1Copyright 2008 Howard Chu, Symas Corp. All rights reserved. 2 3Redistribution and use in source and binary forms, with or without 4modification, are permitted only as authorized by the OpenLDAP 5Public License. 6 7A copy of this license is available in the file LICENSE in the 8top-level directory of the distribution or, alternatively, at 9<http://www.OpenLDAP.org/license.html>. 10 11This directory contains a slapd overlay, nssov, that handles 12NSS lookup requests through a local Unix Domain socket. It uses the 13same IPC protocol as Arthur de Jong's nss-ldapd, and a complete 14copy of the nss-ldapd source is included here. 15 16To use this code, you will need the client-side stub library from 17nss-ldapd (which resides in nss-ldapd/nss). You will not need the 18nslcd daemon; this overlay replaces that part. You should already 19be familiar with the RFC2307 and RFC2307bis schema to use this 20overlay. See the nss-ldapd/README for more information on the 21schema and which features are supported. 22 23To use the overlay, add: 24 25 include <path to>nis.schema 26 27 moduleload <path to>nssov.so 28 ... 29 30 database hdb 31 ... 32 overlay nssov 33 34to your slapd configuration file. (The nis.schema file contains 35the original RFC2307 schema. Some modifications will be needed to 36use RFC2307bis.) 37 38The overlay may be configured with Service Search Descriptors (SSDs) 39for each NSS service that will be used. SSDs are configured using 40 41 nssov-svc <service> <url> 42 43where the <service> may be one of 44 alias 45 ether 46 group 47 host 48 netgroup 49 network 50 passwd 51 protocol 52 rpc 53 service 54 shadow 55 56and the <url> must be of the form 57 ldap:///[<basedn>][??[<scope>][?<filter>]] 58 59The <basedn> will default to the first suffix of the current database. 60The <scope> defaults to "subtree". The default <filter> depends on which 61service is being used. 62 63If the local database is actually a proxy to a foreign LDAP server, some 64mapping of schema may be needed. Some simple attribute substitutions may 65be performed using 66 67 nssov-map <service> <orig> <new> 68 69See the nss-ldapd/README for the original attribute names used in this code. 70 71The overlay also supports dynamic configuration in cn=config. The layout 72of the config entry is 73 74 dn: olcOverlay={0}nssov,ocDatabase={1}hdb,cn=config 75 objectClass: olcOverlayConfig 76 objectClass: olcNssOvConfig 77 olcOverlay: {0}nssov 78 olcNssSvc: passwd ldap:///ou=users,dc=example,dc=com??one 79 olcNssMap: passwd uid accountName 80 81which enables the passwd service, and uses the accountName attribute to 82fetch what is usually retrieved from the uid attribute. 83