version 1, including all changes.
.
Rev |
Author |
# |
Line |
1 |
perry |
1 |
LDAP.CONF |
|
|
2 |
!!!LDAP.CONF |
|
|
3 |
NAME |
|
|
4 |
SYNOPSIS |
|
|
5 |
DESCRIPTION |
|
|
6 |
OPTIONS |
|
|
7 |
FILES |
|
|
8 |
SEE ALSO |
|
|
9 |
AUTHOR |
|
|
10 |
ACKNOWLEDGEMENTS |
|
|
11 |
---- |
|
|
12 |
!!NAME |
|
|
13 |
|
|
|
14 |
|
|
|
15 |
ldap.conf, .ldaprc - ldap configuration file |
|
|
16 |
!!SYNOPSIS |
|
|
17 |
|
|
|
18 |
|
|
|
19 |
/etc/ldap/ldap.conf |
|
|
20 |
!!DESCRIPTION |
|
|
21 |
|
|
|
22 |
|
|
|
23 |
The ''ldap.conf'' configuration file is used to set |
|
|
24 |
system-wide defaults to be applied when running ''ldap'' |
|
|
25 |
clients. If the environment variable __LDAPNOINIT__ is |
|
|
26 |
defined, all defaulting is disabled. |
|
|
27 |
|
|
|
28 |
|
|
|
29 |
Each user may specify an optional configuration file, |
|
|
30 |
''.ldaprc'', in his/her home directory which will be used |
|
|
31 |
to override the system-wide defaults file. |
|
|
32 |
|
|
|
33 |
|
|
|
34 |
Additional configuration files can be specified using the |
|
|
35 |
__LDAPCONF__ and __LDAPRC__ environment variables. |
|
|
36 |
__LDAPCONF__ may be set the path of a configuration file. |
|
|
37 |
This path can be absolute or relative to current working |
|
|
38 |
directory. The __LDAPRC__, if defined, should be a |
|
|
39 |
basename of a file in the current working directory or in |
|
|
40 |
the user's home directory. |
|
|
41 |
|
|
|
42 |
|
|
|
43 |
Environmental variables may also be used to augment the file |
|
|
44 |
based defaults. The name of the option is the as listed but |
|
|
45 |
with a prefix of __LDAP__. For example, to define |
|
|
46 |
__BASE__ via the environment, define the variable |
|
|
47 |
__LDAPBASE__ to desired value. |
|
|
48 |
|
|
|
49 |
|
|
|
50 |
Some options are user-only. Such options are ignored if |
|
|
51 |
present in the ''ldap.conf'' (or file specified by |
|
|
52 |
__LDAPCONF__). |
|
|
53 |
!!OPTIONS |
|
|
54 |
|
|
|
55 |
|
|
|
56 |
The different configuration options are: |
|
|
57 |
|
|
|
58 |
|
|
|
59 |
__BASE __ |
|
|
60 |
|
|
|
61 |
|
|
|
62 |
Used to specify the default base DN to use when performing |
|
|
63 |
ldap operations. The base must be specified as a |
|
|
64 |
Distinguished Name in LDAP format. |
|
|
65 |
|
|
|
66 |
|
|
|
67 |
__BINDDN __ |
|
|
68 |
|
|
|
69 |
|
|
|
70 |
Used to specify the default bind DN to use when performing |
|
|
71 |
ldap operations. The bind DN must be specified as a |
|
|
72 |
Distinguished Name in LDAP format. This is a user-only |
|
|
73 |
option. |
|
|
74 |
|
|
|
75 |
|
|
|
76 |
__HOST __ |
|
|
77 |
|
|
|
78 |
|
|
|
79 |
Used to specify the name(s) of an LDAP server(s) to which |
|
|
80 |
''ldap'' library should connect to. Each server's name |
|
|
81 |
can be specified as a domain-style name or an IP address and |
|
|
82 |
optionally followed a ':' and the port number the ldap |
|
|
83 |
server is listening on. A space separated listed of host may |
|
|
84 |
be provided. |
|
|
85 |
|
|
|
86 |
|
|
|
87 |
__PORT __ |
|
|
88 |
|
|
|
89 |
|
|
|
90 |
Used to specify the port used with connecting to LDAP |
|
|
91 |
servers(s). The port may be specified as a |
|
|
92 |
number. |
|
|
93 |
|
|
|
94 |
|
|
|
95 |
__SASL_SECPROPS __ |
|
|
96 |
|
|
|
97 |
|
|
|
98 |
Used to specify Cyrus SASL security properties. The |
