Next: , Previous: , Up: Top   [Contents][Index]


2 Configuration

LDAP functions take their configuration from file ldap.conf, searched in the LDAP configuration path, which is initialized as ‘/etc:/etc/ldap:/etc/openldap’. Directories in that path are scanned sequentially until the file ldap.conf is found in one of them. The file is then read, and further scanning stops1. The format of the configuration file is described elsewhere (see ldap.conf in ldap.conf manpage). mfmod_ldap uses the following settings:

LDAP setting: uri

Specifies the URI of an LDAP server or servers to which the mfmod_ldap should connect.

LDAP setting: base

The default base DN to use when performing ldap operations.

LDAP setting: ldap_version

Version of the LDAP protocol to use. Valid values are 2 and 3 (default).

LDAP setting: binddn

Specifies the default bind DN to use when performing ldap operations.

LDAP setting: bindpw

Specifies the password of binddn.

LDAP setting: bindpwfile

A more secure alternative to bindpw. It specifies the name of a (plaintext) file from which to read the password. Note that the file is read verbatim, which means that it should not end with a newline (unless it is part of the password, of course).

LDAP setting: tls

Configures TLS. The allowed values for this setting are:

yes

Use TLS when possible.

only

Use of TLS required. If TLS is not available, binding will fail.

no

Don’t use TLS.

LDAP setting: tls_cacert

Specifies the file that contains certificates for all of the Certificate Authorities the client will recognize.


Footnotes

(1)

See set_config_path, for a discussion of how to modify the LDAP configuration path.


Next: , Previous: , Up: Top   [Contents][Index]