mirror of
https://git.openldap.org/openldap/openldap.git
synced 2024-12-21 03:10:25 +08:00
106 lines
3.6 KiB
Groff
106 lines
3.6 KiB
Groff
.TH SLAPO-CHAIN 5 "RELEASEDATE" "OpenLDAP LDVERSION"
|
|
.\" Copyright 1998-2005 The OpenLDAP Foundation, All Rights Reserved.
|
|
.\" Copying restrictions apply. See the COPYRIGHT file.
|
|
.\" $OpenLDAP$
|
|
.SH NAME
|
|
slapo-chain \- chain overlay
|
|
.SH SYNOPSIS
|
|
ETCDIR/slapd.conf
|
|
.SH DESCRIPTION
|
|
The
|
|
.B chain
|
|
overlay to
|
|
.BR slapd (8)
|
|
allows automatic referral chasing.
|
|
Any time a referral is returned (except for bind operations),
|
|
it is chased by using an instance of the ldap backend.
|
|
If operations are performed with an identity (i.e. after a bind),
|
|
that identity can be asserted while chasing the referrals
|
|
by means of the \fIidentity assertion\fP feature of back-ldap
|
|
(see
|
|
.BR slapd-ldap (5)
|
|
for details), which is essentially based on the
|
|
.B proxyAuthz
|
|
control (see \fIdraft-weltman-ldapv3-proxy\fP for details).
|
|
|
|
.LP
|
|
The config directives that are specific to the
|
|
.B chain
|
|
overlay can be prefixed by
|
|
.BR chain\- ,
|
|
to avoid potential conflicts with directives specific to the underlying
|
|
database or to other stacked overlays.
|
|
|
|
.LP
|
|
There are very few chain overlay specific directives; however, directives
|
|
related to the instances of the \fIldap\fP backend that may be implicitly
|
|
instantiated by the overlay may assume a special meaning when used
|
|
in conjunction with this overlay. They are described in
|
|
.BR slapd-ldap (5).
|
|
.TP
|
|
.B overlay chain
|
|
This directive adds the chain overlay to the current backend.
|
|
The chain overlay may be used with any backend, but it is mainly
|
|
intended for use with local storage backends that may return referrals.
|
|
It is useless in conjunction with the \fIslapd-ldap\fP and \fIslapd-meta\fP
|
|
backends because they already exploit the libldap specific referral chase
|
|
feature.
|
|
[Note: this may change in the future, as the \fBldap\fP(5) and
|
|
\fBmeta\fP(5) backends might no longer chase referrals on their own.]
|
|
.\".TP
|
|
.\".B chain-chaining [resolve=<r>] [continuation=<c>] [critical]
|
|
.\"This directive enables the \fIchaining\fP control
|
|
.\"(see \fIdraft-sermersheim-ldap-chaining\fP for details)
|
|
.\"with the desired resolve and continuation behaviors and criticality.
|
|
.\"The values \fBr\fP and \fBc\fP can be any of
|
|
.\".BR chainingPreferred ,
|
|
.\".BR chainingRequired ,
|
|
.\".BR referralsPreferred ,
|
|
.\".BR referralsRequired .
|
|
.\"[This control is experimental and its support may change in the future.]
|
|
.TP
|
|
.B chain-cache-uris {FALSE|true}
|
|
This directive instructs the \fIchain\fP overlay to cache
|
|
connections to URIs parsed out of referrals that are not predefined,
|
|
to be reused for later chaining.
|
|
.TP
|
|
.B chain-uri <ldapuri>
|
|
This directive instantiates a new underlying \fIldap\fP database
|
|
and instructs it about which URI to contact to chase referrals.
|
|
As opposed to what stated in \fBslapd-ldap\fP(5), only one URI
|
|
can appear after this directive.
|
|
|
|
.LP
|
|
Directives for configuring the underlying ldap database may also
|
|
be required, as shown here:
|
|
.LP
|
|
.RS
|
|
.nf
|
|
chain-idassert-bind bindmethod="simple"
|
|
binddn="cn=Auth,dc=example,dc=com"
|
|
credentials="secret"
|
|
mode="self"
|
|
.fi
|
|
.RE
|
|
.LP
|
|
Any valid directives for the ldap database may be used; see
|
|
.BR slapd-ldap (5)
|
|
for details.
|
|
Multiple occurrences of the \fBchain-uri\fP directive may appear,
|
|
to define multiple "trusted" URIs where operations with
|
|
\fIidentity assertion\fP are chained.
|
|
All URIs not listed in the configuration are chained anonymously.
|
|
All \fBslapd-ldap\fP(5) directives appearing before the first
|
|
occurrence of \fBchain-uri\fP are shared among all operations,
|
|
unless specifically overridden inside each URI configuration.
|
|
.SH FILES
|
|
.TP
|
|
ETCDIR/slapd.conf
|
|
default slapd configuration file
|
|
.SH SEE ALSO
|
|
.BR slapd.conf (5),
|
|
.BR slapd\-ldap (5),
|
|
.BR slapd (8).
|
|
.SH AUTHOR
|
|
Originally implemented by Howard Chu; extended by Pierangelo Masarati.
|