upstream/openldap
1
0
Fork 0
mirror of https://git.openldap.org/openldap/openldap.git synced 2025-12-24 16:49:39 -05:00
Code Issues Projects Releases Packages Wiki Activity Actions

Document new bind configuration

Browse source
This commit is contained in:
Ondřej Kuzník 2017-06-14 12:37:40 +01:00 committed by Ondřej Kuzník
parent 961b600a42
commit 9d3b998abd
1 changed files with 27 additions and 18 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

45
doc/man/man5/lloadd.conf.5
View file

@ -108,7 +108,11 @@ Supported features are:
.TP
.B proxyauthz
when proxying an operation, pass the client's authorized identity using
the proxy authorization control (RFC 4370).
the proxy authorization control (RFC 4370). No control is added to the
operation if initiated by a client whose bound identity matches the identity
configured in
.B bindconf
(no normalisation of the DN is attempted).
.\" .TP
.\" .B vc
.\" when receiving a bind operation from a client, pass it onto a backend
@ -496,24 +500,22 @@ Specifies a file containing a Certificate Revocation List to be used
for verifying that certificates have not been revoked. This directive is
only valid when using GnuTLS and Mozilla NSS.
.SH GENERAL BACKEND OPTIONS
Options in this section only apply to the configuration file section
for the specified backend. They are supported by every
type of backend.
.SH BACKEND OPTIONS
Options in this section describe how the
.B lloadd
connects and authenticates to the backend servers.
It is assumed all backend servers serve the same data. On startup, the
configured connections are set up and those not dedicated to handle bind
requests are authenticated with the backend using the information in the
.B bindconf
option. The authentication configuration is shared between them.
.TP
.B backend
.B uri=ldap[s]://<hostname>[:port]
.B [retry=<retry interval in ms>]
.B [network\-timeout=<seconds>]
.B [timeout=<seconds>]
.B [bindmethod=simple|sasl]
.B [binddn=<dn>]
.B [saslmech=<mech>]
.B [authcid=<identity>]
.B [authzid=<identity>]
.B [credentials=<passwd>]
.B [realm=<realm>]
.B [secprops=<properties>]
.B [keepalive=<idle>:<probes>:<interval>]
.B [starttls=yes|critical]
.B [tls_cert=<file>]
@ -578,6 +580,14 @@ Bind request to complete. The defaults for these parameters come
from
.BR ldap.conf (5).
.B [bindmethod=simple|sasl]
.B [binddn=<dn>]
.B [saslmech=<mech>]
.B [authcid=<identity>]
.B [authzid=<identity>]
.B [credentials=<passwd>]
.B [realm=<realm>]
.B [secprops=<properties>]
A
.B bindmethod
of
@ -681,11 +691,13 @@ Here is a short example of a configuration file:
argsfile LOCALSTATEDIR/run/lloadd.args
pidfile LOCALSTATEDIR/run/lloadd.pid
backend
uri=ldap://ldap1.example.com
bindconf
bindmethod=simple
binddn=cn=test
credentials=pass
backend
uri=ldap://ldap1.example.com
numconns=3
bindconns=2
retry=5000
@ -694,9 +706,6 @@ backend
backend
uri=ldap://ldap2.example.com
bindmethod=simple
binddn=cn=test
credentials=pass
numconns=3
bindconns=2
retry=5000