Путеводитель по Руководству Linux
  User  |  Syst  |  Libr  |  Device  |  Files  |  Other  |  Admin  |  Head  |


   lloadd.conf    ( 5 )

файл конфигурации для lloadd, автономного демона LDAP (configuration file for lloadd, the stand-alone LDAP daemon)

BACKEND CONFIGURATION

Options in this section describe how the lloadd connects and authenticates to the backend servers. Backends are organised in groups (tiers). Backends in the first tier are tried first, if none of them are reachable, the following tier is tried in the same way. If there is a backend in the tier that has suitable connections, but they are busy, no further tier is consulted. This is useful in high availability scenarios where a group of servers (e.g. the local environment) should be contacted if possible.

It is assumed all backend servers serve the same data. On startup, the configured connections are set up and those not dedicated to handle bind requests are authenticated with the backend using the information in the bindconf option. The authentication configuration is shared between them.

bindconf [bindmethod=simple|sasl] [binddn=<dn>] [saslmech=<mech>] [authcid=<identity>] [authzid=<identity>] [credentials=<passwd>] [realm=<realm>] [secprops=<properties>] [timeout=<seconds>] [network-timeout=<seconds>] [tcp-user-timeout=<milliseconds>]

Specifies the bind credentials lloadd uses when setting up its regular connections to all backends.

A bindmethod of simple requires the options binddn and credentials and should only be used when adequate security services (e.g. TLS or IPSEC) are in place. REMEMBER: simple bind credentials must be in cleartext! A bindmethod of sasl requires the option saslmech. Depending on the mechanism, an authentication identity and/or credentials can be specified using authcid and credentials. The authzid parameter may be used to specify an authorization identity. Specific security properties (as with the sasl-secprops keyword above) for a SASL bind can be set with the secprops option. A non default SASL realm can be set with the realm option.

The timeout parameter indicates how long an operation can be pending a response (result, search entry, ...) from the server in seconds. Due to how timeouts are detected, the timeout might not be detected and handled up to timeout seconds after it happens.

The network-timeout parameter sets how long the consumer will wait to establish a network connection to the provider. Once a connection is established, the timeout parameter determines how long the consumer will wait for the initial Bind request to complete.

Timeout set to 0 means no timeout is in effect and by default, no timeouts are in effect.

The tcp-user-timeout parameter, if non-zero, corresponds to the TCP_USER_TIMEOUT set on the upstream connections, overriding the operating system setting. Only some systems support the customization of this parameter, it is ignored otherwise and system-wide settings are used.