Install Now
lcmaps_ldap_enf.mod - LCMAPS plugin to update ldap according to credentials
Contents
Bugs
Please report any errors to the Nikhef Grid Middleware Security Team <grid-mw-security-
support@nikhef.nl>.
Description
Ldap enforcement plugin will alter the user and group settings in the ldap database, using the user and
groups settings provided by the credential acquisition plugins. Note that LDAP has to be used as the
source of account information for PAM or NSS and has to be RFC 2307 compliant.
Name
lcmaps_ldap_enf.mod - LCMAPS plugin to update ldap according to credentials
Options
-maxuidmaxuid
Maximum number of uids to be used. Strongly advised is to set this to 1.
-maxpgidmaxpgid
Maximum number of primary gids to be used.
-maxsgidmaxsgid
Maximum number of (secondary) gids to be used (not including primary group). Advised is to set
this to 1.
-hostnamehostname
The hostname on which the LDAP server is running, e.g. asen.nikhef.nl
-portport
The port number to which to connect, e.g. 389
-require_all_groups {yes|no}
Specify if all groups set by the PluginManager shall be used. Default is 'yes'.
-dn_managerDN
DN of the LDAP manager, e.g. "cn=Manager,dc=root"
-ldap_pwfilename
Path to the file containing the password of the LDAP manager. Note: the mode of the file
containing the password must be read-only for root (400), otherwise the plugin will not run.
-sb_groupssearchbase
Search base for the (secondary) groups, e.g. "ou=LocalGroups, dc=example, dc=com"
-sb_usersearchbase
Search base for the user, e.g. "ou=LocalUsers, dc=example, dc=com"
-timeouttimeoutvalue
timeout (in seconds) that will be applied to the ldap binding
Return Value
LCMAPS_MOD_SUCCESS
Success.
LCMAPS_MOD_FAIL
Failure.
See Also
lcmaps.db(5), lcmaps(3), ldap(3).
Synopsis
lcmaps_ldap_enf.mod-maxuidmaxuid-maxpgidmaxpgid-maxsgidmaxsgid-hostnamehostname-portport
[-require_all_groups {yes|no}] -dn_managerDN-ldap_pwfilename-sb_groupssearchbase-sb_usersearchbase-timeoutseconds
Emojis
PNG Icons
SVG Icons