The ldap module provides interface to the Lightweight
Directory Access Protocol. The configuration is similar to that
of SQL modules:
LDAP parameters may be configured either globally, when loading the module, or locally, when defining a smap database. If the database definition lacks some configuration statements, it looks them up in a global definition.
Each database has a filter template and up to three smap reply templates. When dispatched a sockmap query, the database expands the filter template using the actual values of ‘${map}’ (the map name) and ‘${key}’ (the key value) and uses the obtained filter to query the LDAP server. If the server responds with a non-empty set of tuples, the positive reply template is expanded and the result is used as a response. Otherwise, if the query produced an empty set, the smap database uses the negative reply template to create the response.
The module gets its configuration from the file
/etc/ldap.conf and from module and database command line. The
settings from the command line override those from
/etc/ldap.conf. Alternative configuration file can be
specified using the config-file option.
The subsections that follow discuss the keywords meaningful for the
ldap module. Unless explicitly stated otherwise, these can
be used in the command line as well as in the configuration file. For
compatibility with other LDAP software, keywords in the
configuration file are case-insensitive. Unrecognized keywords
appearing in the configuration file are silently ignored. You can use
the ‘ldap.2’ debug level to get a listing of those. This can be
useful to trace possible typos.
Unrecognized keywords appearing in the command line are treated as errors, as usual.
The only keyword that can be used only in the command line is config-file:
Read configuration from file file instead of /etc/ldap.conf.
| • LDAP Configuration | ||
| • LDAP Filter and SMAP Replies |