1 .TH SLAPD-SHELL 5 "2008/07/16" "OpenLDAP 2.4.11"
2 .\" Copyright 1998-2008 The OpenLDAP Foundation All Rights Reserved.
3 .\" Copying restrictions apply. See COPYRIGHT/LICENSE.
4 .\" $OpenLDAP: pkg/ldap/doc/man/man5/slapd-shell.5,v 1.16.2.5 2008/02/11 23:49:02 quanah Exp $
6 slapd-shell \- Shell backend to slapd
8 /etc/openldap/slapd.conf
12 executes external programs to implement operations, and is designed to
13 make it easy to tie an existing database to the
17 This backend is primarily intended to be used in prototypes.
21 shell command has been removed since OpenLDAP 2.1.
25 options apply to the SHELL backend database.
26 That is, they must follow a "database shell" line and come before any
27 subsequent "backend" or "database" lines.
28 Other database options are described in the
32 These options specify the pathname and arguments of the program to
33 execute in response to the given LDAP operation.
34 Each option is followed by the input lines that the program receives:
36 .B add <pathname> <argument>...
40 <repeat { "suffix:" <database suffix DN> }>
41 <entry in LDIF format>
44 .B bind <pathname> <argument>...
48 <repeat { "suffix:" <database suffix DN> }>
50 method: <method number>
51 credlen: <length of <credentials>>
55 .B compare <pathname> <argument>...
59 <repeat { "suffix:" <database suffix DN> }>
64 .B delete <pathname> <argument>...
68 <repeat { "suffix:" <database suffix DN> }>
72 .B modify <pathname> <argument>...
76 <repeat { "suffix:" <database suffix DN> }>
79 <"add"/"delete"/"replace">: <attribute>
80 <repeat { <attribute>: <value> }>
85 .B modrdn <pathname> <argument>...
89 <repeat { "suffix:" <database suffix DN> }>
92 deleteoldrdn: <0 or 1>
93 <if new superior is specified: "newSuperior: <DN>">
96 .B search <pathname> <argument>...
100 <repeat { "suffix:" <database suffix DN> }>
102 scope: <0-2, see ldap.h>
103 deref: <0-3, see ldap.h>
104 sizelimit: <size limit>
105 timelimit: <time limit>
108 attrs: <"all" or space-separated attribute list>
111 .B unbind <pathname> <argument>...
115 <repeat { "suffix:" <database suffix DN> }>
119 Note that you need only supply configuration lines for those commands you
120 want the backend to handle.
121 Operations for which a command is not supplied will be refused with an
122 "unwilling to perform" error.
124 The \fBsearch\fP command should output the entries in LDIF format,
125 each entry followed by a blank line, and after these the RESULT below.
127 All commands except \fBunbind\fP should then output:
132 matched: <matched DN>
136 where only the RESULT line is mandatory.
137 Lines starting with `#' or `DEBUG:' are ignored.
141 backend does not honor all ACL semantics as described in
142 .BR slapd.access (5).
143 In general, access to objects is checked by using a dummy object
144 that contains only the DN, so access rules that rely on the contents
145 of the object are not honored.
150 operation does not require
154 pseudo-attribute of the parent entry.
162 pseudo-attribute of the entry whose identity is being assessed;
164 access to the credentials is not checked, but rather delegated
165 to the underlying shell script.
171 access (FIXME: wouldn't
173 be a more appropriate choice?)
177 of the object whose value is being asserted;
179 access to the attribute whose value is being asserted is not checked.
183 operation does not require
187 pseudo-attribute of the parent entry.
197 access to the specific attributes that are modified is not checked.
201 operation does not require
205 pseudo-attribute of the parent entry, nor to that of the new parent,
208 access to the distinguished values of the naming attributes
213 operation does not require
217 pseudo_attribute of the searchBase;
219 access to the attributes and values used in the filter is not checked.
222 There is an example search script in the slapd/back-shell/ directory
223 in the OpenLDAP source tree.
225 The shell backend does not support threaded environments.
226 When using the shell backend,
229 .IR --without-threads .
232 /etc/openldap/slapd.conf
233 default slapd configuration file