Provided by: automx_0.10.0-2_all bug

NAME

       automx_ldap - automx LDAP backend configuration parameters

DESCRIPTION

       The  automx_ldap(5)  man  page  specifies  all  parameters that control access from within
       automx to a LDAP backend.

PARAMETERS

       authzid (no default)
              Specifies the SASL proxy authorization identity.

       base (default: none)
              Specifies the default base DN to use when performing ldap operations. The base must
              be specified as a Distinguished Name in LDAP format.

       binddn (default: none)
              Specifies  the  default bind DN to use when performing ldap operations. The bind DN
              must be specified as a Distinguished Name in LDAP format.

       bindmethod (default: simple)
              Specifies how authentication should take place. Valid options are either simple for
              a simple bind or sasl for a bind that requires SASL authentication.

       bindpw (default: none)
              Specifies the password used when binddn identifies itself with the LDAP server.

       cacert (default: none)
              Specifies  the  path  to  a  file  that  contains all certificates of Certification
              Authorities automx should trust.

       cert (default: none)
              Specifies the path to a file that contains automx's certificate.

       cipher (default: TLSv1)
              See ciphers(1) for a list of valid options.

       filter (default: (objectClass=*))
              Specifies the search filter to select appropriate LDAP objects. The  filter  should
              conform to the string representation for search filters as defined in RFC 4515.

              NOTE:
                 See the section “Macros and Variables” in automx.conf(5) for a list of available
                 query macros.

       host (default: ldap://127.0.0.1/)
              Specifies one or more LDAP servers separated by commas as shown  in  the  following
              example:

                 host = ldap://127.0.0.1, ldap://192.168.2.1

              IMPORTANT:
                 Subsequent  servers to the first serve only for fallback purposes, i.e. a server
                 to the right will only be queried if the server left to it cannot be reached. If
                 a server can be reached no further attempts will be made regardless if the query
                 returned a result or not.

       key (default: none)
              Specifies the path to a file that contains  automx's  private  key,  which  matches
              automx certificate given with cert.

       reqcert (default: never)
              Specifies  what  checks to perform on server certificates in a TLS session, if any.
              The <level> can be specified as one of the following keywords:

              never  The client will not request or check any server  certificate.  This  is  the
                     default setting.

              allow  The  server  certificate  is  requested.  If no certificate is provided, the
                     session proceeds normally. If a bad certificate  is  provided,  it  will  be
                     ignored and the session proceeds normally.

              try    The  server  certificate  is  requested.  If no certificate is provided, the
                     session proceeds normally. If a bad certificate is provided, the session  is
                     immediately terminated.

              demand These  keywords  are  equivalent. The server certificate is requested. If no
                     certificate is provided, or a bad certificate is provided,  the  session  is
                     immediately terminated.

       result_attrs (default: none)
              If  automx  finds one or more entries, the attributes specified by result_attrs are
              returned. If * is listed, all user attributes are returned.

       saslmech (default: none)
              Specifies the SASL mechanism to be used for authentication.

              cram-md5
                     The SASL cram-md5 mechanism (see: RFC 2195) will  be  used  to  authenticate
                     LDAP bind requests.

              digest-md5
                     The  SASL  digest-md5 mechanism (see: RFC 2831) will be used to authenticate
                     LDAP bind requests.

              external
                     The SASL external mechanism (see: RFC 4422) will  be  used  to  authenticate
                     LDAP bind requests.

              gssapi The  SASL gssapi mechanism (see: RFC 4752) will be used to authenticate LDAP
                     bind requests.

              none   No SASL mechanism will be use to authenticate LDAP bind requests.

       scope (default: sub)
              Specify the scope of the search to be one of base (or exact),  one  (or  onelevel),
              sub (or substree), to specify a base object, one-level, or subtree search.

       usetls (default: false)
              Specifies if automx should use TLS when it connects to the LDAP host.

AUTHORS

       Christian Roessner <cr@sys4.de>
              Wrote the program.

       Patrick Ben Koetter <p@sys4.de>
              Wrote the documentation.

SEE ALSO

       automx(8), automx.conf(5), automx_ldap(5), automx_script(5), automx_sql(5), automx-test(1)

COPYRIGHT

       This document has been placed in the public domain.

                                            02/08/2013                             AUTOMX_LDAP(5)