integrate remaining parts in documentation

git-svn-id: http://arthurdejong.org/svn/nss-pam-ldapd/libnss_ldapd@189 ef36b2f9-881f-0410-afb5-c4e39611909c
author: Arthur de Jong <arthur@arthurdejong.org> 2006-12-20 11:08:33 +0000
committer: Arthur de Jong <arthur@arthurdejong.org> 2006-12-20 11:08:33 +0000
commit: 1a1b9e16a632a269ea5205721b6258d70f8f69e9 (patch)
tree: a8f6b8767eb7723876a1c023a9fde0c89ff200fa /README
parent: 0d920fdba106cd8ca0dbf4fd8cfc48bd2e6be231 (diff)
1 files changed, 62 insertions, 288 deletions
diff --git a/README b/README
index c8d7d84..ecb9580 100644
--- a/README
+++ b/README
@@ -204,18 +204,70 @@ LDAP SCHEMA
 ===========
 
 nss-ldapd supports a wide range of possible LDAP schema configurations.
-Furthermore it can be customized heavily.
-
-The LDAP schema used is described in RFC 2307
-
-Compiling with -DRFC2307BIS adds rfc2307bis support, which at the moment just
-gets you support for groups with distinguished name members (instead of login
-names). A posixGroup can thus have the both memberUid and uniqueMember
+Furthermore it can be customized heavily. The LDAP schema used is described in RFC 2307.
+Groups with distinguished name members (instead of login
+names) (RFC 2307bis) is also supported. A posixGroup can thus have the both memberUid and uniqueMember
 attributes.
 
-Note that this is not the authoritative place for this kind of information.
-This section merely tries to describe the supported schemas by nss-ldapd
-implementation.
+default attributes
+------------------
+
+This paragraph describes the mapping between the NSS lookups and the LDAP
+database. The mapping may be modified by changeging the nss-ldapd.conf configuration
+file. See the nss-ldapd.conf(5) manual page for details.
+
+aliases (nisMailAlias)
+  cn                - alias name
+  rfc822MailMember  - members
+ethers (ieee802Device)
+  cn                - host name
+  macAddress        - ethernet address
+group (posixGroup)
+  cn                - group name
+  userPassword      - should be readable by rootbinddn only
+  memberUid         - members
+  uniqueMember      - members
+  gidNumber         - gid
+hosts (ipHost)
+  cn                - host name (and aliases)
+  ipHostNumber      - addresses
+netgroup (nisNetgroup)
+  cn                - netgroup name
+  nisNetgroupTriple - triplets describing netgroup entries
+  memberNisNetgroup - reference to other netgroup
+networks (ipNetwork)
+  cn                - network name
+  ipNetworkNumber   - network address
+  ipNetmaskNumber   - network netmask
+passwd (posixAccount)
+  uid               - account name
+  userPassword      - should be readable by rootbinddn only
+  uidNumber         - uid
+  gidNumber         - gid
+  cn                - gecos
+  homeDirectory     - home directory
+  loginShell        - shell
+  gecos             - gecos
+protocols (ipProtocol)
+  cn                - protocol name
+  ipProtocolNumber  - protocol number
+rpc (oncRpc)
+  cn                - rpc name
+  oncRpcNumber      - rpc number
+services (ipService)
+  cn                - service name
+  ipServicePort     - service port
+  ipServiceProtocol - service protocol
+shadow (shadowAccount)
+  uid               - use name
+  userPassword      - should be readable by rootbinddn only
+  shadowLastChange  - last change of password
+  shadowMax         - days before password may be changed
+  shadowMin         - days after which password must be changed
+  shadowWarning     - expiry warning
+  shadowInactive    - account is disabled if no passwd is changed
+  shadowExpire      - account expiration
+  shadowFlag        - reserved field
 
 using Microsoft Active Directory
 --------------------------------
@@ -224,281 +276,3 @@ When using Microsoft Active Directory server (tipically on Microsoft Windows
 2000) some changes need to be made to the nss-ldapd.conf configuration file.
 The default configuration file has some commented out attribute mappings for
 such a setup.
