SOURCES: openldap.conf (NEW) - sane and appriopriate config for op...

Tue Nov 6 17:54:21 CET 2007

Author: baggins                      Date: Tue Nov  6 16:54:21 2007 GMT
Module: SOURCES                       Tag: HEAD
---- Log message:
- sane and appriopriate config for openldap library (based on man 5 ldap.conf)

---- Files affected:
SOURCES:
   openldap.conf (NONE -> 1.1)  (NEW)

---- Diffs:

================================================================
Index: SOURCES/openldap.conf
diff -u /dev/null SOURCES/openldap.conf:1.1

--- /dev/null	Tue Nov  6 17:54:21 2007
+++ SOURCES/openldap.conf	Tue Nov  6 17:54:16 2007
@@ -0,0 +1,109 @@
+#
+# LDAP Defaults
+#
+
+# See ldap.conf(5) for details
+# This file should be world readable but not world writable.
+
+# URI(s) of an LDAP server(s) to which the LDAP library should connect
+URI ldapi:// ldap://127.0.0.1
+
+# Default base DN to use when performing ldap operations
+BASE dc=example,dc=com
+
+# default bind DN to use when performing ldap operations.
+#BINDDN cn=proxyuser,dc=example,dc=com
+
+# how alias dereferencing is done when performing a search
+# <when> can be specified as one of the following keywords:
+# never, searching, finding, always
+#DEREF never
+
+# name(s) of an LDAP server(s) to which the LDAP library should connect.
+# HOST is deprecated in favor of URI
+#HOST example.com
+
+# timeout (in seconds) after which the poll(2)/select(2) following a connect(2) returns in case of no activity
+#NETWORK_TIMEOUT <integer>
+
+# PORT is deprecated in favor of URI
+#PORT <port>
+
+# Specifies if the client should automatically follow referrals
+# returned by LDAP servers.
+# The default is on.
+#REFERRALS <on/true/yes/off/false/no>
+
+# size limit to use when performing searches
+#SIZELIMIT 12
+
+# time limit to use when performing searches
+#TIMELIMIT 15
+
+# timeout (in seconds) after which calls to synchronous LDAP APIs will abort if no response is received
+#TIMEOUT <integer>
+
+
+# SASL OPTIONS
+
+
+# Specifies the SASL mechanism to use
+#SASL_MECH <mechanism>
+
+# Specifies the SASL realm
+#SASL_REALM <realm>
+
+# Specifies the authentication identity
+#SASL_AUTHCID <authcid>
+
+# Specifies the proxy authorization identity
+#SASL_AUTHZID <authcid>
+
+# Specifies Cyrus SASL security properties. The <properties> can be specified
+# as a comma-separated list of the following:
+# none, noplain, noactive, nodict, noanonymous, forwardsec, passcred,
+# minssf=<factor>, maxssf=<factor>, maxbufsize=<factor>
+#SASL_SECPROPS <properties>
+
+
+# TLS OPTIONS
+
+
+# File that contains certificates for all of the Certificate Authorities
+# the client will recognize.
+#TLS_CACERT <filename>
+
+# Path of a directory that contains Certificate Authority certificates
+# in separate individual files. The TLS_CACERT is always used before TLS_CACERTDIR
+#TLS_CACERTDIR <path>
+
+# File that contains the client certificate
+#TLS_CERT <filename>
+
+# File that contains the private key that matches the certificate stored
+# in the TLS_CERT file.
+#TLS_KEY <filename>
+
+# Acceptable cipher suite and preference order.
+# <cipher-suite-spec> should be a cipher specification for OpenSSL,
+# e.g., HIGH:MEDIUM:+SSLv2.
+#TLS_CIPHER_SUITE <cipher-suite-spec>
+
+# File to obtain random bits from when /dev/[u]random is not available.
+#TLS_RANDFILE <filename>
+
+# What checks to perform on server certificates in a TLS session, if any.
+# The <level> can be specified as one of the following keywords:
+# never, allow, try, demand
+#TLS_REQCERT <level>
+
+# Certificate Revocation List (CRL) of the CA should be used to verify
+# if the server certificates have not been revoked.
+# This requires TLS_CACERTDIR parameter to be set.
+# <level> can be specified as one of the following keywords:
+# none, peer, all
+#TLS_CRLCHECK <level>
+
+# File containing a Certificate Revocation List to be used to verify
+# if the server certificates have not been revoked.
+#TLS_CRLFILE <filename>
================================================================
