NIGREP(1) NIGREP(1)
NAME
mkslapdconf - generate a configuration file for the LDAP
server
SYNOPSIS
mkslapdconf [ -r ]
DESCRIPTION
mkslapdconf creates a configuration file suitable for the
slapd(8) LDAP server, using the LDAP NetInfo bridge (back-
netinfo). By default, it is invoked in local mode, in
which a list of NetInfo domains to serve is determined by
listing the valid databases in /var/db/netinfo.
If the -r option is specified, then mkslapdconf consults
the NetInfo binder daemon, nibindd(8), to list the NetInfo
domains served by the local machine. In either case, a
separate instance of the bridge is created for each domain
(although they all share the same process). In local
mode, slapd(8) will access the NetInfo database directly;
in remote mode, it will use the netinfo(3) client library
to access the database via remote procedure calls (RPC).
NetInfo has separate namespaces for domains and directo-
ries; in the X.500 information model, there is a single
namespace. NetInfo names are written most significant
component to least significant; X.500 "distinguished"
names are usually written the other way. X.500 names are
also case-insensitive.
The mapping between NetInfo domains and X.500 names may be
configured using the suffix property in a specific host's
/machines entry. Like the serves property, the suffix
property determines the relative domain name of a child
domain; its values must be ordered according to the serves
property in each host entry. In the case of the master
NetInfo server's host entry, the value of the suffix prop-
erty at the same index as the "./tag" serves property will
be used to determine the distinguished name for the root
NetInfo domain. In the absence of a specific mapping, the
ou attribute type is used to construct a relative distin-
guished name from the NetInfo domain name. Note that in
the present implementation, even if the NetInfo database
is accessed directly, the NetInfo server must still be
running as the namespace is interrogated using NetInfo
RPC. See nicl(1) for more information on how NetInfo
directory names are mapped to X.500 distinguished names.
For example, the NetInfo entry /users/alice in the NetInfo
domain /sales/polaris would be (with RFC 2307 schema map-
ping) by default mapped to the distinguished name
uid=alice,cn=users,ou=polaris,ou=sales.
mkslapdconf configures the LDAP bridge to apply tradi-
tional NetInfo authorization policies, as well as the
native slapd(8) authorization model. If the current host
is not the master for a NetInfo domain, then the LDAP
bridge will be configured for read-only access only.
Referrals are used to glue NetInfo domains together so
that the search policy described in netinfo(5) is adhered
to. mkslapdconf configures a default referral for the
immediate parent domain; child domains are handled by the
bridge itself. The local domain is always aliased to the
distinguished name dc=local, and (for one-level and sub-
tree searches) the root (empty) DSE. A search with a base
of "dc=local" or "" will consult the local NetInfo domain;
search results will always be written relative to the
canonical distinguished name for the domain, however.
The configuration file created by mkslapdconf includes the
OpenLDAP core, Cosine (RFC 1274), NIS (RFC 2307) inetOrg-
Person (RFC 2798), miscellaneous and Apple schema. If you
wish to add support for additional schema you will need to
postprocess the configuration file manually.
The configuration file is written to the standard output.
mkslapdconf should be run at startup immediately before
the LDAP server is started, but after the NetInfo server
is started.
OPTIONS
-r Specify that the LDAP bridge will access the Net-
Info database using the netinfo(3) RPC client
library.
EXAMPLES
# mkslapdconf > /etc/openldap/slapd.conf
SEE ALSO
netinfo(3), netinfo(5), nibindd(8), nicl(1), nidomain(8),
slapd(8)
AUTHOR
Luke Howard, Apple Computer, Inc.
Apple Computer, Inc. March 21, 2001 NIGREP(1)