Spec-Zone .ru
спецификации, руководства, описания, API
Spec-Zone .ru
спецификации, руководства, описания, API
Библиотека разработчика Mac Разработчик
Поиск

 

Эта страница руководства для  версии 10.9 Mac OS X

Если Вы выполняете различную версию  Mac OS X, просматриваете документацию локально:

Читать страницы руководства

Страницы руководства предназначаются как справочник для людей, уже понимающих технологию.

  • Чтобы изучить, как руководство организовано или узнать о синтаксисе команды, прочитайте страницу руководства для страниц справочника (5).

  • Для получения дополнительной информации об этой технологии, ищите другую документацию в Библиотеке Разработчика Apple.

  • Для получения общей информации о записи сценариев оболочки, считайте Shell, Пишущий сценарий Учебника для начинающих.



SLAPO-CHAIN(5)                                                                                SLAPO-CHAIN(5)



NAME
       slapo-chain - chain overlay to slapd

SYNOPSIS
       /etc/openldap/slapd.conf

DESCRIPTION
       The  chain  overlay  to  slapd(8) allows automatic referral chasing.  Any time a referral is returned
       (except for bind operations), it is chased by using an instance of the ldap backend.   If  operations
       are  performed  with an identity (i.e. after a bind), that identity can be asserted while chasing the
       referrals by means of the identity assertion feature of back-ldap (see  slapd-ldap(5)  for  details),
       which  is essentially based on the proxied authorization control [RFC 4370].  Referral chasing can be
       controlled by the client by issuing the chaining  control  (see  draft-sermersheim-ldap-chaining  for
       details.)


       The  config directives that are specific to the chain overlay are prefixed by chain-, to avoid poten-tial potential
       tial conflicts with directives specific to the underlying database or to other stacked overlays.


       There are very few chain overlay specific directives; however, directives related to the instances of
       the ldap backend that may be implicitly instantiated by the overlay may assume a special meaning when
       used in conjunction with this overlay.  They are described in slapd-ldap(5), and they also need to be
       prefixed by chain-.

       Note: this overlay is built into the ldap backend; it is not a separate module.


       overlay chain
              This  directive  adds the chain overlay to the current backend.  The chain overlay may be used
              with any backend, but it is mainly intended for use  with  local  storage  backends  that  may
              return  referrals.   It  is useless in conjunction with the slapd-ldap and slapd-meta backends
              because they already exploit the libldap specific referral chase  feature.   [Note:  this  may
              change  in  the future, as the ldap(5) and meta(5) backends might no longer chase referrals on
              their own.]

       chain-cache-uri {FALSE|true}
              This directive instructs the chain overlay to cache connections to URIs parsed out  of  refer-rals referrals
              rals that are not predefined, to be reused for later chaining.  These URIs inherit the proper-ties properties
              ties configured for the underlying slapd-ldap(5) before any occurrence of the chain-uri direc-tive; directive;
              tive; basically, they are chained anonymously.

       chain-chaining [resolve=<r>] [continuation=<c>] [critical]
              This  directive enables the chaining control (see draft-sermersheim-ldap-chaining for details)
              with the desired resolve and continuation behaviors and criticality.   The  resolve  parameter
              refers  to  the  behavior while discovering a resource, namely when accessing the object indi-cated indicated
              cated by the request DN; the continuation parameter refers  to  the  behavior  while  handling
              intermediate  responses,  which is mostly significant for the search operation, but may affect
              extended operations that return intermediate responses.  The values r and  c  can  be  any  of
              chainingPreferred,  chainingRequired,  referralsPreferred, referralsRequired.  If the critical
              flag affects the control criticality if provided.  [This control is experimental and its  sup-port support
              port may change in the future.]

       chain-max-depth <n>
              In  case  a  referral  is returned during referral chasing, further chasing occurs at most <n>
              levels deep.  Set to 1 (the default) to disable further referral chasing.

       chain-return-error {FALSE|true}
              In case referral chasing fails, the real error is returned instead of the  original  referral.
              In  case  multiple referral URIs are present, only the first error is returned.  This behavior
              may not be always appropriate nor desirable, since failures in referral chasing might be  bet-ter better
              ter resolved by the client (e.g. when caused by distributed authentication issues).

       chain-uri <ldapuri>
              This directive instantiates a new underlying ldap database and instructs it about which URI to
              contact to chase referrals.  As opposed to what stated in  slapd-ldap(5),  only  one  URI  can
              appear  after this directive; all subsequent slapd-ldap(5) directives prefixed by chain- refer
              to this specific instance of a remote server.


       Directives for configuring the underlying ldap database may also be required, as shown in this  exam-ple: example:
       ple:

              overlay                 chain
              chain-rebind-as-user    FALSE

              chain-uri               "ldap://ldap1.example.com"
              chain-rebind-as-user    TRUE
              chain-idassert-bind     bindmethod="simple"
                                      binddn="cn=Auth,dc=example,dc=com"
                                      credentials="secret"
                                      mode="self"

              chain-uri               "ldap://ldap2.example.com"
              chain-idassert-bind     bindmethod="simple"
                                      binddn="cn=Auth,dc=example,dc=com"
                                      credentials="secret"
                                      mode="none"


       Any  valid  directives  for  the  ldap database may be used; see slapd-ldap(5) for details.  Multiple
       occurrences of the chain-uri directive may appear, to define multiple "trusted" URIs where operations
       with  identity  assertion  are  chained.  All URIs not listed in the configuration are chained anony-mously. anonymously.
       mously.  All slapd-ldap(5) directives appearing before the first occurrence of chain-uri  are  inher-ited inherited
       ited by all URIs, unless specifically overridden inside each URI configuration.

FILES
       /etc/openldap/slapd.conf
              default slapd configuration file

SEE ALSO
       slapd.conf(5), slapd-config(5), slapd-ldap(5), slapd(8).

AUTHOR
       Originally implemented by Howard Chu; extended by Pierangelo Masarati.



OpenLDAP 2.4.28                                  2011/11/24                                   SLAPO-CHAIN(5)

Сообщение о проблемах

Способ сообщить о проблеме с этой страницей руководства зависит от типа проблемы:

Ошибки содержания
Ошибки отчета в содержании этой документации со ссылками на отзыв ниже.
Отчеты об ошибках
Сообщите об ошибках в функциональности описанного инструмента или API через Генератор отчетов Ошибки.
Форматирование проблем
Отчет, форматирующий ошибки в интерактивной версии этих страниц со ссылками на отзыв ниже.