aboutsummaryrefslogtreecommitdiff
path: root/doc
diff options
context:
space:
mode:
authorSergey Poznyakoff <gray@gnu.org>2014-08-26 08:15:00 +0300
committerSergey Poznyakoff <gray@gnu.org>2014-08-26 08:15:00 +0300
commitc816d00f963cb8249a205e6fc484fc35428bb22b (patch)
tree3a5f275c8141da283321c12b906240e59711ed30 /doc
parent124b8aa2497703558fcebe5b10b675e1d426759d (diff)
downloadsmap-c816d00f963cb8249a205e6fc484fc35428bb22b.tar.gz
smap-c816d00f963cb8249a205e6fc484fc35428bb22b.tar.bz2
ldap: use /etc/ldap.conf by default
* NEWS: Update. * doc/smap.texi: Document the LDAP module. * modules/ldap/ldap.c (dfl_config_file): New static. (make_options): New function. (mod_ldap_init_db): Read settings from /etc/ldap.conf (or a file specified with config-file option) first. Then override them with the settings from the command line.
Diffstat (limited to 'doc')
-rw-r--r--doc/smap.texi103
1 files changed, 102 insertions, 1 deletions
diff --git a/doc/smap.texi b/doc/smap.texi
index 08af20b..4bc5325 100644
--- a/doc/smap.texi
+++ b/doc/smap.texi
@@ -113,6 +113,7 @@ Modules Shipped with Smap
* guile::
* mysql::
* postgres::
+* ldap::
* sed::
Mailutils
@@ -1661,6 +1662,7 @@ in detail in the following sections.
* guile::
* mysql::
* postgres::
+* ldap::
* sed::
@end menu
@@ -2380,7 +2382,7 @@ attempts to use a globally defined connection.
a set of @dfn{smap reply templates} to use. When dispatched a
sockmap query, the database expands the SQL query template using
the actual values of @samp{$@{map@}} (the map name) and
-@samp{$@{key@}} (the key value) and sends the expanded query to the |
+@samp{$@{key@}} (the key value) and sends the expanded query to the
MySQL server. If the server responds with a non-empty set of tuples,
the @dfn{positive reply template} is expanded and the result is used
as a response. Otherwise, if the query produced an empty set, the
@@ -2709,6 +2711,105 @@ query. The @var{template} may refer to the variables described in
Default value is @samp{NOTFOUND}.
@end table
+@node ldap
+@section ldap
+@cindex ldap module
+@cindex @acronym{LDAP}
+ The @command{ldap} module provides interface to the Lightweight
+Directory Access Protocol. The configuration is similar to that
+of SQL modules:
+
+ The @acronym{LDAP} parameters may be configured either globally, when
+loading the module, or locally, when defining a smap database. If a
+database definition lacks some configuration statements, it looks them
+up in a global definition.
+
+ Each database has a @dfn{filter template} and up to three @dfn{smap
+reply templates}. When dispatched a sockmap query, the database
+expands the filter template using the actual values of @samp{$@{map@}}
+(the map name) and @samp{$@{key@}} (the key value) and uses the
+obtained filter to query the @acronym{LDAP} server. If the server
+responds with a non-empty set of tuples, the @dfn{positive reply
+template} is expanded and the result is used as a response.
+Otherwise, if the query produced an empty set, the smap database uses
+the @dfn{negative reply template} to create the response.
+
+@menu
+* LDAP Configuration::
+* LDAP Filter and SMAP Replies::
+@end menu
+
+@node LDAP Configuration
+@subsection LDAP Configuration
+
+@flindex /etc/ldap.conf
+The @acronym{LDAP} configuration is read from the file
+@file{/etc/ldap.conf} and from module and database command line. The
+settings from the command line override those from
+@file{/etc/ldap.conf}. Alternative configuration file can be
+specified using the @option{config-file} option.
+
+@table @option
+@kwindex config-file
+@item config-file=@var{file}
+ Read configuration from file @var{file} instead of @file{/etc/ldap.conf}.
+
+@kwindex tls-cacert
+@kwindex tls_cacert
+@item tls-cacert=@var{file}
+@itemx tls_cacert=@var{file}
+ Read TLS Certificate Authority from @var{file}.
+
+@kwindex uri
+@item uri=@var{string}
+ Specifies the URI of LDAP server to connect to. Multiple URIs are
+allowed. Each URI is @samp{@var{scheme}://[@var{name}[:@var{port}]]}.
+The @var{scheme} part is one of: @samp{ldap}, meaning LDAP over TCP
+(default port 389), @samp{ldaps}, meaning LDAP over SSL (TLS) (default
+port 636), or @samp{ldapi}, meaning LDAP over UNIX socket. For
+@samp{ldap} and @samp{ldaps}, @var{name} is the host name or IP
+address of the remote server. Optional @var{port} specifies the TCP
+port to use instead of the default one. For @samp{ldapi}, @var{name}
+is the pathname of the UNIX socket and @var{port} is not used. Note,
+that directory separators must be URL-encoded (using @samp{%2F}
+instead of @samp{/}).
+
+@kwindex base
+@item base=@var{string}
+ Sets the default base DN for ldap operations. The base must be
+specified as a Distinguished Name in LDAP format.
+
+@kwindex binddn
+@item binddn=@var{dn}
+ The DN to bind as.
+
+@kwindex bindpw
+@item bindpw=@var{password}
+ Password for @code{binddn}.
+
+@kwindex bindpwfile
+@item bindpwfile=@var{file}
+ Read password from @var{file}. This is a safer alternative to
+@option{bindpw}.
+@end table
+
+@node LDAP Filter and SMAP Replies
+@subsection LDAP Filter and SMAP Replies
+
+@table @option
+@kwindex filter
+@item filter=@var{pattern}
+
+@kwindex positive-reply
+@item positive-reply=@var{reply}
+
+@kwindex negative-reply
+@item negative-reply=@var{reply}
+
+@kwindex onerror-reply
+@item onerror-reply=@var{reply}
+@end table
+
@node sed
@section Sed
@cindex sed module

Return to:

Send suggestions and report system problems to the System administrator.