/*
- $Id: ldap.c,v 1.2 2009-11-27 15:16:26 franklahm Exp $
+ $Id: ldap.c,v 1.3 2009-11-28 10:03:01 franklahm Exp $
Copyright (c) 2008,2009 Frank Lahm <franklahm@gmail.com>
This program is free software; you can redistribute it and/or modify
char *ldap_auth_dn;
char *ldap_auth_pw;
char *ldap_userbase;
+int ldap_userscope;
char *ldap_groupbase;
+int ldap_groupscope;
char *ldap_uuid_attr;
char *ldap_name_attr;
char *ldap_group_attr;
{&ldap_auth_dn, "ldap_auth_dn", 0, 0, 0},
{&ldap_auth_pw, "ldap_auth_pw", 0, 0, 0},
{&ldap_userbase, "ldap_userbase", 0, 0, -1},
+ {&ldap_userscope}, "ldap_userscope", 1 ,1, -1},
{&ldap_groupbase, "ldap_groupbase", 0, 0, -1},
+ {&ldap_groupscope},"ldap_groupscope", 1 ,1, -1},
{&ldap_uuid_attr, "ldap_uuid_attr", 0, 0, -1},
{&ldap_name_attr, "ldap_name_attr", 0, 0, -1},
{&ldap_group_attr, "ldap_group_attr", 0, 0, -1},
{"ldap_auth_method", "none", LDAP_AUTH_NONE},
{"ldap_auth_method", "simple", LDAP_AUTH_SIMPLE},
{"ldap_auth_method", "sasl", LDAP_AUTH_SASL},
+ {"ldap_userscope", "base", LDAP_SCOPE_BASE},
+ {"ldap_userscope", "one", LDAP_SCOPE_ONELEVEL},
+ {"ldap_userscope", "sub", LDAP_SCOPE_SUBTREE},
{NULL, NULL, 0}
};
}
if (type == UUID_GROUP) {
- ret = ldap_getattr_fromfilter_withbase_scope( ldap_groupbase, filter, attributes, LDAP_SCOPE_ONELEVEL, KEEPALIVE, uuid_string);
+ ret = ldap_getattr_fromfilter_withbase_scope( ldap_groupbase, filter, attributes, ldap_userscope, KEEPALIVE, uuid_string);
} else { /* type hopefully == UUID_USER */
- ret = ldap_getattr_fromfilter_withbase_scope( ldap_userbase, filter, attributes, LDAP_SCOPE_ONELEVEL, 0, uuid_string);
+ ret = ldap_getattr_fromfilter_withbase_scope( ldap_userbase, filter, attributes, ldap_groupscope, 0, uuid_string);
}
return ret;
}
}
/* search groups first. group acls are probably used more often */
attributes[0] = ldap_group_attr;
- ret = ldap_getattr_fromfilter_withbase_scope( ldap_groupbase, filter, attributes, LDAP_SCOPE_ONELEVEL, KEEPALIVE, name);
+ ret = ldap_getattr_fromfilter_withbase_scope( ldap_groupbase, filter, attributes, ldap_groupscope, KEEPALIVE, name);
if (ret == 0) {
*type = UUID_GROUP;
return 0;
}
attributes[0] = ldap_name_attr;
- ret = ldap_getattr_fromfilter_withbase_scope( ldap_userbase, filter, attributes, LDAP_SCOPE_ONELEVEL, 0, name);
+ ret = ldap_getattr_fromfilter_withbase_scope( ldap_userbase, filter, attributes, ldap_userscope, 0, name);
if (ret == 0) {
*type = UUID_USER;
return 0;
+'\" t
.\" Title: afp_ldap.conf
.\" Author: [FIXME: author] [see http://docbook.sf.net/el/author]
-.\" Generator: DocBook XSL Stylesheets v1.74.0 <http://docbook.sf.net/>
-.\" Date: 31-01-2009
-.\" Manual: Netatalk 2.0 Manual
-.\" Source: :NETATALK_VERSION:
+.\" Generator: DocBook XSL Stylesheets v1.74.3 <http://docbook.sf.net/>
+.\" Date: 28 November 2009
+.\" Manual: Netatalk 2.1
+.\" Source: Netatalk 2.1
.\" Language: English
.\"
-.TH "LDAP\&.CONF" "5" "31-01-2009" ":NETATALK_VERSION:" "Netatalk 2.0 Manual"
-.\" -----------------------------------------------------------------
-.\" * (re)Define some macros
-.\" -----------------------------------------------------------------
-.\" ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
-.\" BB/BE - put background/screen (filled box) around block of text
-.\" ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
-.de BB
-.if t \{\
-.sp -.5
-.br
-.in +2n
-.ll -2n
-.gcolor red
-.di BX
-.\}
-..
