Ubuntu Feisty 7.04 manual page repository

Ubuntu is a free computer operating system based on the Linux kernel. Many IT companies, like DeployIS is using it to provide an up-to-date, stable operating system.

Provided by: libldap2_2.1.30-13.3_i386

 

NAME

        ldap.conf, .ldaprc - ldap configuration file
 

SYNOPSIS

        /etc/ldap/ldap.conf, .ldaprc
 

DESCRIPTION

        If  the  environment  variable LDAPNOINIT is defined, all defaulting is
        disabled.
 
        The ldap.conf configuration file is used to set system-wide defaults to
        be applied when running ldap clients.
 
        Users  may create an optional configuration file, ldaprc or .ldaprc, in
        their home directory which will be used  to  override  the  system-wide
        defaults  file.   The  file  ldaprc in the current working directory is
        also used.
 
        Additional configuration files can be specified using the LDAPCONF  and
        LDAPRC  environment  variables.   LDAPCONF  may be set to the path of a
        configuration file.  This path can be absolute or relative to the  cur‐
        rent working directory.  The LDAPRC, if defined, should be the basename
        of a file in the current working directory or in the user’s home direc‐
        tory.
 
        Environmental  variables  may  also  be  used to augment the file based
        defaults.  The name of the variable is the option name  with  an  added
        prefix  of  LDAP.  For example, to define BASE via the environment, set
        the variable LDAPBASE to the desired value.
 
        Some options are user-only.  Such options are ignored if present in the
        ldap.conf (or file specified by LDAPCONF).
 

OPTIONS

        The different configuration options are:
 
        BASE <base>
               Specifies the default base DN to use when performing ldap opera‐
               tions.  The base must be specified as a  Distinguished  Name  in
               LDAP format.
 
        BINDDN <dn>
               Specifies the default bind DN to use when performing ldap opera‐
               tions.  The bind DN must be specified as a Distinguished Name in
               LDAP format.  This is a user-only option.
 
        HOST <name[:port] ...>
               Specifies  the  name(s)  of  an LDAP server(s) to which the ldap
               library should connect.  Each server’s name can be specified  as
               a  domain-style name or an IP address and optionally followed by
               a ’:’ and the port number the ldap server is  listening  on.   A
               space  separated  list of hosts may be provided.  HOST is depre‐
               cated in favor of URI.
 
        PORT <port>
               Specifies  the  default  port  used  when  connecting  to   LDAP
               servers(s).   The  port  may  be specified as a number.  PORT is
               deprecated in favor of URI.
 
        SIZELIMIT <integer>
               Specifies a size limit to use  when  performing  searches.   The
               number  should be a non-negative integer.  SIZELIMIT of zero (0)
               specifies unlimited search size.
 
        TIMELIMIT <integer>
               Specifies a time limit to use  when  performing  searches.   The
               number  should be a non-negative integer.  TIMELIMIT of zero (0)
               specifies unlimited search time to be used.
 
        DEREF <when>
               Specifies how alias dereferencing  is  done  when  performing  a
               search. The <when> can be specified as one of the following key‐
               words:
 
               never  Aliases are never dereferenced. This is the default.
 
               searching
                      Aliases are dereferenced  in  subordinates  of  the  base
                      object,  but  not  in  locating  the  base  object of the
                      search.
 
               finding
                      Aliases are only  dereferenced  when  locating  the  base
                      object of the search.
 
               always Aliases  are dereferenced both in searching and in locat‐
                      ing the base object of the search.
        If OpenLDAP is built with Simple Authentication and Security Layer sup‐
        port, there are more options you can specify.
 
        SASL_MECH <mechanism>
               Specifies  the  SASL  mechanism  to  use.   This  is a user-only
               option.
 
        SASL_REALM <realm>
               Specifies the SASL realm.  This is a user-only option.
 
        SASL_AUTHCID <authcid>
               Specifies the authentication  identity.   This  is  a  user-only
               option.
 
        SASL_AUTHZID <authcid>
               Specifies the proxy authorization identity.  This is a user-only
               option.
 
        SASL_SECPROPS <properties>
               Specifies Cyrus SASL security properties. The  <properties>  can
               be specified as a comma-separated list of the following:
 
               none   (without  any  other  properties)  causes  the properties
                      defaults ("noanonymous,noplain") to be cleared.
 
               noplain
                      disables  mechanisms  susceptible   to   simple   passive
                      attacks.
 
               noactive
                      disables mechanisms susceptible to active attacks.
 
               nodict disables  mechanisms  susceptible  to  passive dictionary
                      attacks.
 
               noanonymous
                      disables mechanisms which support anonymous login.
 
               forwardsec
                      requires forward secrecy between sessions.
 
               passcred
                      requires mechanisms which pass  client  credentials  (and
                      allows mechanisms which can pass credentials to do so).
 
               minssf=<factor>
                      specifies the minimum acceptable security strength factor
                      as an integer approximating the effective key length used
                      for  encryption.   0  (zero)  implies  no  protection,  1
                      implies integrity protection only, 56 allows DES or other
                      weak  ciphers,  112  allows  triple  DES and other strong
                      ciphers, 128 allows RC4, Blowfish and other modern strong
                      ciphers.  The default is 0.
 
               maxssf=<factor>
                      specifies the maximum acceptable security strength factor
                      as an integer (see minssf description).  The  default  is
                      INT_MAX.
 
               maxbufsize=<factor>
                      specifies  the maximum security layer receive buffer size
                      allowed.  0 disables security  layers.   The  default  is
                      65536.
 
