Welcome to Linux Knowledge Base and Tutorial
"The place where you learn linux"
CARE

 Create an AccountHome | Submit News | Your Account  

Tutorial Menu
Linux Tutorial Home
Table of Contents

· Introduction to Operating Systems
· Linux Basics
· Working with the System
· Shells and Utilities
· Editing Files
· Basic Administration
· The Operating System
· The X Windowing System
· The Computer Itself
· Networking
· System Monitoring
· Solving Problems
· Security
· Installing and Upgrading
· Linux and Windows

Glossary
MoreInfo
Man Pages
Linux Topics
Test Your Knowledge

Site Menu
Site Map
FAQ
Copyright Info
Terms of Use
Privacy Info
Disclaimer
WorkBoard
Thanks
Donations
Advertising
Masthead / Impressum
Your Account

Communication
Feedback
Forums
Private Messages
Surveys

Features
HOWTOs
News Archive
Submit News
Topics
User Articles
Web Links

Google
Google


The Web
linux-tutorial.info

Who's Online
There are currently, 199 guest(s) and 0 member(s) that are online.

You are an Anonymous user. You can register for free by clicking here

  

ldap.conf



SYNOPSIS

       /etc/openldap/ldap.conf, .ldaprc


DESCRIPTION

       If  the  environment  variable  LDAPNOINIT is defined, all
       defaulting is disabled.

       The ldap.conf configuration file is used  to  set  system-
       wide defaults to be applied when running ldap clients.

       Users may create an optional configuration file, ldaprc or
       .ldaprc, in their home directory which  will  be  used  to
       override  the  system-wide defaults file.  The file ldaprc
       in the current working directory is also used.

       Additional configuration files can be specified using  the
       LDAPCONF  and  LDAPRC environment variables.  LDAPCONF may
       be set to the path of a configuration file.  This path can
       be  absolute or relative to the current working directory.
       The LDAPRC, if defined, should be the basename of  a  file
       in  the  current  working  directory or in the user's home
       directory.

       Environmental variables may also be used  to  augment  the
       file  based  defaults.   The  name  of the variable is the
       option name with an added prefix of LDAP.  For example, to
       define BASE via the environment, set the variable LDAPBASE
       to the desired value.

       Some options are user-only.  Such options are  ignored  if
       present  in the ldap.conf (or file specified by LDAPCONF).


OPTIONS

       The different configuration options are:

       BASE <base>
              Specifies the default base DN to use when  perform­
              ing ldap operations.  The base must be specified as
              a Distinguished Name in LDAP format.

       BINDDN <dn>
              Specifies the default bind DN to use when  perform­
              ing ldap operations.  The bind DN must be specified
              as a Distinguished Name in LDAP format.  This is  a
              user-only option.

       HOST <name[:port] ...>
              Specifies the name(s) of an LDAP server(s) to which
              the ldap library  should  connect.   Each  server's
              name  can be specified as a domain-style name or an
              IP address and optionally followed by a ':' and the

       TIMELIMIT <integer>
              Specifies a  time  limit  to  use  when  performing
              searches.   The  number  should  be  a non-negative
              integer.  TIMELIMIT of zero (0) specifies unlimited
              search time to be used.

       DEREF <when>
              Specifies how alias dereferencing is done when per­
              forming a search. The <when> can  be  specified  as
              one of the following keywords:

              never  Aliases  are never dereferenced. This is the
                     default.

              searching
                     Aliases are dereferenced in subordinates  of
                     the  base  object,  but  not in locating the
                     base object of the search.

              finding
                     Aliases are only dereferenced when  locating
                     the base object of the search.

              always Aliases  are  dereferenced both in searching
                     and in  locating  the  base  object  of  the
                     search.


SASL OPTIONS

       If  OpenLDAP is built with Simple Authentication and Secu­
       rity Layer support, there are more options you  can  spec­
       ify.

       SASL_MECH <mechanism>
              Specifies  the  SASL  mechanism  to use.  This is a
              user-only option.

       SASL_REALM <realm>
              Specifies the SASL  realm.   This  is  a  user-only
              option.

       SASL_AUTHCID <authcid>
              Specifies  the  authentication identity.  This is a
              user-only option.

       SASL_AUTHZID <authcid>
              Specifies the proxy authorization  identity.   This
              is a user-only option.

       SASL_SECPROPS <properties>
              Specifies   Cyrus  SASL  security  properties.  The
              <properties> can be specified as a  comma-separated
              nodict disables  mechanisms  susceptible to passive
                     dictionary attacks.

              noanonymous
                     disables mechanisms which support  anonymous
                     login.

              forwardsec
                     requires forward secrecy between sessions.

              passcred
                     requires  mechanisms  which pass client cre­
                     dentials (and allows  mechanisms  which  can
                     pass credentials to do so).

              minssf=<factor>
                     specifies  the  minimum  acceptable security
                     strength factor as an integer  approximating
                     the  effective  key  length used for encryp­
                     tion.  0 (zero)  implies  no  protection,  1
                     implies integrity protection only, 56 allows
                     DES or other weak ciphers, 112 allows triple
                     DES  and  other  strong  ciphers, 128 allows
                     RC4,  Blowfish  and  other   modern   strong
                     ciphers.  The default is 0.

              maxssf=<factor>
                     specifies  the  maximum  acceptable security
                     strength factor as an  integer  (see  minssf
                     description).  The default is INT_MAX.

              maxbufsize=<factor>
                     specifies the maximum security layer receive
                     buffer size allowed.   0  disables  security
                     layers.  The default is 65536.

