Name

afp_ldap.conf — Configuration file used by afpd(8) to configure connections to an LDAP server

Description

afp_ldap.conf is the configuration file used by afpd to set up connections to an LDAP server. This is needed for ACL support in order to be able to query LDAP for UUIDs.

Any line not prefixed with # is interpreted.

Note

You can use afpldaptest(1) to syntactically check your config

The required parameters and their meanings are:

Parameter

ldap_uri

Specifies the LDAP URI of the server to connect to. The URI scheme may be ldap, ldapi or ldaps, specifying LDAP over TCP, ICP or TLS respectively (if supported by the LDAP library). This is only needed for explicit ACL support in order to be able to query LDAP for UUIDs.

ldap_auth_method

Authentication method: none | simple | sasl

none

anonymous LDAP bind

simple

simple LDAP bind

sasl

SASL. Not yet supported !

ldap_auth_dn

Distinguished Name of the user for simple bind.

ldap_auth_pw

Distinguished Name of the user for simple bind.

ldap_userbase

DN of the user container in LDAP.

ldap_userscope

Search scope for user search: base | one | sub

ldap_groupbase

DN of the group container in LDAP.

ldap_groupscope

Search scope for user search: base | one | sub

ldap_uuuid_attr

Name of the LDAP attribute with the UUIDs.

Note: this is used both for users and groups.

ldap_name_attr

Name of the LDAP attribute with the users short name.

ldap_group_attr

Name of the LDAP attribute with the groups short name.

Examples

Example 5.1. afp_ldap.conf setup with simple bind

ldap_uri         = ldap://somehost:1234/
ldap_auth_method = simple
ldap_auth_dn     = cn=admin,dc=domain,dc=org
ldap_auth_pw     = notthisone
ldap_userbase    = ou=users,dc=domain,dc=org
ldap_userscope   = one
ldap_groupbase   = ou=groups,dc=domain,dc=org
ldap_groupscope  = one
ldap_uuid_attr   = some_attribute
ldap_name_attr   = cn
ldap_group_attr  = cn

See also

afpd(8), AppleVolumes.default(5), afpldaptest(1)