lcmaps_ldap_enf.mod - LCMAPS plugin to update ldap according to
credentials
lcmaps_ldap_enf.mod -maxuid maxuid -maxpgid
maxpgid -maxsgid maxsgid -hostname
hostname -port port [-require_all_groups
{yes|no}] -dn_manager DN -ldap_pw
filename -sb_groups searchbase -sb_user
searchbase -timeout seconds
Ldap enforcement plugin will alter the user and group settings in
the ldap database, using the user and groups settings provided by the
credential acquisition plugins. Note that LDAP has to be used as the source
of account information for PAM or NSS and has to be RFC 2307
compliant.
- -maxuid maxuid
- Maximum number of uids to be used. Strongly advised is to set this to
1.
- -maxpgid maxpgid
- Maximum number of primary gids to be used.
- -maxsgid maxsgid
- Maximum number of (secondary) gids to be used (not including primary
group). Advised is to set this to 1.
- -hostname hostname
- The hostname on which the LDAP server is running, e.g. asen.nikhef.nl
- -port port
- The port number to which to connect, e.g. 389
- -require_all_groups {yes|no}
- Specify if all groups set by the PluginManager shall be used. Default is
'yes'.
- -dn_manager DN
- DN of the LDAP manager, e.g. "cn=Manager,dc=root"
- -ldap_pw filename
- Path to the file containing the password of the LDAP manager. Note: the
mode of the file containing the password must be read-only for root (400),
otherwise the plugin will not run.
- -sb_groups searchbase
- Search base for the (secondary) groups, e.g. "ou=LocalGroups,
dc=example, dc=com"
- -sb_user searchbase
- Search base for the user, e.g. "ou=LocalUsers, dc=example,
dc=com"
- -timeout timeout value
- timeout (in seconds) that will be applied to the ldap binding
Please report any errors to the Nikhef Grid Middleware Security
Team <grid-mw-security-support@nikhef.nl>.
lcmaps.db(5), lcmaps(3), ldap(3).
LCMAPS and the LCMAPS plug-ins were written by the Grid Middleware
Security Team <grid-mw-security@nikhef.nl>.