table of contents
other versions
- buster 0.10.0-2.1
AUTOMX_LDAP(5) | automx | AUTOMX_LDAP(5) |
NAME¶
automx_ldap - automx LDAP backend configuration parametersDESCRIPTION¶
The automx_ldap(5) man page specifies all parameters that control access from within automx to a LDAP backend.PARAMETERS¶
- authzid (no default)
- Specifies the SASL proxy authorization identity.
- base (default: none)
- Specifies the default base DN to use when performing ldap operations. The base must be specified as a Distinguished Name in LDAP format.
- binddn (default: none)
- Specifies the default bind DN to use when performing ldap operations. The bind DN must be specified as a Distinguished Name in LDAP format.
- bindmethod (default: simple)
- Specifies how authentication should take place. Valid options are either simple for a simple bind or sasl for a bind that requires SASL authentication.
- bindpw (default: none)
- Specifies the password used when binddn identifies itself with the LDAP server.
- cacert (default: none)
- Specifies the path to a file that contains all certificates of Certification Authorities automx should trust.
- cert (default: none)
- Specifies the path to a file that contains automx's certificate.
- cipher (default: TLSv1)
- See ciphers(1) for a list of valid options.
- filter (default: (objectClass=*))
- Specifies the search filter to select appropriate LDAP objects. The filter
should conform to the string representation for search filters as defined
in RFC 4515.
NOTE:
See the section “Macros and Variables” in
automx.conf(5) for a list of available query macros.
- host (default: ldap://127.0.0.1/)
- Specifies one or more LDAP servers separated by commas as shown in the following example:
IMPORTANT:
Subsequent servers to the first serve only for fallback
purposes, i.e. a server to the right will only be queried if the server left
to it cannot be reached. If a server can be reached no further attempts will
be made regardless if the query returned a result or not.
- key (default: none)
- Specifies the path to a file that contains automx's private key, which matches automx certificate given with cert.
- reqcert (default: never)
- Specifies what checks to perform on server certificates in a TLS session, if any. The <level> can be specified as one of the following keywords:
- never
- The client will not request or check any server certificate. This is the default setting.
- allow
- The server certificate is requested. If no certificate is provided, the session proceeds normally. If a bad certificate is provided, it will be ignored and the session proceeds normally.
- try
- The server certificate is requested. If no certificate is provided, the session proceeds normally. If a bad certificate is provided, the session is immediately terminated.
- demand
- These keywords are equivalent. The server certificate is requested. If no certificate is provided, or a bad certificate is provided, the session is immediately terminated.
- result_attrs (default: none)
- If automx finds one or more entries, the attributes specified by result_attrs are returned. If * is listed, all user attributes are returned.
- saslmech (default: none)
- Specifies the SASL mechanism to be used for authentication.
- cram-md5
- The SASL cram-md5 mechanism (see: RFC 2195) will be used to authenticate LDAP bind requests.
- digest-md5
- The SASL digest-md5 mechanism (see: RFC 2831) will be used to authenticate LDAP bind requests.
- external
- The SASL external mechanism (see: RFC 4422) will be used to authenticate LDAP bind requests.
- gssapi
- The SASL gssapi mechanism (see: RFC 4752) will be used to authenticate LDAP bind requests.
- none
- No SASL mechanism will be use to authenticate LDAP bind requests.
- scope (default: sub)
- Specify the scope of the search to be one of base (or exact), one (or onelevel), sub (or substree), to specify a base object, one-level, or subtree search.
- usetls (default: false)
- Specifies if automx should use TLS when it connects to the LDAP host.
AUTHORS¶
- Christian Roessner <cr@sys4.de>
- Wrote the program.
- Patrick Ben Koetter <p@sys4.de>
- Wrote the documentation.
SEE ALSO¶
automx(8), automx.conf(5), automx_ldap(5), automx_script(5), automx_sql(5), automx-test(1)COPYRIGHT¶
This document has been placed in the public domain.02/08/2013 |