-
-
-
-***********************************************************
-**** sample people.ldif ***********************************
-***********************************************************
-
-dn: ou=People,dc=example,dc=com
-ou: People
-objectClass: organizationalUnit
-objectClass: top
-
-dn: cn=Local Root,ou=People,dc=example,dc=com
-cn: Local Root
-objectClass: posixAccount
-objectClass: shadowAccount
-objectClass: organizationalRole
-uid: root
-uidNumber: 0
-gidNumber: 0
-homeDirectory: /root
-
-dn: cn=Andrew Suffield,ou=People,dc=example,dc=com
-cn: Andrew Suffield
-objectClass: posixAccount
-objectClass: shadowAccount
-objectClass: inetOrgPerson
-givenName: Andrew
-sn: Suffield
-uid: asuffield
-uidNumber: 1000
-gidNumber: 5001
-homeDirectory: /home/asuffield
-loginShell: /bin/bash
-
-dn: cn=Test User,ou=People,dc=example,dc=com
-cn: Test User
-objectClass: posixAccount
-objectClass: shadowAccount
-objectClass: inetOrgPerson
-sn: User
-uid: test
-uidNumber: 1001
-gidNumber: 1001
-homeDirectory: /home/test
-
-dn: cn=Test User 2,ou=People,dc=example,dc=com
-cn: Test User 2
-objectClass: posixAccount
-objectClass: shadowAccount
-objectClass: inetOrgPerson
-sn: User
-uid: test2
-uidNumber: 1002
-gidNumber: 1002
-homeDirectory: /home/test2
-
-***********************************************************
-**** sample groups.ldif ***********************************
-***********************************************************
-
-dn: ou=Group,dc=example,dc=com
-ou: Group
-objectClass: organizationalUnit
-objectClass: top
-
-dn: cn=root,ou=Group,dc=example,dc=com
-cn: root
-objectClass: posixGroup
-objectClass: top
-gidNumber: 0
-memberUid: 0
-
-dn: cn=users,ou=Group,dc=example,dc=com
-cn: users
-objectClass: posixGroup
-objectClass: top
-gidNumber: 5000
-memberUid: asuffield
-memberUid: test
-memberUid: test2
-
-dn: cn=admin,ou=Group,dc=example,dc=com
-cn: admin
-objectClass: posixGroup
-objectClass: top
-gidNumber: 5001
-memberUid: asuffield
-
-***********************************************************
-**** LDAP Permissions *************************************
-***********************************************************
-
-nss_ldap LDAP Searches
-======================
-
-The following list describes the search filters and attributes that nss_ldap
-uses for each database type in /etc/nsswitch.conf
-
-For each of the entries the search base is determined by the nss_base_...
-parameter in /etc/libnss-ldap.conf.
-
-The search filters are used when the respective functions are called.
-
-For brevity's sake the attributes have been given as one complete list
-per database type and not as one list per each search, which would
-have been more correct.
-
-The information contained in the list may be used to determine the required
-permissions to objects and attributes in the directory for the accounts
-referred to by 'binddn' and 'rootbinddn' in /etc/libnss-ldap.conf.
-
-'rootbinddn' is used if it is set and libnss-ldap is called with effective
-user id 0. In all other cases 'binddn' is used if it is set. If 'binddn is
-not set the LDAP searches are done anonymously.
-
-If 'rootbinddn' is set and has read access to the attributes marked below
-as "readable by 'rootbinddn' only" while 'binddn' hasn't, then ilibnss-ldap
-behaves identical compared to flat files. (i.e. 'getent shadow' returns
-nothing for regular users while it returns the information wanted for 
-root)
-
-The list contains only the unmapped names. If you use libnss-ldap's
-attribute or objectclass mapping feature then you have to map the
-names in the list to the mapped ones.
