SLAPO-HOMEDIR(5) File Formats Manual SLAPO-HOMEDIR(5)
NAME
slapo-homedir - Home directory provisioning overlay
SYNOPSIS
/etc/ldap/slapd.conf
DESCRIPTION
The homedir overlay causes slapd(8) to notice changes involving
RFC-2307bis style user-objects and make appropriate changes to the local
filesystem. This can be performed on both master and replica systems,
so it is possible to perform remote home directory provisioning.
CONFIGURATION
Both slapd.conf and back-config style configuration is supported.
overlay homedir
This directive adds the homedir overlay to the current database,
or to the frontend, if used before any database instantiation;
see slapd.conf(5) for details.
homedir-skeleton-path <pathname>
olcSkeletonPath: pathname
These options set the path to the skeleton account directory.
(Generally, /etc/skel) Files in this directory will be copied
into newly created home directories. Copying is recursive and
handles symlinks and fifos, but will skip most specials.
homedir-min-uidnumber <user id number>
olcMinimumUidNumber: number
These options configure the minimum userid to use in any home di-
rectory attempt. This is a basic safety measure to prevent acci-
dentally using system accounts. See REPLICATION for more flexi-
ble options for selecting accounts.
homedir-regexp <regexp> <path>
olcHomedirRegexp: regexp path
These options configure a set of regular expressions to use for
matching and optionally remapping incoming homeDirectory at-
tribute values to pathnames on the local filesystem. $number ex-
pansion is supported to access values captured in parentheses.
For example, to accept any directory starting with home and use
it verbatim on the local filesystem:
homedir-regexp ^(/home/[-_/a-z0-9]+)$ $1
To match the same set of directories, but create them instead un-
der exporthome, as is popular on Solaris NFS servers:
homedir-regexp ^(/home/[-_/a-z0-9]+)$ /export$1
homedir-delete-style style
olcHomedirDeleteStyle: style
These options configure how deletes of posixAccount entries or
their attributes are handled; valid styles are IGNORE, which does
nothing, and DELETE, which immediately performs a recursive
delete on the home directory, and ARCHIVE, which archives the
home directory contents in a TAR file for later examination. The
default is IGNORE. Use with caution. ARCHIVE requires homedir-
archive-path to be set, or it functions similar to IGNORE.
homedir-archive-path <pathname>
olcHomedirArchivePath: pathname
These options specify the destination path for TAR files created
by the ARCHIVE delete style.
REPLICATION
The homedir overlay can operate on either master or replica systems with
no changes. See slapd.conf(5) or slapd-config(5) for more information
on configure syncrepl.
Partial replication (e.g. with filters) is especially useful for provid-
ing different provisioning options to different sets of users.
EXAMPLE
The following LDIF could be used to add this overlay to cn=config (ad-
just to suit)
dn: cn=module{0},cn=config
changetype: modify
add: olcModuleLoad
olcModuleLoad: homedir
dn: olcOverlay=homedir,olcDatabase={1}mdb,cn=config
changetype: add
objectClass: olcOverlayConfig
objectClass: olcHomedirConfig
olcOverlay: homedir
olcSkeletonPath: /etc/skel
olcMinimumUidNumber: 1000
olcHomedirRegexp: ^(/home/[-_/a-z0-9]+)$ /export/$1
olcHomedirDeleteStyle: ARCHIVE
olcHomedirArchivePath: /archive
BUGS
DELETE, MOD, and MODRDN operations that remove the unix attributes when
delete style is set to DELETE will recursively delete the (regex modi-
fied) home directory from the disk. Please be careful when deleting or
changing values.
MOD and MODRDN will correctly respond to homeDirectory changes and per-
form a non-destructive rename() operation on the filesystem, but this
does not correctly retry with a recursive copy when moving between
filesystems.
The recursive copy/delete/chown/tar functions are not aware of ACLs, ex-
tended attributes, forks, sparse files, or hard links. Block and char-
acter device archival is non-portable, but should not be an issue in
home directories, hopefully.
Copying and archiving may not support files larger than 2GiB on some ar-
chitectures. Bare POSIX UStar archives cannot support internal files
larger than 8GiB. The current tar generator does not attempt to resolve
uid/gid into symbolic names.
No attempt is made to try to mkdir() the parent directories needed for a
given home directory or archive path.
FILES
/etc/ldap/slapd.conf
default slapd configuration file
/etc/skel (or similar)
source of new homedir files.
SEE ALSO
slapd.conf(5), slapd-config(5), slapd(8), RFC-2307, RFC-2307bis.
ACKNOWLEDGEMENTS
This module was written in 2009 by Emily Backes for Symas Corporation.
OpenLDAP 2.6.10+dfsg-1 2025/05/22 SLAPO-HOMEDIR(5)
Generated by dwww version 1.16 on Tue Dec 16 05:25:34 CET 2025.