Switch to SpeakEasy.net DSL

The Modular Manual Browser

Home Page
Manual: (Darwin-7.0.1-ppc)
Apropos / Subsearch:
optional field

NIGREP(1)                   General Commands Manual                  NIGREP(1)

       mkslapdconf - generate a configuration file for the LDAP server

       mkslapdconf [ -r ]

       mkslapdconf creates a configuration file suitable for the slapd(8) LDAP
       server, using the LDAP NetInfo bridge (back-netinfo). By default, it is
       invoked  in  local mode, in which a list of NetInfo domains to serve is
       determined by listing the valid databases in /var/db/netinfo.

       If the -r option is specified, then mkslapdconf  consults  the  NetInfo
       binder  daemon,  nibindd(8),  to list the NetInfo domains served by the
       local machine. In either case, a separate instance  of  the  bridge  is
       created for each domain (although they all share the same process).  In
       local mode, slapd(8) will access  the  NetInfo  database  directly;  in
       remote  mode,  it  will use the netinfo(3) client library to access the
       database via remote procedure calls (RPC).

       NetInfo has separate namespaces for domains  and  directories;  in  the
       X.500  information  model,  there is a single namespace.  NetInfo names
       are written most significant  component  to  least  significant;  X.500
       "distinguished"  names  are  usually written the other way. X.500 names
       are also case-insensitive.

       The mapping between NetInfo domains and X.500 names may  be  configured
       using  the  suffix  property in a specific host's /machines entry. Like
       the serves property, the suffix property determines the relative domain
       name  of  a  child  domain; its values must be ordered according to the
       serves property in each host entry. In the case of the  master  NetInfo
       server's host entry, the value of the suffix property at the same index
       as the "./tag" serves property will be used to  determine  the  distin-
       guished name for the root NetInfo domain.  In the absence of a specific
       mapping, the ou attribute type is used to construct a relative  distin-
       guished  name  from  the  NetInfo domain name. Note that in the present
       implementation, even if the NetInfo database is accessed directly,  the
       NetInfo  server  must still be running as the namespace is interrogated
       using NetInfo RPC.  See nicl(1) for more  information  on  how  NetInfo
       directory names are mapped to X.500 distinguished names.

       For  example,  the  NetInfo  entry  /users/alice  in the NetInfo domain
       /sales/polaris would be (with  RFC  2307  schema  mapping)  by  default
       mapped           to           the           distinguished          name

       mkslapdconf configures the LDAP bridge  to  apply  traditional  NetInfo
       authorization  policies,  as  well as the native slapd(8) authorization
       model. If the current host is not the master for a NetInfo domain, then
       the LDAP bridge will be configured for read-only access only.

       Referrals  are used to glue NetInfo domains together so that the search
       policy described in netinfo(5) is adhered to.  mkslapdconf configures a
       default  referral  for  the  immediate parent domain; child domains are
       handled by the bridge itself. The local domain is always aliased to the
       distinguished  name  dc=local, and (for one-level and subtree searches)
       the root (empty) DSE. A search with a base of  "dc=local"  or  ""  will
       consult the local NetInfo domain; search results will always be written
       relative to the canonical distinguished name for the domain, however.

       The configuration file created by  mkslapdconf  includes  the  OpenLDAP
       core,  Cosine (RFC 1274), NIS (RFC 2307) inetOrgPerson (RFC 2798), mis-
       cellaneous and Apple schema.  If you wish to add support for additional
       schema you will need to postprocess the configuration file manually.

       The  configuration file is written to the standard output.  mkslapdconf
       should be run at startup immediately before the LDAP server is started,
       but after the NetInfo server is started.

       -r     Specify  that  the  LDAP bridge will access the NetInfo database
              using the netinfo(3) RPC client library.

       # mkslapdconf > /etc/openldap/slapd.conf

       netinfo(3), netinfo(5), nibindd(8), nicl(1), nidomain(8), slapd(8)

       Luke Howard, Apple Computer, Inc.

Apple Computer, Inc.            March 21, 2001                       NIGREP(1)