1SLAPO-HOMEDIR(5) File Formats Manual SLAPO-HOMEDIR(5)
2
3
4
6 slapo-homedir - Home directory provisioning overlay
7
9 /etc/openldap/slapd.conf
10
12 The homedir overlay causes slapd(8) to notice changes involving
13 RFC-2307bis style user-objects and make appropriate changes to the lo‐
14 cal filesystem. This can be performed on both master and replica sys‐
15 tems, so it is possible to perform remote home directory provisioning.
16
18 Both slapd.conf and back-config style configuration is supported.
19
20 overlay homedir
21 This directive adds the homedir overlay to the current database,
22 or to the frontend, if used before any database instantiation;
23 see slapd.conf(5) for details.
24
25 homedir-skeleton-path <pathname>
26
27 olcSkeletonPath: pathname
28 These options set the path to the skeleton account directory.
29 (Generally, /etc/skel) Files in this directory will be copied
30 into newly created home directories. Copying is recursive and
31 handles symlinks and fifos, but will skip most specials.
32
33 homedir-min-uidnumber <user id number>
34
35 olcMinimumUidNumber: number
36 These options configure the minimum userid to use in any home
37 directory attempt. This is a basic safety measure to prevent
38 accidentally using system accounts. See REPLICATION for more
39 flexible options for selecting accounts.
40
41 homedir-regexp <regexp> <path>
42
43 olcHomedirRegexp: regexp path
44 These options configure a set of regular expressions to use for
45 matching and optionally remapping incoming homeDirectory attri‐
46 bute values to pathnames on the local filesystem. $number ex‐
47 pansion is supported to access values captured in parentheses.
48
49 For example, to accept any directory starting with home and use
50 it verbatim on the local filesystem:
51
52 homedir-regexp ^(/home/[-_/a-z0-9]+)$ $1
53
54 To match the same set of directories, but create them instead
55 under exporthome, as is popular on Solaris NFS servers:
56
57 homedir-regexp ^(/home/[-_/a-z0-9]+)$ /export$1
58
59 homedir-delete-style style
60
61 olcHomedirDeleteStyle: style
62 These options configure how deletes of posixAccount entries or
63 their attributes are handled; valid styles are IGNORE, which
64 does nothing, and DELETE, which immediately performs a recursive
65 delete on the home directory, and ARCHIVE, which archives the
66 home directory contents in a TAR file for later examination.
67 The default is IGNORE. Use with caution. ARCHIVE requires
68 homedir-archive-path to be set, or it functions similar to IG‐
69 NORE.
70
71 homedir-archive-path <pathname>
72
73 olcArchivePath: pathname
74 These options specify the destination path for TAR files created
75 by the ARCHIVE delete style.
76
78 The homedir overlay can operate on either master or replica systems
79 with no changes. See slapd.conf(5) or slapd-config(5) for more infor‐
80 mation on configure syncrepl.
81
82 Partial replication (e.g. with filters) is especially useful for pro‐
83 viding different provisioning options to different sets of users.
84
86 DELETE, MOD, and MODRDN operations that remove the unix attributes when
87 delete style is set to DELETE will recursively delete the (regex modi‐
88 fied) home directory from the disk. Please be careful when deleting or
89 changing values.
90
91 MOD and MODRDN will correctly respond to homeDirectory changes and per‐
92 form a non-destructive rename() operation on the filesystem, but this
93 does not correctly retry with a recursive copy when moving between
94 filesystems.
95
96 The recursive copy/delete/chown/tar functions are not aware of ACLs,
97 extended attributes, forks, sparse files, or hard links. Block and
98 character device archival is non-portable, but should not be an issue
99 in home directories, hopefully.
100
101 Copying and archiving may not support files larger than 2GiB on some
102 architectures. Bare POSIX UStar archives cannot support internal files
103 larger than 8GiB. The current tar generator does not attempt to re‐
104 solve uid/gid into symbolic names.
105
106 No attempt is made to try to mkdir() the parent directories needed for
107 a given home directory or archive path.
108
110 /etc/openldap/slapd.conf
111 default slapd configuration file
112
113 /etc/skel (or similar)
114 source of new homedir files.
115
117 slapd.conf(5), slapd-config(5), slapd(8), RFC-2307, RFC-2307bis.
118
120 This module was written in 2009 by Emily Backes for Symas Corporation.
121
122
123
124OpenLDAP 2.6.6 2023/07/31 SLAPO-HOMEDIR(5)