From eac5616ac2b6f38a202f1038f8e9eedbfeb2fda5 Mon Sep 17 00:00:00 2001 From: Arthur de Jong Date: Mon, 31 Aug 2009 21:46:01 +0000 Subject: rename configfile to /etc/nslcd.conf and make debian packaging copy the file to the new name on upgrade git-svn-id: http://arthurdejong.org/svn/nss-pam-ldapd/nss-ldapd@980 ef36b2f9-881f-0410-afb5-c4e39611909c --- man/Makefile.am | 4 +- man/nslcd.8.xml | 8 +- man/nslcd.conf.5.xml | 719 +++++++++++++++++++++++++++++++++++++++++++++++ man/nss-ldapd.conf.5.xml | 719 ----------------------------------------------- man/pam_ldap.8.xml | 6 +- 5 files changed, 728 insertions(+), 728 deletions(-) create mode 100644 man/nslcd.conf.5.xml delete mode 100644 man/nss-ldapd.conf.5.xml (limited to 'man') diff --git a/man/Makefile.am b/man/Makefile.am index 43ab2da..361d1da 100644 --- a/man/Makefile.am +++ b/man/Makefile.am @@ -17,9 +17,9 @@ # Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA # 02110-1301 USA -dist_man_MANS = nss-ldapd.conf.5 nslcd.8 +dist_man_MANS = nslcd.conf.5 nslcd.8 -EXTRA_DIST = nss-ldapd.conf.5.xml nslcd.8.xml pam_ldap.8.xml +EXTRA_DIST = nslcd.conf.5.xml nslcd.8.xml pam_ldap.8.xml # ensure that the pam_ldap manpage is always built but only installed # if the PAM module is built diff --git a/man/nslcd.8.xml b/man/nslcd.8.xml index 25fad86..1cdfa5b 100644 --- a/man/nslcd.8.xml +++ b/man/nslcd.8.xml @@ -64,7 +64,7 @@ nslcd is configured through a configuration file - (see nss-ldapd.conf5). + (see nslcd.conf5). See the included README for information on configuring the LDAP server. @@ -114,15 +114,15 @@ Files - /etc/nss-ldapd.conf - the configuration file - (see nss-ldapd.conf5) + /etc/nslcd.conf - the configuration file + (see nslcd.conf5) See Also - nss-ldapd.conf5 + nslcd.conf5 diff --git a/man/nslcd.conf.5.xml b/man/nslcd.conf.5.xml new file mode 100644 index 0000000..8619c43 --- /dev/null +++ b/man/nslcd.conf.5.xml @@ -0,0 +1,719 @@ + + + + + + + + + + Arthur + de Jong + + + + + nslcd.conf + 5 + Version 0.6.11 + System Manager's Manual + Jul 2009 + + + + nslcd.conf + configuration file for LDAP nameservice daemon + + + + Description + + The nss-pam-ldapd package allows LDAP + directory servers to be used as a primary source of name service + information. (Name service information typically includes users, hosts, + groups, and other such data historically stored in flat files or + NIS.) + + + The file nslcd.conf contains the + configuration information for running nslcd (see + nslcd8). + The file contains options, one on each line, defining the way + NSS lookups are mapped onto + LDAP lookups. + + + + + Options + + + Runtime options + + + + NUM + + + Specifies the number of threads to start that can handle requests + and perform LDAP queries. + The default is to start 5 threads. + + + + + + UID + + + This specifies which user id with which the daemon should be run. + This can be a numerical id or a symbolic value. + If no uid is specified no attempt to change the user will be made. + Note that you should use values that don't need LDAP + to resolve. + + + + + + GID + + + This specifies which group id with which the daemon should be run. + This can be a numerical id or a symbolic value. + If no gid is specified no attempt to change the group will be made. + Note that you should use values that don't need LDAP + to resolve. + + + + + + + + + General connection options + + + + URI + + + Specifies the LDAP URI of the + server to connect to. + The URI scheme may be ldap, + ldapi or ldaps, specifying + LDAP over TCP, + ICP or SSL respectively (if + supported by the LDAP library). + Alternatively, the value DNS may be + used to try to lookup the server using DNS + SRV records. + + + When using the ldapi scheme, %2f should be used to escape slashes + (e.g. ldapi://%2fvar%2frun%2fslapd%2fldapi/), although most of the + time this should not be needed. + + + This option may be specified multiple times. Normally, only the first + server will be used with the following servers as fall-back (see + below). + + + If LDAP lookups are used for host name resolution, + any host names should be specified as an IP address or name that can be + resolved without using