-
-aliases
--------
-* Filters:
-  getaliasbyname():     (&(objectclass=nisMailAlias)(cn=%s))
-  getaliasent():        (objectclass=nisMailAlias)
-* Attributes:
-  cn
-  rfc822MailMember
-
-bootparams
-----------
-* Filters:
-  getbootparamsbyname():        (&(objectclass=bootableDevice)(cn=%s))" 
-* Attributes:
-  cn
-  bootParameter
-
-ethers
-------
-* Filters:
-  gethostton():         (&(objectclass=ieee802Device)(cn=%s))
-  getntohost():         (&(objectclass=ieee802Device)(macAddress=%s))
-  getetherent():        (objectclass=ieee802Device)
-* Attributes:
-  cn
-  macAddress
-
-group
------
-* Filters:
-  getgrnam():           (&(objectclass=posixGroup)(cn=%s))
-  getgrgid():           (&(objectclass=posixGroup)(gidNumber=%s))
-  getgrent():           (&(objectclass=posixGroup))
-  getgroupsbymemberanddn():     (&(objectclass=posixGroup)(|(memberUid=%s)(uniqueMember=%s)))
-  getgroupsbydn():      (&(objectclass=posixGroup)(uniqueMember=%s))
-  getgroupsbymember():  (&(objectclass=posixGroup)(memberUid=%s))
-* Attributes:
-  cn
-  userPassword          <- should be readable by 'rootbinddn' only
-  memberUid
-  uniqueMember
-  gidNumber
-
-hosts
------
-* Filters:
-  gethostbyname():      (&(objectclass=ipHost)(cn=%s))
-  gethostbyaddr():      (&(objectclass=ipHost)(ipHostNumber=%s))
-  gethostent():         (objectclass=ipHost)
-* Attributes:
-  cn
-  ipHostNumber
-
-networks
---------
-* Filters:
-  getnetbyname():       (&(objectclass=ipNetwork)(cn=%s))
-  getnetbyaddr():       (&(objectclass=ipNetwork)(ipNetworkNumber=%s))
-  getnetent():          (objectclass=ipNetwork)",
-* Attributes:
-  cn
-  ipNetworkNumber
-  ipNetmaskNumber
-
-protocols
----------
-* Filters:
-  getprotobyname():     (&(objectclass=ipProtocol)(cn=%s))
-  getprotobynumber():   (&(objectclassipProtocols)(ipProtocolNumber=%s))
-  getprotoent():        (objectclass=ipProtocol)
-* Attributes:
-  cn
-  ipProtocolNumber
-
-passwd
-------
-* Filters:
-  getpwnam():   (&(objectclass=posixAccount)(uid=%s))
-  getpwuid():   (&(objectclass=posixAccount)(uidNumber=%s))
-  getpwent():   (objectclass=posixAccount)
-* Attributes:
-  uid
-  userPassword          <- should be readable by 'rootbinddn' only
-  uidNumber
-  gidNumber
-  cn
-  homeDirectory
-  loginShell
-  gecos
-  description
-  shadowLastChange      <- should be readable by 'rootbinddn' only
-  shadowMax             <- should be readable by 'rootbinddn' only
-  shadowExpire          <- should be readable by 'rootbinddn' only
-
-rpc
----
-* Filters:
-  getrpcbyname():       (&(objectclass=oncRpc)(cn=%s))
-  getrpcbynumber():     (&(objectclass=oncRpc)(oncRpcNumber=%s))
-  getrpcent():          (objectclass=oncRpc)
-* Attributes:
-  cn
-  oncRpcNumber
-
-services
---------
-* Filters:
-  getservbyname():      (&(objectclass=ipService)(cn=%s))",
-  getservbynameproto(): (&(objectclass=ipService)(cn=%s)(ipServiceProtocol=%s))
-  getservbyport():      (&(objectclass=ipService)(ipServicePort=%s))
-  getservbyportproto(): (&(objectclass=ipService)(ipServicePort=%s)(ipServiceProtocol=%s))
-  getservent():         (objectclass=ipService)
-* Attributes:
-  cn
-  ipServicePort
-  ipServiceProtocol
-
-shadow
-------
-* Filters:
-  getspnam():           (&(objectclass=shadowAccount)(uid=%s))
-  getspent():           (objectclass=shadowAccount)
-* Attributes:
-  uid
-  userPassword
-  shadowLastChange
-  shadowMax
-  shadowMin
-  shadowWarning
-  shadowInactive
-  shadowExpire
-  shadowFlag
-
-netgroup
---------
-* Filters:
-  getnetgrent():        (&(objectclass=nisNetgroup)(cn=%s))
-  innetgr():            (&(objectclass=nisNetgroup)(memberNisNetgroup=%s))
-* Attributes:
-  cn
-  nisNetgroupTriple
-  memberNisNetgroup
-
-automount
----------
-* Attributes:  
-  cn
-  nisMapEntry
-  nisMapName
-  description
-
- -- Peter Marschall <peter@adpm.de>
author	Arthur de Jong <arthur@arthurdejong.org>	2006-12-20 11:08:33 +0000
committer	Arthur de Jong <arthur@arthurdejong.org>	2006-12-20 11:08:33 +0000
commit	1a1b9e16a632a269ea5205721b6258d70f8f69e9 (patch)
tree	a8f6b8767eb7723876a1c023a9fde0c89ff200fa /README
parent	0d920fdba106cd8ca0dbf4fd8cfc48bd2e6be231 (diff)