autofs-5.0.5 - add autofs_ldap_auth.conf man page

From: Ian Kent <raven@themaw.net>


---

 CHANGELOG                      |    1 
 man/auto.master.5.in           |    3 +
 man/autofs.5                   |    1 
 man/autofs.8.in                |    1 
 man/autofs_ldap_auth.conf.5.in |   93 ++++++++++++++++++++++++++++++++++++++++
 man/automount.8                |    1 
 samples/autofs_ldap_auth.conf  |   63 ---------------------------
 7 files changed, 101 insertions(+), 62 deletions(-)
 create mode 100644 man/autofs_ldap_auth.conf.5.in


diff --git a/CHANGELOG b/CHANGELOG
index fc4e738..e319b4d 100644
--- a/CHANGELOG
+++ b/CHANGELOG
@@ -30,6 +30,7 @@
 - add locality as valid ldap master map attribute fix.
 - add simple bind authentication.
 - fix master map source server unavailable handling.
+- add autofs_ldap_auth.conf man page.
 
 03/09/2009 autofs-5.0.5
 -----------------------
diff --git a/man/auto.master.5.in b/man/auto.master.5.in
index 792035f..453ff98 100644
--- a/man/auto.master.5.in
+++ b/man/auto.master.5.in
@@ -365,6 +365,8 @@ and set the location of the client certificate and private key
 in the per-user configuration. The location of these files and the configuration
 entry requirements is system dependent so the documentation for your
 installation will need to be consulted to get further information.
+.P
+See \fBautofs_ldap_auth.conf\fP(5) for more information.
 .SH EXAMPLE
 .sp
 .RS +.2i
@@ -399,6 +401,7 @@ configuration will be used to locate the source of the map
 .BR automount (8),
 .BR autofs (5),
 .BR autofs (8).
+.BR autofs_ldap_auth.conf (5)
 .SH AUTHOR
 This manual page was written by Christoph Lameter <chris@waterf.org>,
 for the Dean GNU/Linux system.  Edited by <hpa@transmeta.com> and
diff --git a/man/autofs.5 b/man/autofs.5
index 5a01791..c5614e1 100644
--- a/man/autofs.5
+++ b/man/autofs.5
@@ -229,6 +229,7 @@ and LDAP only.
 .BR auto.master (5),
 .BR autofs (8),
 .BR mount (8).
+.BR autofs_ldap_auth.conf (5)
 .SH AUTHOR
 This manual page was written by Christoph Lameter <chris@waterf.org>,
 for the Debian GNU/Linux system.  Edited by H. Peter Avian
diff --git a/man/autofs.8.in b/man/autofs.8.in
index 4828b39..ac0670d 100644
--- a/man/autofs.8.in
+++ b/man/autofs.8.in
@@ -50,6 +50,7 @@ will display the status of,
 .BR automount (8),
 .BR autofs (5),
 .BR auto.master (5).
+.BR autofs_ldap_auth.conf (5)
 .SH AUTHOR
 This manual page was written by Christoph Lameter <chris@waterf.org>,
 for the Debi GNU/Linux system.  Edited by H. Peter Anvin
diff --git a/man/autofs_ldap_auth.conf.5.in b/man/autofs_ldap_auth.conf.5.in
new file mode 100644
index 0000000..ecec20d
--- /dev/null
+++ b/man/autofs_ldap_auth.conf.5.in
@@ -0,0 +1,93 @@
+.\" t
+.TH AUTOFS_LDAP_AUTH.CONF 5 "19 Feb 2010"
+.SH NAME
+autofs_ldap_auth.conf \- autofs LDAP authentication configuration
+.SH "DESCRIPTION"
+LDAP authenticated binds, TLS encrypted connections and certification
+may be used by setting appropriate values in the autofs authentication
+configuration file and configuring the LDAP client with appropriate
+settings.  The default location of this file is
+.nh
+.BR @@autofsmapdir@@/autofs_ldap_auth.conf .
+.hy
+If this file exists it will be used to establish whether TLS or authentication
+should be used.
+.P
+An example of this file is:
+.sp
+.RS +.2i
+.ta 1.0i
+.nf
+<?xml version="1.0" ?>
+<autofs_ldap_sasl_conf
+        usetls="yes"
+        tlsrequired="no"
+        authrequired="no"
+        authtype="DIGEST-MD5"
+        user="xyz"
+        secret="abc"
+/>
+.fi
+.RE
+.sp
+If TLS encryption is to be used the location of the Certificate Authority
+certificate must be set within the LDAP client configuration in 
+order to validate the server certificate. If, in addition, a certified
+connection is to be used then the client certificate and private key file
+locations must also be configured within the LDAP client.
+.SH "OPTIONS"
+This files contains a single XML element, as shown in the example above, with
+several attributes.
+.TP
+The possible attributes are:
+.TP
+\fBusetls="yes"|"no"\fP
+Determines whether an encrypted connection to the ldap server
+should be attempted.
+.TP
+\fBtlsrequired="yes"|"no"\fP
+This flag tells whether the ldap connection must be encrypted. If set to "yes",
+the automounter will fail to start if an encrypted connection cannot be
+established.
+.TP
+\fBauthrequired="yes"|"no"|"autodetect"|"simple"\fP
+This option tells whether an authenticated connection to the ldap server is
+required in order to perform ldap queries. If the flag is set to yes, only
+sasl authenticated connections will be allowed. If it is set to no then
+authentication is not needed for ldap server connections. If it is set to
+autodetect then the ldap server will be queried to establish a suitable sasl
+authentication  mechanism. If no suitable mechanism can be found, connections
+to the ldap server are made without authentication. Finally, if it is set to
+simple, then simple authentication will be used instead of SASL.
+.TP
+\fBauthtype="GSSAPI"|"LOGIN"|"PLAIN"|"ANONYMOUS"|"DIGEST-MD5"\fP
+This attribute can be used to specify a preferred authentication mechanism.
+ In normal operations, the automounter will attempt to authenticate to the
+ldap server using the list of supportedSASLmechanisms obtained from the
+directory server.  Explicitly setting the authtype will bypass this selection
+and only try the mechanism specified.
+.TP
+\fBuser="<username>"\fP
+This attribute holds the authentication identity used by authentication
+mechanisms that require it.  Legal values for this attribute include any
+printable characters that can be used by the selected authentication
+mechanism.
+.TP
+\fBsecret="<password>"\fP
+This attribute holds the secret used by authentication mechanisms that
+require it. Legal values for this attribute include any printable
+characters that can be used by the selected authentication mechanism.
+.TP
+\fBclientprinc="<GSSAPI client principal>"\fP
+When using GSSAPI authentication, this attribute is consulted to determine
+the principal name to use when authenticating to the directory server. By
+default, this will be set to "autofsclient/<fqdn>@<REALM>.
+.TP
+\fBcredentialcache="<external credential cache path>"\fP
+When using GSSAPI authentication, this attribute can be used to specify an
+externally configured credential cache that is used during authentication.
+By default, autofs will setup a memory based credential cache.
+.SH "SEE ALSO"
+.BR auto.master (5),
+.SH AUTHOR
+This manual page was written by Ian Kent <raven@themaw.net>.
diff --git a/man/automount.8 b/man/automount.8
index d9a45c2..18f74bf 100644
--- a/man/automount.8
+++ b/man/automount.8
@@ -152,6 +152,7 @@ constructed has been detached from the mount tree.
 .BR autofs (8),
 .BR auto.master (5),
 .BR mount (8).
+.BR autofs_ldap_auth.conf (5)
 .SH BUGS
 Don't know, I've fixed everything I know about.
 