LDAP. + + + + + + VERSION + + + Specifies the version of the LDAP protocol to use. + The default is to use the maximum version supported by the + LDAP library. + + + + + DN + + + Specifies the distinguished name with which to bind to the directory + server for lookups. + The default is to bind anonymously. + + + + + + PASSWORD + + + Specifies the clear text credentials with which to bind. + This option is only applicable when used with above. + If you set this option you should consider changing the permissions + of the nslcd.conf file to only grant access to + the root user. + + + + + + + + + + + + Kerberos authentication options + + + + NAME + + + Set the name for the GSS-API Kerberos credentials cache. + + + + + + + + + Search/mapping options + + + + + MAP + DN + + + Specifies the base distinguished name (DN) + to use as search base. + This option may be supplied multiple times and all specified bases + will be searched. + + + A global search base may be specified or a MAP-specific one. + If no MAP-specific search bases are defined the global ones are used. + + + If, instead of a DN, the value + DOMAIN is specified, the host's + DNS domain is used to construct a search base. + + + If this value is not defined an attempt is made to look it up + in the configured LDAP server. Note that if the + LDAP server is unavailable during start-up + nslcd will not start. + + + + + + + MAP + subtree|onelevel|base + + + Specifies the search scope (subtree, one level or base object). + The default scope is subtree; base scope is almost never useful for + name service lookups. + + + + + + never|searching|finding|always + + + Specifies the policy for dereferencing aliases. + The default policy is to never dereference aliases. + + + + + + yes|no + + + Specifies whether automatic referral chasing should be enabled. + The default behaviour is to chase referrals. + + + + + + + MAP + FILTER + + + The FILTER + is an LDAP search filter to use for a + specific map. + The default filter is a basic search on the + objectClass for the map (e.g. (objectClass=posixAccount)). + + + + + + + MAP + ATTRIBUTE + NEWATTRIBUTE + + + This option allows for custom attributes to be looked up instead of + the default RFC 2307 attributes. + The MAP may be one of + the supported maps below. + The ATTRIBUTE is the one as + used in RFC 2307 (e.g. userPassword, + ipProtocolNumber or macAddress). + The NEWATTRIBUTE may be any attribute + as it is available in the directory. + + + + + + + + + + + + Timing/reconnect options + + + + SECONDS + + + Specifies the time limit (in seconds) to use when connecting to the + directory server. + This is distinct from the time limit specified in + and affects the setup of the connection only. + Note that not all LDAP client libraries have support + for setting the connection time out. + The default is 30 seconds. + + + + + + SECONDS + + + Specifies the time limit (in seconds) to wait for a response from the + LDAP server. + A value of zero (0), which is the default, is to wait indefinitely for + searches to be completed. + + + + + + SECONDS + + + Specifies the period if inactivity (in seconds) after which the + connection to the LDAP server will be closed. + The default is not to time out connections. + + + + + + SECONDS + + + Specifies the number of seconds to sleep when connecting to all + LDAP servers fails. + By default 1 second is waited between the first failure and the first + retry. + + + + + + SECONDS + + + Specified the time after the last successful operation from which the + LDAP server is considered permanently unavailable. + Retries will be done only once in this time period. + The default value is 30 seconds. + + + + + + + + Note that the reconnect logic as described above is the mechanism that + is used between nslcd and the LDAP + server. The mechanism between the NSS client library + and nslcd is simpler with a fixed compiled-in + time out of a 10 seconds for writing to nslcd and + a time out of 60 seconds for reading answers. + nslcd itself has a read time out of 0.5 seconds + and a write time out of 60 seconds. + + + + + + <acronym>SSL</acronym>/<acronym>TLS</acronym> options + + + + on|off|start_tls + + + Specifies whether to use SSL/TLS or not (the default is not to). If + start_tls + is specified then StartTLS is used rather than raw LDAP over SSL. + Not all LDAP client libraries support both SSL, + StartTLS and all related configuration options. + + + + + + never|allow|try|demand|hard + + + Specifies what checks to perform on a server-supplied certificate. + The meaning of the values is described in the + ldap.conf5 + manual page. + At least one of and + is required if peer verification is + enabled. + + + + + + PATH + + + Specifies the directory containing X.509 certificates for peer + authentication. + + + + + + PATH + + + Specifies the path to the X.509 certificate for peer authentication. + + + + + + PATH + + + Specifies the path to an entropy source. + + + + + + CIPHERS + + + Specifies the ciphers to use for TLS. + See your TLS implementation's + documentation for further information. + + + + + + PATH + + + Specifies the path to the file containing the local certificate for + client TLS authentication. + + + + + + PATH + + + Specifies the path to the file containing the private key for client + TLS authentication. + + + + + + + + + Other options + + + + + + NUMBER + + + Set this to a number greater than 0 to request paged results from + the LDAP server in accordance with RFC2696. + The default (0) is to not request paged results. + + + This is useful for LDAP servers that contain a + lot of entries (e.g. more than 500) and limit the number of entries + that are returned with one request. + For OpenLDAP servers you may need to set + + for allowing more entries to be returned over multiple pages. + + + + + + + + + + + Supported maps + + The following maps are supported. They are referenced as + MAP in the options above. + + + + aliases + + Mail aliases. + Note that most mail servers do not use the NSS + interface for requesting mail aliases and parse + /etc/aliases on their own. + + + + ethers + Ethernet numbers (mac addresses). + + + group + Posix groups. + + + hosts + Host names. + + + netgroup + Host and user groups used for access control. + + + networks + Network numbers. + + + passwd + Posix users. + + + protocols + Protocol definitions (like in /etc/protocols). + + + rpc + Remote procedure call names and numbers. + + + services + Network service names and numbers. + + + shadow + Shadow user password information. + + + + + + Files + + + /etc/nslcd.conf + the main configuration file + + + /etc/nsswitch.conf + Name Service Switch configuration file + + + + + + See Also + + nslcd8, + nsswitch.conf5 + + + + + Author + This manual was written by Arthur de Jong <arthur@arthurdejong.org> + and is based on the + nss_ldap5 + manual developed by PADL Software Pty Ltd. + + + diff --git a/man/nss-ldapd.conf.5.xml b/man/nss-ldapd.conf.5.xml deleted file mode 100644 index bb6da8b..0000000 --- a/man/nss-ldapd.conf.5.xml +++ /dev/null @@ -1,719 +0,0 @@ - - - - - - - - - - Arthur - de Jong - - - - - nss-ldapd.conf - 5 - Version 0.6.11 - System Manager's Manual - Jul 2009 - - - - nss-ldapd.conf - configuration file for LDAP nameservice provider - - - - Description - - The nss-ldapd module allows LDAP - directory servers to be used as a primary source of name service - information. (Name service information typically includes users, hosts, - groups, and other such data historically stored in flat files or - NIS.) - - - The file nss-ldapd.conf contains the - configuration information for running nslcd (see - nslcd8). - The file contains options, one on each line, defining the way - NSS lookups are mapped onto - LDAP lookups. - - - - - Options - - - Runtime options - - - - NUM - - - Specifies the number of threads to start that can handle requests - and perform LDAP queries. - The default is to start 5 threads. - - - - - - UID - - - This specifies which user id with which the daemon should be run. - This can be a numerical id or a symbolic value. - If no uid is specified no attempt to change the user will be made. - Note that you should use values that don't need LDAP - to resolve. - - - - - - GID - - - This specifies which group id with which the daemon should be run. - This can be