2004-12-09 07:47:08 +08:00
|
|
|
.TH SLAPO-CHAIN 5 "RELEASEDATE" "OpenLDAP LDVERSION"
|
2005-01-02 04:49:32 +08:00
|
|
|
.\" Copyright 1998-2005 The OpenLDAP Foundation, All Rights Reserved.
|
2004-12-09 07:47:08 +08:00
|
|
|
.\" Copying restrictions apply. See the COPYRIGHT file.
|
|
|
|
.\" $OpenLDAP$
|
|
|
|
.SH NAME
|
|
|
|
slapo-chain \- chain overlay
|
|
|
|
.SH SYNOPSIS
|
|
|
|
ETCDIR/slapd.conf
|
|
|
|
.SH DESCRIPTION
|
|
|
|
The
|
|
|
|
.B chain
|
|
|
|
overlay to
|
|
|
|
.BR slapd (8)
|
|
|
|
allows automatic referral chasing.
|
|
|
|
Any time a referral is returned (except for bind operations),
|
|
|
|
it is chased by using an instance of the ldap backend.
|
|
|
|
If operations are performed with an identity (i.e. after a bind),
|
2005-01-24 06:11:46 +08:00
|
|
|
that identity can be asserted while chasing the referrals
|
|
|
|
by means of the \fIidentity assertion\fP feature of back-ldap
|
|
|
|
(see
|
2004-12-09 07:47:08 +08:00
|
|
|
.BR slapd-ldap (5)
|
2005-01-24 06:11:46 +08:00
|
|
|
for details), which is essentially based on the
|
2004-12-09 07:47:08 +08:00
|
|
|
.B proxyAuthz
|
|
|
|
control (see \fIdraft-weltman-ldapv3-proxy\fP for details).
|
|
|
|
|
|
|
|
.LP
|
|
|
|
The config directives that are specific to the
|
|
|
|
.B chain
|
|
|
|
overlay can be prefixed by
|
|
|
|
.BR chain\- ,
|
2005-01-24 06:11:46 +08:00
|
|
|
to avoid potential conflicts with directives specific to the underlying
|
|
|
|
database or to other stacked overlays.
|
2004-12-09 07:47:08 +08:00
|
|
|
|
|
|
|
.LP
|
|
|
|
There are no chain overlay specific directives; however, directives
|
2005-01-24 06:11:46 +08:00
|
|
|
related to the \fIldap\fP database that is implicitly instantiated
|
|
|
|
by the overlay may assume a special meaning when used in conjuction
|
|
|
|
with this overlay. They are described in
|
|
|
|
.BR slapd-ldap (5).
|
2004-12-09 07:47:08 +08:00
|
|
|
.TP
|
|
|
|
.B overlay chain
|
|
|
|
This directive adds the chain overlay to the current backend.
|
2005-01-24 06:11:46 +08:00
|
|
|
The chain overlay may be used with any backend, but it is mainly
|
|
|
|
intended for use with local storage backends that may return referrals.
|
|
|
|
It is useless in conjunction with the \fIldap\fP and \fImeta\fP backends
|
|
|
|
because they already exploit the libldap specific referral chase feature.
|
2004-12-09 07:47:08 +08:00
|
|
|
.TP
|
|
|
|
.B chain-uri <ldapuri>
|
|
|
|
This directive instructs the underlying ldap database about which
|
2005-01-24 06:11:46 +08:00
|
|
|
URI to contact to chase referrals.
|
|
|
|
If not present, the referral itself is parsed, and the protocol/host/port
|
2004-12-09 07:47:08 +08:00
|
|
|
portions are used to establish a connection.
|
|
|
|
|
|
|
|
.LP
|
2005-01-24 06:18:35 +08:00
|
|
|
Directives for configuring the underlying ldap database may also
|
2005-01-24 06:11:46 +08:00
|
|
|
be required, as shown here:
|
2004-12-09 07:47:08 +08:00
|
|
|
.LP
|
|
|
|
.RS
|
|
|
|
.nf
|
2005-01-24 06:11:46 +08:00
|
|
|
chain-idassert-method "simple"
|
|
|
|
chain-idassert-authcDN "cn=Auth,dc=example,dc=com"
|
|
|
|
chain-idassert-passwd "secret"
|
|
|
|
chain-idassert-mode "self"
|
2004-12-09 07:47:08 +08:00
|
|
|
.fi
|
|
|
|
.RE
|
|
|
|
.LP
|
|
|
|
Any valid directives for the ldap database may be used; see
|
|
|
|
.BR slapd-ldap (5)
|
|
|
|
for details.
|
|
|
|
.SH FILES
|
|
|
|
.TP
|
|
|
|
ETCDIR/slapd.conf
|
|
|
|
default slapd configuration file
|
|
|
|
.SH SEE ALSO
|
|
|
|
.BR slapd.conf (5),
|
|
|
|
.BR slapd\-ldap (5),
|
|
|
|
.BR slapd (8).
|
|
|
|
.SH AUTHOR
|
|
|
|
Originally implemented by Howard Chu.
|