diff --git a/samples/autofs_ldap_auth.conf b/samples/autofs_ldap_auth.conf
index be5e7dd..4033ba0 100644
--- a/samples/autofs_ldap_auth.conf
+++ b/samples/autofs_ldap_auth.conf
@@ -1,68 +1,7 @@
 <?xml version="1.0" ?>
 <!--
 This files contains a single entry with multiple attributes tied to it.
-The attributes are:
-
-usetls  -  Determines whether an encrypted connection to the ldap server
-	   should be attempted.  Legal values for the entry are:
-	   "yes"
-	   "no"
-
-tlsrequired  -  This flag tells whether the ldap connection must be
-	   encrypted.  If set to "yes", the automounter will fail to start
-	   if an encrypted connection cannot be established.  Legal values
-	   for this option include:
-	   "yes"
-	   "no"
-
-authrequired  -  This option tells whether an authenticated connection to
-	    the ldap server is required in order to perform ldap queries.
-	    If the flag is set to yes, only sasl authenticated connections
-	    will be allowed. If it is set to no then authentication is not
-	    needed for ldap server connections. If it is set to autodetect
-	    then the ldap server will be queried to establish a suitable sasl
-	    authentication mechanism. If no suitable mechanism can be found,
-	    connections to the ldap server are made without authentication.
-	    Finally, if it is set to simple, then simple authentication will
-	    be used instead of SASL.
-
-	    "yes"
-	    "no"
-	    "autodetect"
-	    "simple"
-
-authtype  -  This attribute can be used to specify a preferred
-	    authentication mechanism.  In normal operations, the
-	    automounter will attempt to authenticate to the ldap server
-	    using the list of supportedSASLmechanisms obtained from the
-	    directory server.  Explicitly setting the authtype will bypass
-	    this selection and only try the mechanism specified.  Legal
-	    values for this attribute include:
-	    "GSSAPI"
-	    "LOGIN"
-	    "PLAIN"
-	    "ANONYMOUS"
-	    "DIGEST-MD5"
-
-user  -  This attribute holds the authentication identity used by
-	    authentication mechanisms that require it.  Legal values for
-	    this attribute include any printable characters that can be
-	    used by the selected authentication mechanism.
-
-secret  -  This attribute holds the secret used by authentication
-	    mechanisms that require it.  Legal values for this attribute
-	    include any printable characters that can be used by the
-	    selected authentication mechanism.
-
-clientprinc  -  When using GSSAPI authentication, this attribute is
-	    consulted to determine the principal name to use when
-	    authenticating to the directory server.  By default, this will
-	    be set to "autofsclient/<fqdn>@<REALM>.
-
-credentialcache - When using GSSAPI authentication, this attribute
-	    can be used to specify an externally configured credential
-	    cache that is used during authentication. By default, autofs
-	    will setup a memory based credential cache.
+See autofs_ldap_auth.conf(5) for more information.
 -->
 
 <autofs_ldap_sasl_conf