       SIZELIMIT <integer>
              Specifies  a  size  limit  to  use  when performing
              searches.  The  number  should  be  a  non-negative
              integer.  SIZELIMIT of zero (0) specifies unlimited
              search size.

       TIMELIMIT <integer>
              Specifies a  time  limit  to  use  when  performing
              searches.   The  number  should  be  a non-negative
              integer.  TIMELIMIT of zero (0) specifies unlimited
              search time to be used.

       DEREF <when>
              Specifies how alias dereferencing is done when per­
              forming a search. The <when> can  be  specified  as
              one of the following keywords:
                     and in  locating  the  base  object  of  the
                     search.


TLS OPTIONS

       If  OpenLDAP  is  built with Transport Layer Security sup­
       port, there are  more  options  you  can  specify.   These
       options  are  used  when  an  ldaps:// URI is selected (by
       default or otherwise) or when the  application  negotiates
       TLS by issuing the LDAP Start TLS operation.

       TLS_CACERT <filename>
              Specifies  the  file that contains certificates for
              all of the Certificate Authorities the client  will
              recognize.

       TLS_CACERTDIR <path>
              Specifies  the  path  of  a directory that contains
              Certificate  Authority  certificates  in   separate
              individual  files.  The  TLS_CACERT  is always used
              before TLS_CACERTDIR.

       TLS_CERT <filename>
              Specifies the file that contains  the  client  cer­
              tificate. This is a user-only option.

       TLS_KEY <filename>
              Specifies  the  file  that contains the private key
              that matches the certificate stored in the TLS_CERT
              file.  Currently,  the private key must not be pro­
              tected with a password, so it is of critical impor­
              tance  that  the  key  file is protected carefully.
              This is a user-only option.

       TLS_RANDFILE <filename>
              Specifies the file to obtain random bits from  when
              /dev/[u]random  is  not available. Generally set to
              the name of the EGD/PRNGD socket.  The  environment
              variable  RANDFILE  can also be used to specify the
              filename.

       TLS_REQCERT <level>
              Specifies what checks to perform on server certifi­
              cates  in a TLS session, if any. The <level> can be
              specified as one of the following keywords:

              never  The client will not  request  or  check  any
                     server certificate.

              allow  The  server  certificate is requested. If no
                     certificate is provided,  the  session  pro­
                     ceeds normally. If a bad certificate is pro­
                     vided, it will be ignored  and  the  session


ENVIRONMENT VARIABLES

       LDAPNOINIT
              disable all defaulting

       LDAPCONF
              path of a configuration file

       LDAPRC basename of ldaprc file in $HOME or $CWD

       LDAP<option-name>
              Set <option-name> as from ldap.conf


FILES

       /etc/openldap/ldap.conf
              system-wide ldap configuration file

       $HOME/ldaprc, $HOME/.ldaprc
              user ldap configuration file

       $CWD/ldaprc
              local ldap configuration file


SEE ALSO

       ldap(3)


AUTHOR

       Kurt Zeilenga, The OpenLDAP Project


ACKNOWLEDGEMENTS

       OpenLDAP  is developed and maintained by The OpenLDAP Pro­
       ject (http://www.openldap.org/).  OpenLDAP is derived from
       University of Michigan LDAP 3.3 Release.

OpenLDAP 2.1.22             06-26-2003               LDAP.CONF(5)
  
Help us cut cost by not downloading the whole site!
Use of automated download sofware ("harvesters") such as wget, httrack, etc. causes the site to quickly exceed its bandwidth limitation and therefore is expressedly prohibited. For more details on this, take a look here

Login
Nickname

Password

Security Code
Security Code
Type Security Code


Don't have an account yet? You can create one. As a registered user you have some advantages like theme manager, comments configuration and post comments with your name.

Help if you can!


Amazon Wish List

Did You Know?
You can choose larger fonts by selecting a different themes.


Friends



Tell a Friend About Us

Bookmark and Share



Web site powered by PHP-Nuke

Is this information useful? At the very least you can help by spreading the word to your favorite newsgroups, mailing lists and forums.
All logos and trademarks in this site are property of their respective owner. The comments are property of their posters. Articles are the property of their respective owners. Unless otherwise stated in the body of the article, article content (C) 1994-2013 by James Mohr. All rights reserved. The stylized page/paper, as well as the terms "The Linux Tutorial", "The Linux Server Tutorial", "The Linux Knowledge Base and Tutorial" and "The place where you learn Linux" are service marks of James Mohr. All rights reserved.
The Linux Knowledge Base and Tutorial may contain links to sites on the Internet, which are owned and operated by third parties. The Linux Tutorial is not responsible for the content of any such third-party site. By viewing/utilizing this web site, you have agreed to our disclaimer, terms of use and privacy policy. Use of automated download software ("harvesters") such as wget, httrack, etc. causes the site to quickly exceed its bandwidth limitation and are therefore expressly prohibited. For more details on this, take a look here

PHP-Nuke Copyright © 2004 by Francisco Burzi. This is free software, and you may redistribute it under the GPL. PHP-Nuke comes with absolutely no warranty, for details, see the license.
Page Generation: 0.04 Seconds