a numerical id or a symbolic value. - If no gid is specified no attempt to change the group will be made. - Note that you should use values that don't need LDAP - to resolve. - - - - - - - - - General connection options - - - - URI - - - Specifies the LDAP URI of the - server to connect to. - The URI scheme may be ldap, - ldapi or ldaps, specifying - LDAP over TCP, - ICP or SSL respectively (if - supported by the LDAP library). - Alternatively, the value DNS may be - used to try to lookup the server using DNS - SRV records. - - - When using the ldapi scheme, %2f should be used to escape slashes - (e.g. ldapi://%2fvar%2frun%2fslapd%2fldapi/), although most of the - time this should not be needed. - - - This option may be specified multiple times. Normally, only the first - server will be used with the following servers as fall-back (see - below). - - - If LDAP lookups are used for host name resolution, - any host names should be specified as an IP address or name that can be - resolved without using LDAP. - - - - - - VERSION - - - Specifies the version of the LDAP protocol to use. - The default is to use the maximum version supported by the - LDAP library. - - - - - DN - - - Specifies the distinguished name with which to bind to the directory - server for lookups. - The default is to bind anonymously. - - - - - - PASSWORD - - - Specifies the clear text credentials with which to bind. - This option is only applicable when used with above. - If you set this option you should consider changing the permissions - of the nss-ldapd.conf file to only grant access to - the root user. - - - - - - - - - - - - Kerberos authentication options - - - - NAME - - - Set the name for the GSS-API Kerberos credentials cache. - - - - - - - - - Search/mapping options - - - - - MAP - DN - - - Specifies the base distinguished name (DN) - to use as search base. - This option may be supplied multiple times and all specified bases - will be searched. - - - A global search base may be specified or a MAP-specific one. - If no MAP-specific search bases are defined the global ones are used. - - - If, instead of a DN, the value - DOMAIN is specified, the host's - DNS domain is used to construct a search base. - - - If this value is not defined an attempt is made to look it up - in the configured LDAP server. Note that if the - LDAP server is unavailable during start-up - nslcd will not start. - - - - - - - MAP - subtree|onelevel|base - - - Specifies the search scope (subtree, one level or base object). - The default scope is subtree; base scope is almost never useful for - name service lookups. - - - - - - never|searching|finding|always - - - Specifies the policy for dereferencing aliases. - The default policy is to never dereference aliases. - - - - - - yes|no - - - Specifies whether automatic referral chasing should be enabled. - The default behaviour is to chase referrals. - - - - - - - MAP - FILTER - - - The FILTER - is an LDAP search filter to use for a - specific map. - The default filter is a basic search on the - objectClass for the map (e.g. (objectClass=posixAccount)). - - - - - - - MAP - ATTRIBUTE - NEWATTRIBUTE - - - This option allows for custom attributes to be looked up instead of - the default RFC 2307 attributes. - The MAP may be one of - the supported maps below. - The ATTRIBUTE is the one as - used in RFC 2307 (e.g. userPassword, - ipProtocolNumber or macAddress). - The NEWATTRIBUTE may be any attribute - as it is available in the directory. - - - - - - - - - - - - Timing/reconnect options - - - - SECONDS - - - Specifies the time limit (in seconds) to use when connecting to the - directory server. - This is distinct from the time limit specified in - and affects the setup of the connection only. - Note that not all LDAP client libraries have support - for setting the connection time out. - The default is 30 seconds. - - - - - - SECONDS - - - Specifies the time limit (in seconds) to wait for a response from the - LDAP server. - A value of zero (0), which is the default, is to wait indefinitely for - searches to be completed. - - - - - - SECONDS - - - Specifies the period if inactivity (in seconds) after which