Skip site navigation (1)Skip section navigation (2)

FreeBSD Manual Pages

  
 
  

home | help 
SLAPO-HOMEDIR(5)	      File Formats Manual	      SLAPO-HOMEDIR(5)

NAME
       slapo-homedir - Home directory provisioning overlay

SYNOPSIS
       /usr/local/etc/openldap/slapd.conf

DESCRIPTION
       The  homedir  overlay  causes  slapd(8)	to  notice  changes  involving
       RFC-2307bis style user-objects and make appropriate changes to the  lo-
       cal  filesystem.	 This can be performed on both master and replica sys-
       tems, so	it is possible to perform remote home directory	provisioning.

CONFIGURATION
       Both slapd.conf and back-config style configuration is supported.

       overlay homedir
	      This directive adds the homedir overlay to the current database,
	      or to the	frontend, if used before any  database	instantiation;
	      see slapd.conf(5)	for details.

       homedir-skeleton-path <pathname>

       olcSkeletonPath:	pathname
	      These  options  set  the path to the skeleton account directory.
	      (Generally, /etc/skel) Files in this directory  will  be	copied
	      into  newly  created home	directories.  Copying is recursive and
	      handles symlinks and fifos, but will skip	most specials.

       homedir-min-uidnumber <user id number>

       olcMinimumUidNumber: number
	      These options configure the minimum userid to use	 in  any  home
	      directory	 attempt.   This  is a basic safety measure to prevent
	      accidentally using system	accounts.  See	REPLICATION  for  more
	      flexible options for selecting accounts.

       homedir-regexp <regexp> <path>

       olcHomedirRegexp: regexp	path
	      These  options configure a set of	regular	expressions to use for
	      matching and optionally  remapping  incoming  homeDirectory  at-
	      tribute  values  to  pathnames on	the local filesystem.  $number
	      expansion	is supported to	access values captured in parentheses.

	      For example, to accept any directory starting with home and  use
	      it verbatim on the local filesystem:

	      homedir-regexp ^(/home/[-_/a-z0-9]+)$ $1

	      To  match	 the  same set of directories, but create them instead
	      under exporthome,	as is popular on Solaris NFS servers:

	      homedir-regexp ^(/home/[-_/a-z0-9]+)$ /export$1

       homedir-delete-style style

       olcHomedirDeleteStyle: style
	      These options configure how deletes of posixAccount  entries  or
	      their  attributes	 are  handled;	valid styles are IGNORE, which
	      does nothing, and	DELETE,	which immediately performs a recursive
	      delete on	the home directory, and	ARCHIVE,  which	 archives  the
	      home  directory  contents	 in  a TAR file	for later examination.
	      The default is IGNORE.   Use  with  caution.   ARCHIVE  requires
	      homedir-archive-path  to	be set,	or it functions	similar	to IG-
	      NORE.

       homedir-archive-path <pathname>

       olcHomedirArchivePath: pathname
	      These options specify the	destination path for TAR files created
	      by the ARCHIVE delete style.

REPLICATION
       The homedir overlay can operate on either  master  or  replica  systems
       with  no	changes.  See slapd.conf(5) or slapd-config(5) for more	infor-
       mation on configure syncrepl.

       Partial replication (e.g. with filters) is especially useful  for  pro-
       viding different	provisioning options to	different sets of users.

EXAMPLE
       The  following LDIF could be used to add	this overlay to	cn=config (ad-
       just to suit)

	      dn: cn=module{0},cn=config
	      changetype: modify
	      add: olcModuleLoad
	      olcModuleLoad: homedir

	      dn: olcOverlay=homedir,olcDatabase={1}mdb,cn=config
	      changetype: add
	      objectClass: olcOverlayConfig
	      objectClass: olcHomedirConfig
	      olcOverlay: homedir
	      olcSkeletonPath: /etc/skel
	      olcMinimumUidNumber: 1000
	      olcHomedirRegexp:	^(/home/[-_/a-z0-9]+)$ /export/$1
	      olcHomedirDeleteStyle: ARCHIVE
	      olcHomedirArchivePath: /archive

BUGS
       DELETE, MOD, and	MODRDN operations that remove the unix attributes when
       delete style is set to DELETE will recursively delete the (regex	 modi-
       fied) home directory from the disk.  Please be careful when deleting or
       changing	values.

       MOD and MODRDN will correctly respond to	homeDirectory changes and per-
       form  a	non-destructive	rename() operation on the filesystem, but this
       does not	correctly retry	with a	recursive  copy	 when  moving  between
       filesystems.

       The  recursive  copy/delete/chown/tar  functions	are not	aware of ACLs,
       extended	attributes, forks, sparse files, or  hard  links.   Block  and
       character  device  archival is non-portable, but	should not be an issue
       in home directories, hopefully.

       Copying and archiving may not support files larger than	2GiB  on  some
       architectures.  Bare POSIX UStar	archives cannot	support	internal files
       larger  than  8GiB.   The current tar generator does not	attempt	to re-
       solve uid/gid into symbolic names.

       No attempt is made to try to mkdir() the	parent directories needed  for
       a given home directory or archive path.

FILES
       /usr/local/etc/openldap/slapd.conf
	      default slapd configuration file

       /etc/skel (or similar)
	      source of	new homedir files.

SEE ALSO
       slapd.conf(5), slapd-config(5), slapd(8), RFC-2307, RFC-2307bis.

ACKNOWLEDGEMENTS
       This module was written in 2009 by Emily	Backes for Symas Corporation.

OpenLDAP 2.6.9			  2024/11/26		      SLAPO-HOMEDIR(5)

Want to link to this manual page? Use this URL:
<https://man.freebsd.org/cgi/man.cgi?query=slapo-homedir&sektion=5&manpath=FreeBSD+Ports+14.3.quarterly>

home | help