mirror of
https://git.openldap.org/openldap/openldap.git
synced 2025-01-06 10:46:21 +08:00
…
|
||
---|---|---|
.. | ||
nss-ldapd | ||
alias.c | ||
ether.c | ||
group.c | ||
host.c | ||
Makefile | ||
netgroup.c | ||
network.c | ||
nssov.c | ||
nssov.h | ||
passwd.c | ||
protocol.c | ||
README | ||
rpc.c | ||
service.c | ||
shadow.c |
Copyright 2008 Howard Chu, Symas Corp. All rights reserved. Redistribution and use in source and binary forms, with or without modification, are permitted only as authorized by the OpenLDAP Public License. A copy of this license is available in the file LICENSE in the top-level directory of the distribution or, alternatively, at <http://www.OpenLDAP.org/license.html>. This directory contains a slapd overlay, nssov, that handles NSS lookup requests through a local Unix Domain socket. It uses the same IPC protocol as Arthur de Jong's nss-ldapd, and a complete copy of the nss-ldapd source is included here. To use this code, you will need the client-side stub library from nss-ldapd (which resides in nss-ldapd/nss). You will not need the nslcd daemon; this overlay replaces that part. You should already be familiar with the RFC2307 and RFC2307bis schema to use this overlay. See the nss-ldapd/README for more information on the schema and which features are supported. To use the overlay, add: include <path to>nis.schema moduleload <path to>nssov.so ... database hdb ... overlay nssov to your slapd configuration file. (The nis.schema file contains the original RFC2307 schema. Some modifications will be needed to use RFC2307bis.) The overlay may be configured with Service Search Descriptors (SSDs) for each NSS service that will be used. SSDs are configured using nssov-svc <service> <url> where the <service> may be one of alias ether group host netgroup network passwd protocol rpc service shadow and the <url> must be of the form ldap:///[<basedn>][??[<scope>][?<filter>]] The <basedn> will default to the first suffix of the current database. The <scope> defaults to "subtree". The default <filter> depends on which service is being used. If the local database is actually a proxy to a foreign LDAP server, some mapping of schema may be needed. Some simple attribute substitutions may be performed using nssov-map <service> <orig> <new> See the nss-ldapd/README for the original attribute names used in this code. The overlay also supports dynamic configuration in cn=config. The layout of the config entry is dn: olcOverlay={0}nssov,ocDatabase={1}hdb,cn=config objectClass: olcOverlayConfig objectClass: olcNssOvConfig olcOverlay: {0}nssov olcNssSvc: passwd ldap:///ou=users,dc=example,dc=com??one olcNssMap: passwd uid accountName which enables the passwd service, and uses the accountName attribute to fetch what is usually retrieved from the uid attribute.