the - connection to the LDAP server will be closed. - The default is not to time out connections. - - - - - - SECONDS - - - Specifies the number of seconds to sleep when connecting to all - LDAP servers fails. - By default 1 second is waited between the first failure and the first - retry. - - - - - - SECONDS - - - Specified the time after the last successful operation from which the - LDAP server is considered permanently unavailable. - Retries will be done only once in this time period. - The default value is 30 seconds. - - - - - - - - Note that the reconnect logic as described above is the mechanism that - is used between nslcd and the LDAP - server. The mechanism between the NSS client library - and nslcd is simpler with a fixed compiled-in - time out of a 10 seconds for writing to nslcd and - a time out of 60 seconds for reading answers. - nslcd itself has a read time out of 0.5 seconds - and a write time out of 60 seconds. - - - - - - <acronym>SSL</acronym>/<acronym>TLS</acronym> options - - - - on|off|start_tls - - - Specifies whether to use SSL/TLS or not (the default is not to). If - start_tls - is specified then StartTLS is used rather than raw LDAP over SSL. - Not all LDAP client libraries support both SSL, - StartTLS and all related configuration options. - - - - - - never|allow|try|demand|hard - - - Specifies what checks to perform on a server-supplied certificate. - The meaning of the values is described in the - ldap.conf5 - manual page. - At least one of and - is required if peer verification is - enabled. - - - - - - PATH - - - Specifies the directory containing X.509 certificates for peer - authentication. - - - - - - PATH - - - Specifies the path to the X.509 certificate for peer authentication. - - - - - - PATH - - - Specifies the path to an entropy source. - - - - - - CIPHERS - - - Specifies the ciphers to use for TLS. - See your TLS implementation's - documentation for further information. - - - - - - PATH - - - Specifies the path to the file containing the local certificate for - client TLS authentication. - - - - - - PATH - - - Specifies the path to the file containing the private key for client - TLS authentication. - - - - - - - - - Other options - - - - - - NUMBER - - - Set this to a number greater than 0 to request paged results from - the LDAP server in accordance with RFC2696. - The default (0) is to not request paged results. - - - This is useful for LDAP servers that contain a - lot of entries (e.g. more than 500) and limit the number of entries - that are returned with one request. - For OpenLDAP servers you may need to set - - for allowing more entries to be returned over multiple pages. - - - - - - - - - - - Supported maps - - The following maps are supported. They are referenced as - MAP in the options above. - - - - aliases - - Mail aliases. - Note that most mail servers do not use the NSS - interface for requesting mail aliases and parse - /etc/aliases on their own. - - - - ethers - Ethernet numbers (mac addresses). - - - group - Posix groups. - - - hosts - Host names. - - - netgroup - Host and user groups used for access control. - - - networks - Network numbers. - - - passwd - Posix users. - - - protocols - Protocol definitions (like in /etc/protocols). - - - rpc - Remote procedure call names and numbers. - - - services - Network service names and numbers. - - - shadow - Shadow user password information. - - - - - - Files - - - /etc/nss-ldapd.conf - the main configuration file - - - /etc/nsswitch.conf - Name Service Switch configuration file - - - - - - See Also - - nslcd8, - nsswitch.conf5 - - - - - Author - This manual was written by Arthur de Jong <arthur@arthurdejong.org> - and is based on the - nss_ldap5 - manual developed by PADL Software Pty Ltd. - - - diff --git a/man/pam_ldap.8.xml b/man/pam_ldap.8.xml index a157dfa..5708560 100644 --- a/man/pam_ldap.8.xml +++ b/man/pam_ldap.8.xml @@ -165,10 +165,10 @@ the main PAM configuration file - /etc/nss-ldapd.conf + /etc/nslcd.conf The configuration file for the nslcd daemon - (see nss-ldapd.conf5) + (see nslcd.conf5) @@ -179,7 +179,7 @@ pam.conf5, nslcd8, - nss-ldapd.conf5 + nslcd.conf5 -- cgit v1.2.3