LDAP client configuration files

OpenLDAP

The default OpenLDAP client configuration file is located in /etc/ldap.conf. Most of the file is comment, a shortened version looks like this:

# This is the configuration file for the LDAP nameservice
# switch library and the LDAP PAM module.
#

# Your LDAP server. Must be resolvable without using LDAP.
host 192.168.1.23

# The distinguished name of the search base.
base dc=somewhere,dc=org

# The distinguished name to bind to the server with.
# Optional: default is to bind anonymously.
#binddn cn=proxyuser,dc=example,dc=com

# The credentials to bind with. 
# Optional: default is no credential.
#bindpw secret

# The distinguished name to bind to the server with
# if the effective user ID is root. Password is
# stored in /etc/ldap.secret (mode 600)
rootbinddn cn=Manager,dc=somewhere,dc=org

# The port.
# Optional: default is 389.
#port 389

# The search scope.
#scope sub
#scope one
#scope base

# RFC2307bis naming contexts
# Syntax:
# nss_base_XXX          base?scope?filter
# where scope is {base,one,sub}
# and filter is a filter to be &'d with the
# default filter.
# You can omit the suffix eg:
# nss_base_passwd       ou=People,
# to append the default base DN but this
# may incur a small performance impact.
nss_base_passwd	ou=People,dc=somewhere,dc=org?one
nss_base_shadow	ou=People,dc=somewhere,dc=org?one
nss_base_group		ou=Group,dc=somewhere,dc=org?one
nss_base_hosts		ou=Hosts,dc=somewhere,dc=org?one
nss_base_services	ou=Services,dc=somewhere,dc=org?one
nss_base_networks	ou=Networks,dc=somewhere,dc=org?one
nss_base_protocols	ou=Protocols,dc=somewhere,dc=org?one
nss_base_rpc		ou=Rpc,dc=somewhere,dc=org?one
nss_base_ethers	ou=Ethers,dc=somewhere,dc=org?one
nss_base_netmasks	ou=Networks,dc=somewhere,dc=org?ne
nss_base_bootparams	ou=Ethers,dc=somewhere,dc=org?one
nss_base_aliases	ou=Aliases,dc=somewhere,dc=org?one
nss_base_netgroup	ou=Netgroup,dc=somewhere,dc=org?one

# attribute/objectclass mapping
# Syntax:
nss_map_attribute	rfc2307attribute	mapped_attribute
nss_map_objectclass	rfc2307objectclass	mapped_objectclass

# Client certificate and key
# Use these, if your server requires client authentication.
#tls_cert
#tls_key
ssl no
pam_password md5

The next sections and chapters will clarify the meaning of these entries.

iPlanet/SunONE

On a typical Solaris LDAP client you will find a /var/ldap/ldap_client_file holding the information about which server(s) to contact and what authentication method to use:

# Do not edit this file manually; your changes will be lost.
# Please use ldapclient (1M) instead.
#
NS_LDAP_FILE_VERSION= 2.0
NS_LDAP_SERVERS= 10.2.10.84
NS_LDAP_SEARCH_BASEDN= dc=somenet,dc=be
NS_LDAP_AUTH= simple
NS_LDAP_SEARCH_REF= FALSE
NS_LDAP_SEARCH_TIME= 30
NS_LDAP_SERVER_PREF= 10.2.10.84
NS_LDAP_CACHETTL= 3600
NS_LDAP_PROFILE= europe
NS_LDAP_CREDENTIAL_LEVEL= proxy
NS_LDAP_SERVICE_SEARCH_DESC= passwd:ou=people,dc=somenet,dc=be
NS_LDAP_SERVICE_SEARCH_DESC= group:ou=group,dc=somenet,dc=be

The meaning of these entries will be clarified in the next sections and chapters.