##VERSION: $Id: authldaprc,v 1.12 2001/11/19 01:04:17 mrsam Exp $
#
# Copyright 2000-2001 Double Precision, Inc.  See COPYING for
# distribution information.
#
# Do not alter lines that begin with ##, they are used when upgrading
# this configuration.
#
# authldaprc created from authldaprc.dist by sysconftool
#
# DO NOT INSTALL THIS FILE with world read permissions.  This file
# might contain the LDAP admin password!
#
# This configuration file specifies LDAP authentication parameters
#
# The format of this file must be as follows:
#
# field[spaces|tabs]value
#
# That is, the name of the field, followed by spaces or tabs, followed by
# field value.  No trailing spaces.
#
# Here are the fields:

##NAME: LOCATION:0
#
# Location of your LDAP server:

LDAP_SERVER		ldap.example.com
LDAP_PORT		389

##NAME: LDAP_BASEDN:0
#
# Look for authentication here:

LDAP_BASEDN		o=example, c=com

##NAME: LDAP_BINDDN:0
#
# You may or may not need to specify the following.  Because you've got
# a password here, authldaprc should not be world-readable!!!

LDAP_BINDDN		cn=administrator, o=example, c=com
LDAP_BINDPW		toto

##NAME: LDAP_TIMEOUT:0
#
# Timeout for LDAP search

LDAP_TIMEOUT		5

##NAME: LDAP_AUTHBIND:0
#
# Define this to have the ldap server authenticate passwords.  If LDAP_AUTHBIND
# the password is validated by rebinding with the supplied userid and password.
# If rebind succeeds, this is considered to be an authenticated request.  This
# does not support CRAM-MD5 authentication, which requires userPassword.
#
# WARNING - as of the time this note is written, there are memory leaks in
# OpenLDAP that affect this option, see ITS #1116 in openldap.org's bug
# tracker.  Avoid using this option until these leaks are plugged.
#
# LDAP_AUTHBIND		1

##NAME: LDAP_MAIL:0
#
# Here's the field on which we query

LDAP_MAIL		mail

##NAME: LDAP_DOMAIN:0
#
# The following default domain will be appended, if not explicitly specified. 
#
# LDAP_DOMAIN		example.com

##NAME: LDAP_GLOB_IDS:0
#
# The following two variables can be used to set everybody's uid and gid.
# This is convenient if your LDAP specifies a bunch of virtual mail accounts
# The values can be usernames or userids:
#
# LDAP_GLOB_UID		vmail
# LDAP_GLOB_GID		vmail

##NAME: LDAP_HOMEDIR:0
#
# We will retrieve the following attributes
#
# The HOMEDIR attribute MUST exist, and we MUST be able to chdir to it

LDAP_HOMEDIR		homeDirectory

##NAME: LDAP_MAILDIR:0
#
# The MAILDIR attribute is OPTIONAL, and specifies the location of the
# mail directory.  If not specified, ./Maildir will be used

LDAP_MAILDIR		mailDir

##NAME: LDAP_MAILDIRQUOTA:0
#
# The following variable, if defined, specifies the field containing the
# maildir quota, see README.maildirquota for more information
#
# LDAP_MAILDIRQUOTA	maildirQuota


##NAME: LDAP_FULLNAME:0
#
# FULLNAME is optional, specifies the user's full name

LDAP_FULLNAME		cn

##NAME: LDAP_PW:0
#
# CLEARPW is the clear text password.  CRYPT is the crypted password.
# ONE OF THESE TWO ATTRIBUTES IS REQUIRED.  If CLEARPW is provided, and
# libhmac.a is available, CRAM authentication will be possible!

LDAP_CLEARPW		clearPassword
LDAP_CRYPTPW		userPassword

##NAME: LDAP_IDS:0
#
# Uncomment the following, and modify as appropriate, if your LDAP database
# stores individual userids and groupids.  Otherwise, you must uncomment
# LDAP_GLOB_UID and LDAP_GLOB_GID above.  LDAP_GLOB_UID and LDAP_GLOB_GID
# specify a uid/gid for everyone.  Otherwise, LDAP_UID and LDAP_GID must
# be defined as attributes for everyone.
#
# LDAP_UID		uidNumber
# LDAP_GID		gidNumber

##NAME: LDAP_DEREF:0
#
# Determines how aliases are handled during a search.  This option is available
# only with OpenLDAP 2.0
#
# LDAP_DEREF can be one of the following values:
# never, searching, finding, always. If not specified, aliases are
# never dereferenced.

LDAP_DEREF		never

##NAME: LDAP_TLS:0
#
# Set LDAP_TLS to 1 to enable LDAP over SSL/TLS.  Experimental setting.
# Requires OpenLDAP 2.0
#

LDAP_TLS		0
