*nix Documentation Project
·  Home
 +   man pages
·  Linux HOWTOs
·  FreeBSD Tips
·  *niX Forums

  man pages->Linux man pages -> ldap.conf (5)              
Title
Content
Arch
Section
 

LDAP.CONF(5)

Contents

NAME    [Toc]    [Back]

       ldap.conf, .ldaprc - ldap configuration file

SYNOPSIS    [Toc]    [Back]

       /etc/ldap/ldap.conf .ldaprc

DESCRIPTION    [Toc]    [Back]

       The ldap.conf configuration file is used to set system-wide defaults to
       be applied when running ldap  clients.	If  the  environment  variable
       LDAPNOINIT is defined, all defaulting is disabled.

       Each  user  may	specify  an  optional  configuration file, .ldaprc, in
       his/her home directory which will be used to override  the  system-wide
       defaults file.

       Additional  configuration files can be specified using the LDAPCONF and
       LDAPRC environment variables.  LDAPCONF may be set the path of  a  configuration
  file.   This  path  can  be absolute or relative to current
       working directory.  The LDAPRC, if defined, should be a basename  of  a
       file  in the current working directory or in the user's home directory.

       Environmental variables may also be used  to  augment  the  file  based
       defaults.  The name of the option is the as listed but with a prefix of
       LDAP.  For example, to define BASE  via	the  environment,  define  the
       variable LDAPBASE to desired value.

       Some options are user-only.  Such options are ignored if present in the
       ldap.conf (or file specified by LDAPCONF).

OPTIONS    [Toc]    [Back]

       The different configuration options are:

       BASE <base>
		 Used to specify the default base DN to  use  when  performing
		 ldap  operations.   The  base	must be specified as a Distinguished
 Name in LDAP format.

       BINDDN <dn>
		 Used to specify the default bind DN to  use  when  performing
		 ldap  operations.  The bind DN must be specified as a Distinguished
 Name in LDAP format.  This is a user-only option.

       HOST <name[:port] ...>
		 Used to specify the name(s) of an  LDAP  server(s)  to  which
		 ldap  library	should	connect to.  Each server's name can be
		 specified as a domain-style name or an IP address and optionally
  followed  a  ':' and the port number the ldap server is
		 listening on.	A space separated listed of host may  be  provided.


       PORT <port>
		 Used  to  specify  the  port  used  with  connecting  to LDAP
		 servers(s).  The port may be specified as a number.

       SASL_SECPROPS <properties>
		 Used to specify Cyrus SASL  security  properties.   The  none
		 flag	(without   any	other  properities)  causes  the  flag
		 properites defaults ("noanonymous,noplain")  to  be  cleared.
		 The  noplain  flag  disables mechanisms susceptible to simple
		 passive attacks.  The noactive flag disables mechanisms  susceptible
  to active attacks.  The nodict flag disables mechanisms
	susceptible  to  passive  dictionary   attacks.    The
		 noanonyous  flag  disables mechanisms which support anonymous
		 login.  The forwardsec flag require forward  secrecy  between
		 sessions.   The passcred require mechanisms which pass client
		 credentials (and allow mechanisms which can pass  credentials
		 to  do so).  The minssf=<factor> property specifies the minimum
 acceptable security strength factor as an integer approximate
	to effective key length used for encryption.  0 (zero)
		 implies no protection, 1 implies integrity  protection  only,
		 56  allows  DES  or other weak ciphers, 112 allows triple DES
		 and other strong ciphers, 128 allows RC4, Blowfish and  other
		 modern  strong  ciphers.  The default is 0.  The maxssf=<fac-
		 tor>  property  specifies  the  maximum  acceptable  security
		 strength  factor as an integer (see minssf description).  The
		 default is INT_MAX.  The maxbufsize=<factor> property	specifies
  the maximum security layer receive buffer size allowed.
		 0 disables security layers.  The default is 65536.

       SIZELIMIT <integer>
		 Used to specify a size limit to use when performing searches.
		 The  number  should be an non-negative integer.  SIZELIMIT of
		 zero (0) specifies unlimited search size.

       TIMELIMIT <integer>
		 Used to specify a time limit to use when performing searches.
		 The  number  should be an non-negative integer.  TIMELIMIT of
		 zero (0) specifies unlimited search time to be used.

       DEREF <never|searching|finding|always>
		 Specify how aliases dereferencing is done.  DEREF  should  be
		 set  to one of never, always, search, or find to specify that
		 aliases are never dereferenced, always dereferenced, dereferenced
	when searching, or dereferenced only when locating the
		 base object for the search.  The default is to never dereference
 aliases.

FILES    [Toc]    [Back]

       /etc/ldap/ldap.conf

       $HOME/.ldaprc

       $CWD/.ldaprc

SEE ALSO    [Toc]    [Back]

      
       
       ldap(3)

AUTHOR    [Toc]    [Back]

       Kurt Zeilenga, The OpenLDAP Project

ACKNOWLEDGEMENTS    [Toc]    [Back]

       OpenLDAP   is   developed   and	maintained  by	The  OpenLDAP  Project
       (http://www.openldap.org/).  OpenLDAP is  derived  from	University  of
       Michigan LDAP 3.3 Release.



4.3 Berkeley Distribution	20 August 2000			  LDAP.CONF(5)
[ Back ]
 Similar pages
Name OS Title
ldapcd.conf Tru64 Configuration file for LDAP authentication.
ldapfilter.conf Linux configuration file for LDAP get filter routines
ldaptemplates.conf Linux configuration file for LDAP display template routines
ldapsearchprefs.conf Linux configuration file for LDAP search preference routines
ldapusers.deny Tru64 Contains the names of Tru64 UNIX users who will not be authenticated by LDAP authentication
apt.conf Linux Configuration file for APT
man.conf OpenBSD configuration file for man(1)
amd.conf FreeBSD amd configuration file
ypserv.acl OpenBSD ypserv(8) configuration file
resolver FreeBSD resolver configuration file
Copyright © 2004-2005 DeniX Solutions SRL
newsletter delivery service