        SIZELIMIT <integer>
               Specifies  a  size  limit  to use when performing searches.  The
               number should be a non-negative integer.  SIZELIMIT of zero  (0)
               specifies unlimited search size.
 
        TIMELIMIT <integer>
               Specifies  a  time  limit  to use when performing searches.  The
               number should be a non-negative integer.  TIMELIMIT of zero  (0)
               specifies unlimited search time to be used.
 
        DEREF <when>
               Specifies  how  alias  dereferencing  is  done when performing a
               search. The <when> can be specified as one of the following key‐
               words:
 
               never  Aliases are never dereferenced. This is the default.
 
               searching
                      Aliases  are  dereferenced  in  subordinates  of the base
                      object, but not  in  locating  the  base  object  of  the
                      search.
 
               finding
                      Aliases  are  only  dereferenced  when  locating the base
                      object of the search.
 
               always Aliases are dereferenced both in searching and in  locat‐
                      ing the base object of the search.
        If  OpenLDAP  is built with Transport Layer Security support, there are
        more options you can specify.  These options are used when an  ldaps://
        URI is selected (by default or otherwise) or when the application nego‐
        tiates TLS by issuing the LDAP Start TLS operation.
 
        TLS_CACERT <filename>
               Specifies the file that contains certificates  for  all  of  the
               Certificate Authorities the client will recognize.
 
        TLS_CACERTDIR <path>
               Specifies  the  path  of  a  directory that contains Certificate
               Authority  certificates  in  separate  individual   files.   The
               TLS_CACERT is always used before TLS_CACERTDIR.
 
        TLS_CERT <filename>
               Specifies the file that contains the client certificate. This is
               a user-only option.
 
        TLS_KEY <filename>
               Specifies the file that contains the private  key  that  matches
               the certificate stored in the TLS_CERT file. Currently, the pri‐
               vate key must not be protected with a  password,  so  it  is  of
               critical  importance  that  the key file is protected carefully.
               This is a user-only option.
 
        TLS_RANDFILE <filename>
               Specifies the file to obtain random bits from when  /dev/[u]ran‐
               dom is not available. Generally set to the name of the EGD/PRNGD
               socket.  The environment variable RANDFILE can also be  used  to
               specify the filename.
 
        TLS_REQCERT <level>
               Specifies what checks to perform on server certificates in a TLS
               session, if any. The <level> can be specified as one of the fol‐
               lowing keywords:
 
               never  The  client will not request or check any server certifi‐
                      cate.
 
               allow  The server certificate is requested. If no certificate is
                      provided,  the  session  proceeds normally. If a bad cer‐
                      tificate is provided, it will be ignored and the  session
                      proceeds normally.
 
               try    The server certificate is requested. If no certificate is
                      provided, the session proceeds normally. If  a  bad  cer‐
                      tificate  is  provided, the session is immediately termi‐
                      nated.
 
               demand | hard
                      These keywords are equivalent. The server certificate  is
                      requested.  If  no certificate is provided, or a bad cer‐
                      tificate is provided, the session is  immediately  termi‐
                      nated. This is the default setting.
        LDAPNOINIT
               disable all defaulting
 
        LDAPCONF
               path of a configuration file
 
        LDAPRC basename of ldaprc file in $HOME or $CWD
 
        LDAP<option-name>
               Set <option-name> as from ldap.conf
 

FILES

        /etc/ldap/ldap.conf
               system-wide ldap configuration file
 
        $HOME/ldaprc, $HOME/.ldaprc
               user ldap configuration file
 
        $CWD/ldaprc
               local ldap configuration file
ldap(3)
 

AUTHOR

        Kurt Zeilenga, The OpenLDAP Project
 

ACKNOWLEDGEMENTS

        OpenLDAP   is   developed   and  maintained  by  The  OpenLDAP  Project
        (http://www.openldap.org/).  OpenLDAP is  derived  from  University  of
        Michigan LDAP 3.3 Release.
 

Sections

What does Ubuntu mean?
Ubuntu is an African word meaning 'Humanity to others', or 'I am what I am because of who we all are'. The Ubuntu distribution brings the spirit of Ubuntu to the software world.