Skip site navigation (1)Skip section navigation (2)

FreeBSD Manual Pages

  
 
  

home | help
AUTOMX_LDAP(5)			    automx			AUTOMX_LDAP(5)

NAME
       automx_ldap - automx LDAP backend configuration parameters

DESCRIPTION
       The  automx_ldap(5)  man	page specifies all parameters that control ac-
       cess from within	automx to a LDAP backend.

PARAMETERS
       authzid (no default)
	      Specifies	the SASL proxy authorization identity.

       base (default: none)
	      Specifies	the default base DN to use when	performing ldap	opera-
	      tions.  The  base	 must  be specified as a Distinguished Name in
	      LDAP format.

       binddn (default:	none)
	      Specifies	the default bind DN to use when	performing ldap	opera-
	      tions.  The bind DN must be specified as a Distinguished Name in
	      LDAP format.

       bindmethod (default: simple)
	      Specifies	how authentication should take	place.	Valid  options
	      are  either simple for a simple bind or sasl for a bind that re-
	      quires SASL authentication.

       bindpw (default:	none)
	      Specifies	the password used when binddn identifies  itself  with
	      the LDAP server.

       cacert (default:	none)
	      Specifies	 the  path to a	file that contains all certificates of
	      Certification Authorities	automx should trust.

       cert (default: none)
	      Specifies	the path to a file that	contains automx's certificate.

       cipher (default:	TLSv1)
	      See ciphers(1) for a list	of valid options.

       filter (default:	(objectClass=*))
	      Specifies	the search filter to select appropriate	LDAP  objects.
	      The  filter  should  conform  to	the  string representation for
	      search filters as	defined	in RFC 4515.

	      NOTE:
		 See the section aMacros and Variablesa	in automx.conf(5)  for
		 a list	of available query macros.

       host (default: ldap://127.0.0.1/)
	      Specifies	 one or	more LDAP servers separated by commas as shown
	      in the following example:

		 host =	ldap://127.0.0.1, ldap://192.168.2.1

	      IMPORTANT:
		 Subsequent servers to the first serve only for	fallback  pur-
		 poses,	i.e. a server to the right will	only be	queried	if the
		 server	left to	it cannot be  reached.	If  a  server  can  be
		 reached  no  further  attempts	will be	made regardless	if the
		 query returned	a result or not.

       key (default: none)
	      Specifies	the path to a file that	contains automx's private key,
	      which matches automx certificate given with cert.

       reqcert (default: never)
	      Specifies	what checks to perform on server certificates in a TLS
	      session, if any. The <level> can be specified as one of the fol-
	      lowing keywords:

	      never  The  client will not request or check any server certifi-
		     cate. This	is the default setting.

	      allow  The server	certificate is requested. If no	certificate is
		     provided,	the  session  proceeds normally. If a bad cer-
		     tificate is provided, it will be ignored and the  session
		     proceeds normally.

	      try    The server	certificate is requested. If no	certificate is
		     provided, the session proceeds normally. If  a  bad  cer-
		     tificate  is  provided, the session is immediately	termi-
		     nated.

	      demand These keywords are	equivalent. The	server certificate  is
		     requested.	 If  no	certificate is provided, or a bad cer-
		     tificate is provided, the session is  immediately	termi-
		     nated.

       result_attrs (default: none)
	      If automx	finds one or more entries, the attributes specified by
	      result_attrs are returned. If * is listed, all  user  attributes
	      are returned.

       saslmech	(default: none)
	      Specifies	the SASL mechanism to be used for authentication.

	      cram-md5
		     The  SASL cram-md5	mechanism (see:	RFC 2195) will be used
		     to	authenticate LDAP bind requests.

	      digest-md5
		     The SASL digest-md5 mechanism (see:  RFC  2831)  will  be
		     used to authenticate LDAP bind requests.

	      external
		     The  SASL external	mechanism (see:	RFC 4422) will be used
		     to	authenticate LDAP bind requests.

	      gssapi The SASL gssapi mechanism (see: RFC 4752) will be used to
		     authenticate LDAP bind requests.

	      none   No	 SASL  mechanism will be use to	authenticate LDAP bind
		     requests.

       scope (default: sub)
	      Specify the scope	of the search to be one	of  base  (or  exact),
	      one  (or onelevel), sub (or substree), to	specify	a base object,
	      one-level, or subtree search.

       usetls (default:	false)
	      Specifies	if automx should use TLS when it connects to the  LDAP
	      host.

AUTHORS
       Christian Roessner <cr@sys4.de>
	      Wrote the	program.

       Patrick Ben Koetter <p@sys4.de>
	      Wrote the	documentation.

SEE ALSO
       automx(8),     automx.conf(5),	  automx_ldap(5),    automx_script(5),
       automx_sql(5), automx-test(1)

COPYRIGHT
       This document has been placed in	the public domain.

				  02/08/2013			AUTOMX_LDAP(5)

NAME | DESCRIPTION | PARAMETERS | AUTHORS | SEE ALSO | COPYRIGHT

Want to link to this manual page? Use this URL:
<https://www.freebsd.org/cgi/man.cgi?query=automx_ldap&sektion=5&manpath=FreeBSD+12.2-RELEASE+and+Ports>

home | help