GSP
Quick Navigator
Search Site

Unix VPS
A - Starter
B - Basic
C - Preferred
D - Commercial
MPS - Dedicated
Previous VPSs
* Sign Up! *

Support
Contact Us
Online Help
Handbooks
Domain Status
Man Pages

FAQ
Virtual Servers
Pricing
Billing
Technical

Network
Facilities
Connectivity
Topology Map

Miscellaneous
Server Agreement
Year 2038
Credits
 

USA Flag

 

 

Man Pages
AUTOMX_LDAP(5) automx AUTOMX_LDAP(5)

automx_ldap - automx LDAP backend configuration parameters

The automx_ldap(5) man page specifies all parameters that control access from within automx to a LDAP backend.

authzid (no default)
Specifies the SASL proxy authorization identity.
base (default: none)
Specifies the default base DN to use when performing ldap operations. The base must be specified as a Distinguished Name in LDAP format.
binddn (default: none)
Specifies the default bind DN to use when performing ldap operations. The bind DN must be specified as a Distinguished Name in LDAP format.
bindmethod (default: simple)
Specifies how authentication should take place. Valid options are either simple for a simple bind or sasl for a bind that requires SASL authentication.
bindpw (default: none)
Specifies the password used when binddn identifies itself with the LDAP server.
cacert (default: none)
Specifies the path to a file that contains all certificates of Certification Authorities automx should trust.
cert (default: none)
Specifies the path to a file that contains automx's certificate.
cipher (default: TLSv1)
See ciphers(1) for a list of valid options.
filter (default: (objectClass=*))
Specifies the search filter to select appropriate LDAP objects. The filter should conform to the string representation for search filters as defined in RFC 4515.

NOTE:

See the section “Macros and Variables” in automx.conf(5) for a list of available query macros.


host (default: ldap://127.0.0.1/)
Specifies one or more LDAP servers separated by commas as shown in the following example:

host = ldap://127.0.0.1, ldap://192.168.2.1


IMPORTANT:

Subsequent servers to the first serve only for fallback purposes, i.e. a server to the right will only be queried if the server left to it cannot be reached. If a server can be reached no further attempts will be made regardless if the query returned a result or not.


key (default: none)
Specifies the path to a file that contains automx's private key, which matches automx certificate given with cert.
reqcert (default: never)
Specifies what checks to perform on server certificates in a TLS session, if any. The <level> can be specified as one of the following keywords:
never
The client will not request or check any server certificate. This is the default setting.
allow
The server certificate is requested. If no certificate is provided, the session proceeds normally. If a bad certificate is provided, it will be ignored and the session proceeds normally.
try
The server certificate is requested. If no certificate is provided, the session proceeds normally. If a bad certificate is provided, the session is immediately terminated.
demand
These keywords are equivalent. The server certificate is requested. If no certificate is provided, or a bad certificate is provided, the session is immediately terminated.

result_attrs (default: none)
If automx finds one or more entries, the attributes specified by result_attrs are returned. If * is listed, all user attributes are returned.
saslmech (default: none)
Specifies the SASL mechanism to be used for authentication.
cram-md5
The SASL cram-md5 mechanism (see: RFC 2195) will be used to authenticate LDAP bind requests.
digest-md5
The SASL digest-md5 mechanism (see: RFC 2831) will be used to authenticate LDAP bind requests.
external
The SASL external mechanism (see: RFC 4422) will be used to authenticate LDAP bind requests.
gssapi
The SASL gssapi mechanism (see: RFC 4752) will be used to authenticate LDAP bind requests.
none
No SASL mechanism will be use to authenticate LDAP bind requests.

scope (default: sub)
Specify the scope of the search to be one of base (or exact), one (or onelevel), sub (or substree), to specify a base object, one-level, or subtree search.
usetls (default: false)
Specifies if automx should use TLS when it connects to the LDAP host.

Christian Roessner <cr@sys4.de>
Wrote the program.
Patrick Ben Koetter <p@sys4.de>
Wrote the documentation.

automx(8), automx.conf(5), automx_ldap(5), automx_script(5), automx_sql(5), automx-test(1)

This document has been placed in the public domain.
02/08/2013
Search for    or go to Top of page |  Section 5 |  Main Index

Powered by GSP Visit the GSP FreeBSD Man Page Interface.
Output converted with ManDoc.