FreeBSD Manual Pages

home | help
AUTOMX_LDAP(5)			    automx			AUTOMX_LDAP(5)

NAME
       automx_ldap - automx LDAP backend configuration parameters

DESCRIPTION
       The  automx_ldap(5)  man	page specifies all parameters that control ac-
       cess from within	automx to a LDAP backend.

PARAMETERS
       authzid (no default)
	      Specifies	the SASL proxy authorization identity.

       base (default: none)
	      Specifies	the default base DN to use when	performing ldap	opera-
	      tions. The base must be specified	as  a  Distinguished  Name  in
	      LDAP format.

       binddn (default:	none)
	      Specifies	the default bind DN to use when	performing ldap	opera-
	      tions.  The bind DN must be specified as a Distinguished Name in
	      LDAP format.

       bindmethod (default: simple)
	      Specifies	how authentication should take	place.	Valid  options
	      are  either simple for a simple bind or sasl for a bind that re-
	      quires SASL authentication.

       bindpw (default:	none)
	      Specifies	the password used when binddn identifies  itself  with
	      the LDAP server.

       cacert (default:	none)
	      Specifies	 the  path to a	file that contains all certificates of
	      Certification Authorities	automx should trust.

       cert (default: none)
	      Specifies	the path to a file that	contains automx's certificate.

       cipher (default:	TLSv1)
	      See ciphers(1) for a list	of valid options.

       filter (default:	(objectClass=*))
	      Specifies	the search filter to select appropriate	LDAP  objects.
	      The  filter  should  conform  to	the  string representation for
	      search filters as	defined	in RFC 4515.

	      NOTE:
		 See the section Macros	and Variables in automx.conf(5)	for  a
		 list of available query macros.

       host (default: ldap://127.0.0.1/)
	      Specifies	 one or	more LDAP servers separated by commas as shown
	      in the following example:

		 host =	ldap://127.0.0.1, ldap://192.168.2.1

	      IMPORTANT:
		 Subsequent servers to the first serve only for	fallback  pur-
		 poses,	i.e. a server to the right will	only be	queried	if the
		 server	 left  to  it  cannot  be  reached. If a server	can be
		 reached no further attempts will be made  regardless  if  the
		 query returned	a result or not.

       key (default: none)
	      Specifies	the path to a file that	contains automx's private key,
	      which matches automx certificate given with cert.

       reqcert (default: never)
	      Specifies	what checks to perform on server certificates in a TLS
	      session, if any. The <level> can be specified as one of the fol-
	      lowing keywords:

	      never  The  client will not request or check any server certifi-
		     cate. This	is the default setting.

	      allow  The server	certificate is requested. If no	certificate is
		     provided, the session proceeds normally. If  a  bad  cer-
		     tificate  is provided, it will be ignored and the session
		     proceeds normally.

	      try    The server	certificate is requested. If no	certificate is
		     provided, the session proceeds normally. If  a  bad  cer-
		     tificate  is  provided, the session is immediately	termi-
		     nated.

	      demand These keywords are	equivalent. The	server certificate  is
		     requested.	 If  no	certificate is provided, or a bad cer-
		     tificate is provided, the session is  immediately	termi-
		     nated.

       result_attrs (default: none)
	      If automx	finds one or more entries, the attributes specified by
	      result_attrs  are	 returned. If *	is listed, all user attributes
	      are returned.

       saslmech	(default: none)
	      Specifies	the SASL mechanism to be used for authentication.

	      cram-md5
		     The SASL cram-md5 mechanism (see: RFC 2195) will be  used
		     to	authenticate LDAP bind requests.

	      digest-md5
		     The  SASL	digest-md5  mechanism  (see: RFC 2831) will be
		     used to authenticate LDAP bind requests.

	      external
		     The SASL external mechanism (see: RFC 4422) will be  used
		     to	authenticate LDAP bind requests.

	      gssapi The SASL gssapi mechanism (see: RFC 4752) will be used to
		     authenticate LDAP bind requests.

	      none   No	 SASL  mechanism will be use to	authenticate LDAP bind
		     requests.

       scope (default: sub)
	      Specify the scope	of the search to be one	of  base  (or  exact),
	      one  (or onelevel), sub (or substree), to	specify	a base object,
	      one-level, or subtree search.

       usetls (default:	false)
	      Specifies	if automx should use TLS when it connects to the  LDAP
	      host.

AUTHORS
       Christian Roessner <cr@sys4.de>
	      Wrote the	program.

       Patrick Ben Koetter <p@sys4.de>
	      Wrote the	documentation.

SEE ALSO
       automx(8),     automx.conf(5),	  automx_ldap(5),    automx_script(5),
       automx_sql(5), automx-test(1)

COPYRIGHT
       This document has been placed in	the public domain.

				  02/08/2013			AUTOMX_LDAP(5)
Want to link to this manual page? Use this URL:
<https://man.freebsd.org/cgi/man.cgi?query=automx_ldap&sektion=5&manpath=FreeBSD+Ports+14.3.quarterly>
home | help
Header And Logo

Peripheral Links

Site Navigation

FreeBSD Manual Pages

Header And Logo

Peripheral Links

Search

Site Navigation

FreeBSD Manual Pages
