slapd-ldap man page on OpenDarwin

Man page or keyword search:  
man Server   3202 pages
apropos Keyword Search (all sections)
Output format
OpenDarwin logo
[printable version]


       slapd-ldap - LDAP backend to slapd


       The LDAP backend to slapd(8) is not an actual database; instead it acts
       as a proxy to forward incoming requests to another LDAP	server.	 While
       processing requests it will also chase referrals, so that referrals are
       fully processed instead of being returned to the slapd client.

       These slapd.conf options apply to the LDAP backend database.  That  is,
       they  must follow a "database ldap" line and come before any subsequent
       "backend" or "database" lines.  Other database options are described in
       the slapd.conf(5) manual page.

       Note: It is strongly recommended to set
	      lastmod  off
       for  every  ldap	 and  meta  database.	This  is  because  operational
       attributes related to entry creation and	 modification  should  not  be
       used,  as  they	could  be  passed to the target servers, generating an

       uri <ldapurl>
	      LDAP server to use.  Multiple URIs can be set  in	 in  a	single
	      ldapurl  argument, resulting in the underlying library automati‐
	      cally call the first server of the list that responds, e.g.

	      uri "ldap://host/ ldap://backup-host"

	      The URI list is space- or comma-separated.

       server <hostport>
	      Obsolete option; same as `uri ldap://<hostport>/'.

       binddn <administrative DN for access control purposes>
	      DN which is used to query the target server for acl checking; it
	      should  have read access on the target server to attributes used
	      on the proxy for acl checking.  There is no risk of giving  away
	      such values; they are only used to check permissions.

       bindpw <password>
	      Password used with the bind DN above.

	      If  this	option	is  given,  the	 client's bind credentials are
	      remembered for rebinds when chasing referrals.

       suffixmassage <suffix> <massaged (remote) suffix>
	      DNs ending with <suffix> in a request are changed	 to  end  with
	      <remote suffix> before sending the request to the remote server,
	      and <remote suffix> in the results are changed back to  <suffix>
	      before returning them to the client.  The <suffix> field must be
	      defined as a valid suffix for the current database.

       map {attribute | objectclass} [<local name> | *] {<foreign name> | *}
	      Map attribute names and object classes from the  foreign	server
	      to different values on the local slapd.  The reason is that some
	      attributes might not be part of the local slapd's	 schema,  some
	      attribute	 names	might be different but serve the same purpose,
	      etc.  If local or foreign name is `*', the  name	is  preserved.
	      If local name is omitted, the foreign name is removed.  Unmapped
	      names are preseved if both local and foreign name are  `*',  and
	      removed if local name is omitted and foreign name is `*'.

	      The  rewrite options are described in the "REWRITING" section of
	      the slapd-meta(5) manual page.

       This maps the OpenLDAP objectclass `groupOfNames' to the Active	Direc‐
       tory objectclass `group':

	      map objectclass groupOfNames group

       This presents a limited attribute set from the foreign server:

	      map attribute cn *
	      map attribute sn *
	      map attribute manager *
	      map attribute description *
	      map attribute *

       These lines map cn, sn, manager, and description to themselves, and any
       other attribute gets "removed" from the object before it is sent to the
       client (or sent up to the LDAP server).	This is obviously a simplistic
       example, but you get the point.

	      default slapd configuration file

       slapd.conf(5), slapd-meta(5), slapd(8), ldap(3).


List of man pages available for OpenDarwin

Copyright (c) for man pages and the logo by the respective OS vendor.

For those who want to learn more, the polarhome community provides shell access and support.

[legal] [privacy] [GNU] [policy] [cookies] [netiquette] [sponsors] [FAQ]
Polarhome, production since 1999.
Member of Polarhome portal.
Based on Fawad Halim's script.
Vote for polarhome
Free Shell Accounts :: the biggest list on the net