Lightweight Directory Access Protocol (LDAP) is a specification for a
client-server protocol to retrieve and manage directory information.
Originally intended as a means for clients on lightweight workstations to
access X.500 directories, it can be used with any directory system which
follows the X.500 data model. The libns_ldap.so shared library contains
routines to contact a remote LDAP server daemon, fetch information, and
format it so that it is available to local name service routines. This
library is meant to be used with the nsd(1M) name service daemon only.
The library ////vvvvaaaarrrr////nnnnssss////lllliiiibbbb////lllliiiibbbbnnnnssss____llllddddaaaapppp....ssssoooo is opened by the nnnnssssdddd((((1111MMMM)))) daemon
when llllddddaaaapppp is listed as the protocol for some map in a nnnnsssssssswwwwiiiittttcccchhhh....ccccoooonnnnffff file.
On first open the library initialization procedure parses the
configuration file ////vvvvaaaarrrr////nnnnssss////llllddddaaaapppp....ccccoooonnnnffff to determine the list of servers to
contact, and the schemas for each table in the database.
The library contains code to fetch data from a remote LDAP server and
present it as lines from the configuration file from which it came. The
nsd daemon then presents that data in the filesystem mounted under /ns.
Extended attributes in the nnnnsssssssswwwwiiiittttcccchhhh....ccccoooonnnnffff file can be used to control the
behavior of the LDAP protocol. Extended attributes are simply lists of
key/value pairs attached to each object in the nsd filesystem. The
attributes supported in this library are:
ddddoooommmmaaaaiiiinnnn
The ddddoooommmmaaaaiiiinnnn is used to determine which remote LDAP server to contact
for a request. This attribute is typically inherited from the
daemon depending on the nsswitch.conf file that is being read.
ttttaaaabbbblllleeee
The ttttaaaabbbblllleeee attribute is typically inherited from the daemon based on
the line from which this entry occurs in the nsswitch.conf file. In
the above example the ttttaaaabbbblllleeee attribute would be set to hhhhoooossssttttssss....bbbbyyyynnnnaaaammmmeeee
or hhhhoooossssttttssss....bbbbyyyyaaaaddddddddrrrr depending on the context of the request. The table
attribute determines which database schema and format are used. See
the ldap.conf(4) man page for more information on schemas.
kkkkeeeeyyyy The kkkkeeeeyyyy is set by the nsd daemon for each request. The schema for
the current table typically contains a rewriting rule for the key to
make an appropriate request to the remote LDAP daemon.
ooooppppeeeennnn____ttttiiiimmmmeeeeoooouuuutttt
The ooooppppeeeennnn____ttttiiiimmmmeeeeoooouuuutttt attribute specifies the amount of time in seconds
the client will wait for a bind or connect request to be returned
from the server before giving up. The default is 2 seconds.
