:: +* LDAP Filter and SMAP Replies:: +@end menu + +@node LDAP Configuration +@subsection LDAP Configuration + +@flindex /etc/ldap.conf +The @acronym{LDAP} configuration is read from the file +@file{/etc/ldap.conf} and from module and database command line. The +settings from the command line override those from +@file{/etc/ldap.conf}. Alternative configuration file can be +specified using the @option{config-file} option. + +@table @option +@kwindex config-file +@item config-file=@var{file} + Read configuration from file @var{file} instead of @file{/etc/ldap.conf}. + +@kwindex tls-cacert +@kwindex tls_cacert +@item tls-cacert=@var{file} +@itemx tls_cacert=@var{file} + Read TLS Certificate Authority from @var{file}. + +@kwindex uri +@item uri=@var{string} + Specifies the URI of LDAP server to connect to. Multiple URIs are +allowed. Each URI is @samp{@var{scheme}://[@var{name}[:@var{port}]]}. +The @var{scheme} part is one of: @samp{ldap}, meaning LDAP over TCP +(default port 389), @samp{ldaps}, meaning LDAP over SSL (TLS) (default +port 636), or @samp{ldapi}, meaning LDAP over UNIX socket. For +@samp{ldap} and @samp{ldaps}, @var{name} is the host name or IP +address of the remote server. Optional @var{port} specifies the TCP +port to use instead of the default one. For @samp{ldapi}, @var{name} +is the pathname of the UNIX socket and @var{port} is not used. Note, +that directory separators must be URL-encoded (using @samp{%2F} +instead of @samp{/}). + +@kwindex base +@item base=@var{string} + Sets the default base DN for ldap operations. The base must be +specified as a Distinguished Name in LDAP format. + +@kwindex binddn +@item binddn=@var{dn} + The DN to bind as. + +@kwindex bindpw +@item bindpw=@var{password} + Password for @code{binddn}. + +@kwindex bindpwfile +@item bindpwfile=@var{file} + Read password from @var{file}. This is a safer alternative to +@option{bindpw}. +@end table + +@node LDAP Filter and SMAP Replies +@subsection LDAP Filter and SMAP Replies + +@table @option +@kwindex filter +@item filter=@var{pattern} + +@kwindex positive-reply +@item positive-reply=@var{reply} + +@kwindex negative-reply +@item negative-reply=@var{reply} + +@kwindex onerror-reply +@item onerror-reply=@var{reply} +@end table + @node sed @section Sed @cindex sed module |