bionic (8) lcmaps_ldap_enf.mod.8.gz

Provided by: lcmaps-plugins-basic-ldap_1.7.1-1_amd64 bug

NAME
       lcmaps_ldap_enf.mod - LCMAPS plugin to update ldap according to credentials


SYNOPSIS
       lcmaps_ldap_enf.mod  -maxuid  maxuid  -maxpgid  maxpgid  -maxsgid  maxsgid  -hostname hostname -port port
       [-require_all_groups {yes|no}] -dn_manager DN -ldap_pw filename -sb_groups searchbase -sb_user searchbase
       -timeout seconds


DESCRIPTION
       Ldap  enforcement  plugin will alter the user and group settings in the ldap database, using the user and
       groups settings provided by the credential acquisition plugins.  Note that LDAP has to  be  used  as  the
       source of account information for PAM or NSS and has to be RFC 2307 compliant.


OPTIONS
       -maxuid maxuid
              Maximum number of uids to be used. Strongly advised is to set this to 1.

       -maxpgid maxpgid
              Maximum number of primary gids to be used.

       -maxsgid maxsgid
              Maximum  number  of  (secondary)  gids to be used (not including primary group). Advised is to set
              this to 1.

       -hostname hostname
              The hostname on which the LDAP server is running, e.g. asen.nikhef.nl

       -port port
              The port number to which to connect, e.g. 389

       -require_all_groups {yes|no}
              Specify if all groups set by the PluginManager shall be used. Default is 'yes'.

       -dn_manager DN
              DN of the LDAP manager, e.g. "cn=Manager,dc=root"

       -ldap_pw filename
              Path to the file containing the password of  the  LDAP  manager.   Note:  the  mode  of  the  file
              containing the password must be read-only for root (400), otherwise the plugin will not run.

       -sb_groups searchbase
              Search base for the (secondary) groups, e.g. "ou=LocalGroups, dc=example, dc=com"

       -sb_user searchbase
              Search base for the user, e.g. "ou=LocalUsers, dc=example, dc=com"

       -timeout timeout value
              timeout (in seconds) that will be applied to the ldap binding


RETURN VALUE
       LCMAPS_MOD_SUCCESS
              Success.

       LCMAPS_MOD_FAIL
              Failure.


BUGS
       Please   report   any   errors   to   the   Nikhef   Grid  Middleware  Security  Team  <grid-mw-security-
       support@nikhef.nl>.


SEE ALSO
       lcmaps.db(5), lcmaps(3), ldap(3).


AUTHORS
       LCMAPS  and  the  LCMAPS  plug-ins  were  written  by  the  Grid  Middleware  Security   Team   <grid-mw-
       security@nikhef.nl>.

                                                 March 22, 2011                           LCMAPS_LDAP_ENF.MOD(8)