-.de EB
-.if t \{\
-.if "\\$2"adjust-for-leading-newline" \{\
-.sp -1
-.\}
-.br
-.di
-.in
-.ll
-.gcolor
-.nr BW \\n(.lu-\\n(.i
-.nr BH \\n(dn+.5v
-.ne \\n(BHu+.5v
-.ie "\\$2"adjust-for-leading-newline" \{\
-\M[\\$1]\h'1n'\v'+.5v'\D'P \\n(BWu 0 0 \\n(BHu -\\n(BWu 0 0 -\\n(BHu'\M[]
-.\}
-.el \{\
-\M[\\$1]\h'1n'\v'-.5v'\D'P \\n(BWu 0 0 \\n(BHu -\\n(BWu 0 0 -\\n(BHu'\M[]
-.\}
-.in 0
-.sp -.5v
-.nf
-.BX
-.in
-.sp .5v
-.fi
-.\}
-..
-.\" ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
-.\" BM/EM - put colored marker in margin next to block of text
-.\" ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
-.de BM
-.if t \{\
-.br
-.ll -2n
-.gcolor red
-.di BX
-.\}
-..
-.de EM
-.if t \{\
-.br
-.di
-.ll
-.gcolor
-.nr BH \\n(dn
-.ne \\n(BHu
-\M[\\$1]\D'P -.75n 0 0 \\n(BHu -(\\n[.i]u - \\n(INu - .75n) 0 0 -\\n(BHu'\M[]
-.in 0
-.nf
-.BX
-.in
-.fi
-.\}
-..
+.TH "AFP_LDAP\&.CONF" "5" "28 November 2009" "Netatalk 2.1" "Netatalk 2.1"
.\" -----------------------------------------------------------------
.\" * set default formatting
.\" -----------------------------------------------------------------
.\" -----------------------------------------------------------------
.\" * MAIN CONTENT STARTS HERE *
.\" -----------------------------------------------------------------
-.SH "Name"
+.SH "NAME"
afp_ldap.conf \- Configuration file used by afpd(8) to configure a LDAP connection to an LDAP server\&. That is needed for ACL support in order to be able to query LDAP for UUIDs\&.
-.SH "Description"
+.SH "DESCRIPTION"
.PP
-\FC:ETCDIR:/ldap\&.conf\F[]
+:ETCDIR:/afp_ldap\&.conf
is the configuration file used by
\fBafpd\fR
to set up an LDAP connection to an LDAP server\&.
.sp
.\}
.RS 4
-.BM yellow
.it 1 an-trap
.nr an-no-space-flag 1
.nr an-break-flag 1
\fBafpldaptest\fR(1)
to syntactically check your config
.sp .5v
-.EM yellow
.RE
The required parameters and their meanings are:
-.SH "Parameter"
+.SH "PARAMETER"
.PP
ldap_server
.RS 4
.PP
ldap_auth_method
.RS 4
-<none|simple|sasl>
+Authentication method:
+\fBnone | simple | sasl\fR
.PP
none
.RS 4
.sp
.RE
.PP
+ldap_userscobe
+.RS 4
+Search scope for user search:
+\fBbase | one | sub\fR
+.sp
+.RE
+.PP
ldap_groupbase
.RS 4
DN of the group container in LDAP\&.
.sp
.RE
.PP
+ldap_groupscope
+.RS 4
+Search scope for user search:
+\fBbase | one |\ \&sub\fR
+.sp
+.RE
+.PP
ldap_uuuid_attr
.RS 4
Name of the LDAP attribute with the UUIDs\&.
Name of the LDAP attribute with the groups short name\&.
.sp
.RE
-.SH "Examples"
+.SH "EXAMPLES"
.PP
\fBExample.\ \&afp_ldap.conf setup with simple bind\fR
.sp
.if n \{\
.RS 4
.\}
-.fam C
-.ps -1
.nf
-.BB lightgray
ldap_server = localhost
ldap_auth_method = simple
ldap_auth_dn = cn=admin,dc=domain,dc=org
ldap_auth_pw = notthisone
ldap_userbase = ou=users,dc=domain,dc=org
+ldap_userscobe = one
ldap_groupbase = ou=groups,dc=domain,dc=org
+ldap_groupscope = one
ldap_uuid_attr = some_attribute
ldap_name_attr = cn
ldap_group_attr = cn
-.EB lightgray
.fi
-.fam
-.ps +1
.if n \{\
.RE
.\}
-.SH "See also"
+.SH "SEE ALSO"
.PP
\fBafpd\fR(8),
\fBAppleVolumes.default\fR(5),\fBafpldaptest\fR(1)