1 .lf 1 stdin 2 .TH SLAPO-HOMEDIR 5 "2025/05/22" "OpenLDAP 2.6.10" 3 .\" Copyright 1998-2024 The OpenLDAP Foundation, All Rights Reserved. 4 .\" Copying restrictions apply. See the COPYRIGHT file. 5 .\" $OpenLDAP$ 6 .SH NAME 7 slapo\-homedir \- Home directory provisioning overlay 8 .SH SYNOPSIS 9 /etc/openldap/slapd.conf 10 .SH DESCRIPTION 11 The 12 .B homedir 13 overlay causes 14 .BR slapd (8) 15 to notice changes involving RFC-2307bis style user-objects and make 16 appropriate changes to the local filesystem. This can be performed 17 on both master and replica systems, so it is possible to perform 18 remote home directory provisioning. 19 .SH CONFIGURATION 20 Both slapd.conf and back-config style configuration is supported. 21 .TP 22 .B overlay homedir 23 This directive adds the homedir overlay to the current database, 24 or to the frontend, if used before any database instantiation; see 25 .BR slapd.conf (5) 26 for details. 27 .TP 28 .B homedir\-skeleton\-path <pathname> 29 .TP 30 .B olcSkeletonPath: pathname 31 These options set the path to the skeleton account directory. 32 (Generally, /etc/skel) Files in this directory will be copied into 33 newly created home directories. Copying is recursive and handles 34 symlinks and fifos, but will skip most specials. 35 .TP 36 .B homedir\-min\-uidnumber <user id number> 37 .TP 38 .B olcMinimumUidNumber: number 39 These options configure the minimum userid to use in any home 40 directory attempt. This is a basic safety measure to prevent 41 accidentally using system accounts. See REPLICATION for more flexible 42 options for selecting accounts. 43 .TP 44 .B homedir\-regexp <regexp> <path> 45 .TP 46 .B olcHomedirRegexp: regexp path 47 These options configure a set of regular expressions to use for 48 matching and optionally remapping incoming 49 .B homeDirectory 50 attribute values to pathnames on the local filesystem. $number 51 expansion is supported to access values captured in parentheses. 52 53 For example, to accept any directory starting with \/home and use it 54 verbatim on the local filesystem: 55 56 .B homedir-regexp ^(/home/[\-_/a\-z0\-9]+)$ $1 57 58 To match the same set of directories, but create them instead under 59 \/export\/home, as is popular on Solaris NFS servers: 60 61 .B homedir-regexp ^(/home/[\-_/a\-z0\-9]+)$ /export$1 62 .TP 63 .B homedir\-delete\-style style 64 .TP 65 .B olcHomedirDeleteStyle: style 66 These options configure how deletes of posixAccount entries or their 67 attributes are handled; valid styles are 68 .B IGNORE, 69 which does nothing, and 70 .B DELETE, 71 which immediately performs a recursive delete on the home directory, 72 and 73 .B ARCHIVE, 74 which archives the home directory contents in a TAR file for later 75 examination. The default is IGNORE. Use with caution. ARCHIVE 76 requires homedir-archive-path to be set, or it functions similar to 77 IGNORE. 78 .TP 79 .B homedir\-archive\-path <pathname> 80 .TP 81 .B olcHomedirArchivePath: pathname 82 These options specify the destination path for TAR files created by 83 the ARCHIVE delete style. 84 .SH REPLICATION 85 The homedir overlay can operate on either master or replica systems 86 with no changes. See 87 .BR slapd.conf (5) 88 or 89 .BR slapd\-config (5) 90 for more information on configure syncrepl. 91 92 Partial replication (e.g. with filters) is especially useful for 93 providing different provisioning options to different sets of users. 94 .SH EXAMPLE 95 The following LDIF could be used to add this overlay to 96 .B cn=config 97 (adjust to suit) 98 .LP 99 .RS 100 .nf 101 dn: cn=module{0},cn=config 102 changetype: modify 103 add: olcModuleLoad 104 olcModuleLoad: homedir 105 106 dn: olcOverlay=homedir,olcDatabase={1}mdb,cn=config 107 changetype: add 108 objectClass: olcOverlayConfig 109 objectClass: olcHomedirConfig 110 olcOverlay: homedir 111 olcSkeletonPath: /etc/skel 112 olcMinimumUidNumber: 1000 113 olcHomedirRegexp: ^(/home/[-_/a-z0-9]+)$ /export/$1 114 olcHomedirDeleteStyle: ARCHIVE 115 olcHomedirArchivePath: /archive 116 .fi 117 .RE 118 .LP 119 120 .SH BUGS 121 DELETE, MOD, and MODRDN operations that remove the unix attributes 122 when delete style is set to DELETE will recursively delete the (regex 123 modified) home directory from the disk. Please be careful when 124 deleting or changing values. 125 126 MOD and MODRDN will correctly respond to homeDirectory changes and 127 perform a non-destructive rename() operation on the filesystem, but 128 this does not correctly retry with a recursive copy when moving 129 between filesystems. 130 131 The recursive copy/delete/chown/tar functions are not aware of ACLs, 132 extended attributes, forks, sparse files, or hard links. Block and 133 character device archival is non-portable, but should not be an issue 134 in home directories, hopefully. 135 136 Copying and archiving may not support files larger than 2GiB on some 137 architectures. Bare POSIX UStar archives cannot support internal 138 files larger than 8GiB. The current tar generator does not attempt to 139 resolve uid/gid into symbolic names. 140 141 No attempt is made to try to mkdir() the parent directories needed for 142 a given home directory or archive path. 143 144 .SH FILES 145 .TP 146 /etc/openldap/slapd.conf 147 default slapd configuration file 148 .TP 149 /etc/skel (or similar) 150 source of new homedir files. 151 .SH SEE ALSO 152 .BR slapd.conf (5), 153 .BR slapd\-config (5), 154 .BR slapd (8), 155 RFC-2307, RFC-2307bis. 156 .SH ACKNOWLEDGEMENTS 157 .P 158 This module was written in 2009 by Emily Backes for Symas Corporation. 159
Indexes created Tue May 05 00:25:04 UTC 2026