blob: 985f59870a7ee58128313c992a18160b9d0588ca (
plain)
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
|
nss_ldap LDAP Searches
======================
The following list describes the search filters and attributes that nss_ldap
uses for each database type in /etc/nsswitch.conf
For each of the entries the search base is determined by the nss_base_...
parameter in /etc/libnss-ldap.conf.
The search filters are used when the resprective functions are called.
For brevity's sake the attributes have been given as one complete list
per database type and not as one list per each search, which whould
have been more correct.
The information contained in the list may be used to determine the required
permissions to objects and attributes in the directory for the accounts
referred to by 'binddn' and 'rootbinddn' in /etc/libnss-ldap.conf.
'rootbinddn' is used if it is set and libnss-ldap is called with effective
user id 0. In all other cases 'binddn' is used if it is set. If 'binddn is
not set the LDAP searches are done anonymously.
If 'rootbinddn' is set and has read access to the attributes marked below
as "readable by 'rootbinddn' only" while 'binddn' hasn't, then ilibnss-ldap
behaves identical compared to flat files. (i.e. 'getent shadow' returns
nothing for regular users while it returns the information wanted for
root)
The list contains only the unmapped names. If you use libnss-ldap's
attribute or objectclass mapping feature then you have to map the
names in the list to the mapped ones.
aliases
-------
* Filters:
getaliasbyname(): (&(objectclass=nisMailAlias)(cn=%s))
getaliasent(): (objectclass=nisMailAlias)
* Attributes:
cn
rfc822MailMember
bootparams
----------
* Filters:
getbootparamsbyname(): (&(objectclass=bootableDevice)(cn=%s))"
* Attributes:
cn
bootParameter
ethers
------
* Filters:
gethostton(): (&(objectclass=ieee802Device)(cn=%s))
getntohost(): (&(objectclass=ieee802Device)(macAddress=%s))
getetherent(): (objectclass=ieee802Device)
* Attributes:
cn
macAddress
group
-----
* Filters:
getgrnam(): (&(objectclass=posixGroup)(cn=%s))
getgrgid(): (&(objectclass=posixGroup)(gidNumber=%s))
getgrent(): (&(objectclass=posixGroup))
getgroupsbymemberanddn(): (&(objectclass=posixGroup)(|(memberUid=%s)(uniqueMember=%s)))
getgroupsbydn(): (&(objectclass=posixGroup)(uniqueMember=%s))
getgroupsbymember(): (&(objectclass=posixGroup)(memberUid=%s))
* Attributes:
cn
userPassword <- should be readable by 'rootbinddn' only
memberUid
uniqueMember
gidNumber
hosts
-----
* Filters:
gethostbyname(): (&(objectclass=ipHost)(cn=%s))
gethostbyaddr(): (&(objectclass=ipHost)(ipHostNumber=%s))
gethostent(): (objectclass=ipHost)
* Attributes:
cn
ipHostNumber
networks
--------
* Filters:
getnetbyname(): (&(objectclass=ipNetwork)(cn=%s))
getnetbyaddr(): (&(objectclass=ipNetwork)(ipNetworkNumber=%s))
getnetent(): (objectclass=ipNetwork)",
* Attributes:
cn
ipNetworkNumber
ipNetmaskNumber
protocols
---------
* Filters:
getprotobyname(): (&(objectclass=ipProtocol)(cn=%s))
getprotobynumber(): (&(objectclassipProtocols)(ipProtocolNumber=%s))
getprotoent(): (objectclass=ipProtocol)
* Attributes:
cn
ipProtocolNumber
passwd
------
* Filters:
getpwnam(): (&(objectclass=posixAccount)(uid=%s))
getpwuid(): (&(objectclass=posixAccount)(uidNumber=%s))
getpwent(): (objectclass=posixAccount)
* Attributes:
uid
userPassword <- should be readable by 'rootbinddn' only
uidNumber
gidNumber
cn
homeDirectory
loginShell
gecos
description
shadowLastChange <- should be readable by 'rootbinddn' only
shadowMax <- should be readable by 'rootbinddn' only
shadowExpire <- should be readable by 'rootbinddn' only
rpc
---
* Filters:
getrpcbyname(): (&(objectclass=oncRpc)(cn=%s))
getrpcbynumber(): (&(objectclass=oncRpc)(oncRpcNumber=%s))
getrpcent(): (objectclass=oncRpc)
* Attributes:
cn
oncRpcNumber
services
--------
* Filters:
getservbyname(): (&(objectclass=ipService)(cn=%s))",
getservbynameproto(): (&(objectclass=ipService)(cn=%s)(ipServiceProtocol=%s))
getservbyport(): (&(objectclass=ipService)(ipServicePort=%s))
getservbyportproto(): (&(objectclass=ipService)(ipServicePort=%s)(ipServiceProtocol=%s))
getservent(): (objectclass=ipService)
* Attributes:
cn
ipServicePort
ipServiceProtocol
shadow
------
* Filters:
getspnam(): (&(objectclass=shadowAccount)(uid=%s))
getspent(): (objectclass=shadowAccount)
* Attributes:
uid
userPassword
shadowLastChange
shadowMax
shadowMin
shadowWarning
shadowInactive
shadowExpire
shadowFlag
netgroup
--------
* Filters:
getnetgrent(): (&(objectclass=nisNetgroup)(cn=%s))
innetgr(): (&(objectclass=nisNetgroup)(memberNisNetgroup=%s))
* Attributes:
cn
nisNetgroupTriple
memberNisNetgroup
automount
---------
* Attributes:
cn
nisMapEntry
nisMapName
description
-- Peter Marschall <peter@adpm.de>
|