1SLAPO-HOMEDIR(5)              File Formats Manual             SLAPO-HOMEDIR(5)
2
3
4

NAME

6       slapo-homedir - Home directory provisioning overlay
7

SYNOPSIS

9       /etc/openldap/slapd.conf
10

DESCRIPTION

12       The  homedir  overlay  causes  slapd(8)  to  notice  changes  involving
13       RFC-2307bis style user-objects and make appropriate changes to the  lo‐
14       cal  filesystem.  This can be performed on both master and replica sys‐
15       tems, so it is possible to perform remote home directory provisioning.
16

CONFIGURATION

18       Both slapd.conf and back-config style configuration is supported.
19
20       overlay homedir
21              This directive adds the homedir overlay to the current database,
22              or  to  the frontend, if used before any database instantiation;
23              see slapd.conf(5) for details.
24
25       homedir-skeleton-path <pathname>
26
27       olcSkeletonPath: pathname
28              These options set the path to the  skeleton  account  directory.
29              (Generally,  /etc/skel)  Files  in this directory will be copied
30              into newly created home directories.  Copying is  recursive  and
31              handles symlinks and fifos, but will skip most specials.
32
33       homedir-min-uidnumber <user id number>
34
35       olcMinimumUidNumber: number
36              These  options  configure  the minimum userid to use in any home
37              directory attempt.  This is a basic safety  measure  to  prevent
38              accidentally  using  system  accounts.  See REPLICATION for more
39              flexible options for selecting accounts.
40
41       homedir-regexp <regexp> <path>
42
43       olcHomedirRegexp: regexp path
44              These options configure a set of regular expressions to use  for
45              matching  and optionally remapping incoming homeDirectory attri‐
46              bute values to pathnames on the local filesystem.   $number  ex‐
47              pansion is supported to access values captured in parentheses.
48
49              For  example, to accept any directory starting with home and use
50              it verbatim on the local filesystem:
51
52              homedir-regexp ^(/home/[-_/a-z0-9]+)$ $1
53
54              To match the same set of directories, but  create  them  instead
55              under exporthome, as is popular on Solaris NFS servers:
56
57              homedir-regexp ^(/home/[-_/a-z0-9]+)$ /export$1
58
59       homedir-delete-style style
60
61       olcHomedirDeleteStyle: style
62              These  options  configure how deletes of posixAccount entries or
63              their attributes are handled; valid  styles  are  IGNORE,  which
64              does nothing, and DELETE, which immediately performs a recursive
65              delete on the home directory, and ARCHIVE,  which  archives  the
66              home  directory  contents  in  a TAR file for later examination.
67              The default is IGNORE.   Use  with  caution.   ARCHIVE  requires
68              homedir-archive-path  to  be set, or it functions similar to IG‐
69              NORE.
70
71       homedir-archive-path <pathname>
72
73       olcArchivePath: pathname
74              These options specify the destination path for TAR files created
75              by the ARCHIVE delete style.
76

REPLICATION

78       The  homedir  overlay  can  operate on either master or replica systems
79       with no changes.  See slapd.conf(5) or slapd-config(5) for more  infor‐
80       mation on configure syncrepl.
81
82       Partial  replication  (e.g. with filters) is especially useful for pro‐
83       viding different provisioning options to different sets of users.
84

BUGS

86       DELETE, MOD, and MODRDN operations that remove the unix attributes when
87       delete  style is set to DELETE will recursively delete the (regex modi‐
88       fied) home directory from the disk.  Please be careful when deleting or
89       changing values.
90
91       MOD and MODRDN will correctly respond to homeDirectory changes and per‐
92       form a non-destructive rename() operation on the filesystem,  but  this
93       does  not  correctly  retry  with  a recursive copy when moving between
94       filesystems.
95
96       The recursive copy/delete/chown/tar functions are not  aware  of  ACLs,
97       extended  attributes,  forks,  sparse  files, or hard links.  Block and
98       character device archival is non-portable, but should not be  an  issue
99       in home directories, hopefully.
100
101       Copying  and  archiving  may not support files larger than 2GiB on some
102       architectures.  Bare POSIX UStar archives cannot support internal files
103       larger  than  8GiB.   The current tar generator does not attempt to re‐
104       solve uid/gid into symbolic names.
105
106       No attempt is made to try to mkdir() the parent directories needed  for
107       a given home directory or archive path.
108

FILES

110       /etc/openldap/slapd.conf
111              default slapd configuration file
112
113       /etc/skel (or similar)
114              source of new homedir files.
115

SEE ALSO

117       slapd.conf(5), slapd-config(5), slapd(8), RFC-2307, RFC-2307bis.
118

ACKNOWLEDGEMENTS

120       This module was written in 2009 by Emily Backes for Symas Corporation.
121
122
123
124OpenLDAP 2.6.3                    2022/07/14                  SLAPO-HOMEDIR(5)
Impressum