|
|
99 |
__none__ flag (without any other properities) causes the |
|
|
100 |
flag properites defaults ( |
|
|
101 |
__noplain__ flag disables mechanisms |
|
|
102 |
susceptible to simple passive attacks. The __noactive__ |
|
|
103 |
flag disables mechanisms susceptible to active attacks. The |
|
|
104 |
__nodict__ flag disables mechanisms susceptible to |
|
|
105 |
passive dictionary attacks. The __noanonyous__ flag |
|
|
106 |
disables mechanisms which support anonymous login. The |
|
|
107 |
__forwardsec__ flag require forward secrecy between |
|
|
108 |
sessions. The __passcred__ require mechanisms which pass |
|
|
109 |
client credentials (and allow mechanisms which can pass |
|
|
110 |
credentials to do so). The __minssf=__ |
|
|
111 |
property specifies the minimum acceptable ''security |
|
|
112 |
strength factor'' as an integer approximate to effective |
|
|
113 |
key length used for encryption. 0 (zero) implies no |
|
|
114 |
protection, 1 implies integrity protection only, 56 allows |
|
|
115 |
DES or other weak ciphers, 112 allows triple DES and other |
|
|
116 |
strong ciphers, 128 allows RC4, Blowfish and other modern |
|
|
117 |
strong ciphers. The default is 0. The |
|
|
118 |
__maxssf=__ property specifies the maximum |
|
|
119 |
acceptable ''security strength factor'' as an integer |
|
|
120 |
(see minssf description). The default is INT_MAX. The |
|
|
121 |
__maxbufsize=__ property specifies the |
|
|
122 |
maximum security layer receive buffer size allowed. 0 |
|
|
123 |
disables security layers. The default is 65536. |
|
|
124 |
|
|
|
125 |
|
|
|
126 |
__SIZELIMIT __ |
|
|
127 |
|
|
|
128 |
|
|
|
129 |
Used to specify a size limit to use when performing |
|
|
130 |
searches. The number should be an non-negative integer. |
|
|
131 |
''SIZELIMIT'' of zero (0) specifies unlimited search |
|
|
132 |
size. |
|
|
133 |
|
|
|
134 |
|
|
|
135 |
__TIMELIMIT __ |
|
|
136 |
|
|
|
137 |
|
|
|
138 |
Used to specify a time limit to use when performing |
|
|
139 |
searches. The number should be an non-negative integer. |
|
|
140 |
''TIMELIMIT'' of zero (0) specifies unlimited search time |
|
|
141 |
to be used. |
|
|
142 |
|
|
|
143 |
|
|
|
144 |
__DEREF |
|
|
145 |
__ |
|
|
146 |
|
|
|
147 |
|
|
|
148 |
Specify how aliases dereferencing is done. ''DEREF'' |
|
|
149 |
should be set to one of __never, always, search,__ or |
|
|
150 |
__find__ to specify that aliases are never dereferenced, |
|
|
151 |
always dereferenced, dereferenced when searching, or |
|
|
152 |
dereferenced only when locating the base object for the |
|
|
153 |
search. The default is to never dereference |
|
|
154 |
aliases. |
|
|
155 |
!!FILES |
|
|
156 |
|
|
|
157 |
|
|
|
158 |
''/etc/ldap/ldap.conf'' |
|
|
159 |
|
|
|
160 |
|
|
|
161 |
''$HOME/.ldaprc'' |
|
|
162 |
|
|
|
163 |
|
|
|
164 |
''$CWD/.ldaprc'' |
|
|
165 |
!!SEE ALSO |
|
|
166 |
|
|
|
167 |
|
|
|
168 |
ldap(3) |
|
|
169 |
!!AUTHOR |
|
|
170 |
|
|
|
171 |
|
|
|
172 |
Kurt Zeilenga, The OpenLDAP Project |
|
|
173 |
!!ACKNOWLEDGEMENTS |
|
|
174 |
|
|
|
175 |
|
|
|
176 |
__OpenLDAP__ is developed and maintained by The OpenLDAP |
|
|
177 |
Project (http://www.openldap.org/). __OpenLDAP__ is |
|
|
178 |
derived from University of Michigan LDAP 3.3 |
|
|
179 |
Release. |
|
|
180 |
---- |