From 0bb46f937b787cb29e70998de0e0d223c10898de Mon Sep 17 00:00:00 2001 From: Howard Chu Date: Wed, 1 May 2002 19:21:21 +0000 Subject: [PATCH] From Hallvard, with slight changes --- doc/man/man5/slapd-ldap.5 | 101 ++++++++++++++++++++++++++++++++++++++ 1 file changed, 101 insertions(+) create mode 100644 doc/man/man5/slapd-ldap.5 diff --git a/doc/man/man5/slapd-ldap.5 b/doc/man/man5/slapd-ldap.5 new file mode 100644 index 0000000000..e92774840d --- /dev/null +++ b/doc/man/man5/slapd-ldap.5 @@ -0,0 +1,101 @@ +.TH SLAPD-LDAP 5 "30 April 2002" "OpenLDAP LDVERSION" +.\" Copyright 1998-2002 The OpenLDAP Foundation All Rights Reserved. +.\" Copying restrictions apply. See COPYRIGHT/LICENSE. +.\" $OpenLDAP$ +.SH NAME +slapd-ldap \- LDAP backend to slapd +.SH SYNOPSIS +ETCDIR/slapd.conf +.SH DESCRIPTION +The LDAP backend to +.BR slapd (8) +is not an actual database; instead it acts as a proxy to forward incoming +requests to another LDAP server. While processing requests it will also +chase referrals, so that referrals are fully processed instead of being +returned to the slapd client. +.SH CONFIGURATION +These +.B slapd.conf +options apply to the LDAP backend database. +That is, they must follow a "database ldap" line and come before any +subsequent "backend" or "database" lines. +Other database options are described in the +.BR slapd.conf (5) +manual page. +.TP +.B uri +LDAP server to use. +.TP +.B server +Obsolete option; same as `uri ldap:///'. +.TP +.B binddn "" +DN which is used to query the target server for acl checking; it +should have read access on the target server to attributes used on the +proxy for acl checking. +There is no risk of giving away such values; they are only used to +check permissions. +.TP +.B bindpw +Password used with the bind DN above. +.TP +.B rebind-as-user +If this option is given, the client's bind credentials are remembered +for rebinds when chasing referrals. +.TP +.B suffixmassage +DNs ending with in a request are changed to end with before sending the request to the remote server, and in the results are changed back to before returning +them to the client. +The field must be defined as a valid suffix (or suffixAlias?) +for the current database; the shouldn't have already +been defined as a valid suffix or suffixAlias for the current server. +.TP +.B map "{attribute | objectclass} { | *} [ | *]" +Map attribute names and object classes from the foreign server to +different values on the local slapd. +The reason is that some attributes might not be part of the local +slapd's schema, some attribute names might be different but serve the +same purpose, etc. +If local or foreign name is `*', the name is preserved. +If foreign name is missing, the name is dropped. +Local name `*' and no foreign name means unmapped attributes are +removed, while local name = foreign name = `*' means unmapped +attributes are preserved. +.TP +.B rewrite* +The rewrite options are described in the "REWRITING" section of the +.BR slapd-meta (5) +manual page. +.SH EXAMPLES +This maps the OpenLDAP objectclass `groupOfNames' to the Active +Directory objectclass `group': +.LP +.nf + map objectclass groupOfNames group +.fi +.LP +This presents a limited a limited attribute set from the foreign +server: +.LP +.nf + map attribute cn * + map attribute sn * + map attribute manager * + map attribute description * + map attribute * +.fi +.LP +These lines map cn, sn, manager, and description to themselves, and +any other attribute gets "removed" from the object before it is sent +to the client (or sent up to the LDAP server). This is obviously a +simplistic example, but you get the point. +.SH FILES +ETCDIR/slapd.conf +.SH SEE ALSO +.BR slapd.conf (5), +.BR slapd-meta (5), +.BR slapd (8), +.BR ldap (3). + -- 2.39.5