mirror of
https://git.openldap.org/openldap/openldap.git
synced 2024-12-27 03:20:22 +08:00
83 lines
2.5 KiB
Plaintext
83 lines
2.5 KiB
Plaintext
Copyright 2008 Howard Chu, Symas Corp. All rights reserved.
|
|
|
|
Redistribution and use in source and binary forms, with or without
|
|
modification, are permitted only as authorized by the OpenLDAP
|
|
Public License.
|
|
|
|
A copy of this license is available in the file LICENSE in the
|
|
top-level directory of the distribution or, alternatively, at
|
|
<http://www.OpenLDAP.org/license.html>.
|
|
|
|
This directory contains a slapd overlay, nssov, that handles
|
|
NSS lookup requests through a local Unix Domain socket. It uses the
|
|
same IPC protocol as Arthur de Jong's nss-ldapd, and a complete
|
|
copy of the nss-ldapd source is included here.
|
|
|
|
To use this code, you will need the client-side stub library from
|
|
nss-ldapd (which resides in nss-ldapd/nss). You will not need the
|
|
nslcd daemon; this overlay replaces that part. You should already
|
|
be familiar with the RFC2307 and RFC2307bis schema to use this
|
|
overlay. See the nss-ldapd/README for more information on the
|
|
schema and which features are supported.
|
|
|
|
To use the overlay, add:
|
|
|
|
include <path to>nis.schema
|
|
|
|
moduleload <path to>nssov.so
|
|
...
|
|
|
|
database hdb
|
|
...
|
|
overlay nssov
|
|
|
|
to your slapd configuration file. (The nis.schema file contains
|
|
the original RFC2307 schema. Some modifications will be needed to
|
|
use RFC2307bis.)
|
|
|
|
The overlay may be configured with Service Search Descriptors (SSDs)
|
|
for each NSS service that will be used. SSDs are configured using
|
|
|
|
nssov-svc <service> <url>
|
|
|
|
where the <service> may be one of
|
|
alias
|
|
ether
|
|
group
|
|
host
|
|
netgroup
|
|
network
|
|
passwd
|
|
protocol
|
|
rpc
|
|
service
|
|
shadow
|
|
|
|
and the <url> must be of the form
|
|
ldap:///[<basedn>][??[<scope>][?<filter>]]
|
|
|
|
The <basedn> will default to the first suffix of the current database.
|
|
The <scope> defaults to "subtree". The default <filter> depends on which
|
|
service is being used.
|
|
|
|
If the local database is actually a proxy to a foreign LDAP server, some
|
|
mapping of schema may be needed. Some simple attribute substitutions may
|
|
be performed using
|
|
|
|
nssov-map <service> <orig> <new>
|
|
|
|
See the nss-ldapd/README for the original attribute names used in this code.
|
|
|
|
The overlay also supports dynamic configuration in cn=config. The layout
|
|
of the config entry is
|
|
|
|
dn: olcOverlay={0}nssov,ocDatabase={1}hdb,cn=config
|
|
objectClass: olcOverlayConfig
|
|
objectClass: olcNssOvConfig
|
|
olcOverlay: {0}nssov
|
|
olcNssSvc: passwd ldap:///ou=users,dc=example,dc=com??one
|
|
olcNssMap: passwd uid accountName
|
|
|
|
which enables the passwd service, and uses the accountName attribute to
|
|
fetch what is usually retrieved from the uid attribute.
|