Chapter 2. Core Server Configuration Reference
40
2.3.1.69. nsslapd-ldapimaprootdn (Autobind Mapping for Root User)
With autobind, a system user is mapped to a Directory Server user and then automatically
authenticated to the Directory Server over a UNIX socket.
The root system user (the user with a UID of 0) is mapped to whatever Directory Server entry is
specified in the
nsslapd-ldapimaprootdn
attribute.
Parameter
Description
Entry DN
cn=config
Valid Values
Any DN
Default Value
cn=Directory Manager
Syntax
DN
Example
nsslapd-ldapimaprootdn: cn=Directory Manager
2.3.1.70. nsslapd-ldapimaptoentries (Enable Autobind Mapping for
Regular Users)
With autobind, a system user is mapped to a Directory Server user and then automatically
authenticated to the Directory Server over a UNIX socket. This mapping is automatic for root users,
but it must be enabled for regular system users through the
nsslapd-ldapimaptoentries
attribute. Setting this attribute to
on
enables mapping for regular system users to Directory Server
entries. If this attribute is not enabled, then only root users can use autobind to authenticate to the
Directory Server, and all other users connect anonymously.
The mappings themselves are configured through the
nsslapd-ldapiuidnumbertype
and
nsslapd-ldapigidnumbertype
attributes, which map Directory Server attributes to the user's UID
and GUID numbers.
Users can only connect to the server with autobind if LDAPI is enabled (
nsslapd-ldapilisten
and
nsslapd-ldapifilepath
) and autobind is enabled (
nsslapd-ldapiautobind
).
Parameter
Description
Entry DN
cn=config
Valid Values
on | off
Default Value
off
Syntax
DirectoryString
Example
nsslapd-ldapimaptoentries: on
2.3.1.71. nsslapd-ldapiuidnumbertype
Autobind can be used to authenticate system users to the server automatically and connect to the
server using a UNIX socket. To map the system user to a Directory Server user for authentication,
the system user's UID and GUID numbers must be mapped to be a Directory Server attribute. The
nsslapd-ldapiuidnumbertype
attribute points to the Directory Server attribute to map system
UIDs to user entries.
Users can only connect to the server with autobind if LDAPI is enabled (
nsslapd-ldapilisten
and
nsslapd-ldapifilepath
), autobind is enabled (
nsslapd-ldapiautobind
), and autobind
mapping is enabled for regular users (
nsslapd-ldapimaptoentries
).
Содержание 8.1
Страница 8: ...viii ...
Страница 14: ...xiv ...
Страница 16: ...2 ...
Страница 250: ...236 ...
Страница 334: ...320 ...
Страница 372: ...358 ...