lcmaps_ldap_enf.mod(8) LCMAPS plugin to update ldap according to credentials

SYNOPSIS

lcmaps_ldap_enf.mod -maxuid maxuid -maxpgid maxpgid -maxsgid maxsgid -hostname hostname -port port [-require_all_groups {yes|no}] -dn_manager DN -ldap_pw filename -sb_groups searchbase -sb_user searchbase -timeout seconds

DESCRIPTION

Ldap enforcement plugin will alter the user and group settings in the ldap database, using the user and groups settings provided by the credential acquisition plugins. Note that LDAP has to be used as the source of account information for PAM or NSS and has to be RFC~2307 compliant.

OPTIONS

-maxuid maxuid
Maximum number of uids to be used. Strongly advised is to set this to 1.
-maxpgid maxpgid
Maximum number of primary gids to be used.
-maxsgid maxsgid
Maximum number of (secondary) gids to be used (not including primary group). Advised is to set this to 1.
-hostname hostname
The hostname on which the LDAP server is running, e.g. asen.nikhef.nl
-port port
The port number to which to connect, e.g. 389
-require_all_groups {yes|no}
Specify if all groups set by the PluginManager shall be used. Default is 'yes'.
-dn_manager DN
DN of the LDAP manager, e.g. "cn=Manager,dc=root"
-ldap_pw filename
Path to the file containing the password of the LDAP manager. Note: the mode of the file containing the password must be read-only for root (400), otherwise the plugin will not run.
-sb_groups searchbase
Search base for the (secondary) groups, e.g. "ou=LocalGroups, dc=example, dc=com"
-sb_user searchbase
Search base for the user, e.g. "ou=LocalUsers, dc=example, dc=com"
-timeout timeout value
timeout (in seconds) that will be applied to the ldap binding

RETURN VALUE

LCMAPS_MOD_SUCCESS
Success.
LCMAPS_MOD_FAIL
Failure.

BUGS

Please report any errors to the Nikhef Grid Middleware Security Team <[email protected]>.

AUTHORS

LCMAPS and the LCMAPS plug-ins were written by the Grid Middleware Security Team <[email protected]>.