159 lines
4.5 KiB
Plaintext
159 lines
4.5 KiB
Plaintext
## Path: Network/LDAP
|
|
## Description: Basic Configuration of the OpenLDAP Directory Server
|
|
|
|
## Type: yesno
|
|
## Default: yes
|
|
## ServiceRestart: ldap
|
|
#
|
|
# If set to "no" the LDAP server will not accept any "normal" LDAP connections
|
|
# but just connections over "ldaps" or "ldapi". Setting this to "no" does only
|
|
# make sense when either OPENLDAP_START_LDAPS or OPENLDAP_START_LDAPI is set
|
|
# "yes".
|
|
#
|
|
OPENLDAP_START_LDAP="yes"
|
|
|
|
## Type: yesno
|
|
## Default: no
|
|
## ServiceRestart: ldap
|
|
#
|
|
# If set to "yes" the "ldap over ssl" feature of slapd will be enabled. Don't
|
|
# forget to add the "TLSCertificateFile" and "TLSCertificateKeyFile" options
|
|
# to the /etc/openldap/slapd.conf (man slapd.conf).
|
|
# Note: Don't confuse this with "START_TLS", the preferred method for
|
|
# making encrypted LDAP connections, which is enabled as soon as You
|
|
# specify "TLSCertificateFile" and "TLSCertificateKeyFile" in your config
|
|
# file
|
|
#
|
|
OPENLDAP_START_LDAPS="no"
|
|
|
|
## Type: yesno
|
|
## Default: no
|
|
## ServiceRestart: ldap
|
|
#
|
|
# If set to "yes", "ldap over IPC" feature of slapd will be enabled.
|
|
# The ldap server creates a Unix domain socket as /var/run/slapd/ldapi.
|
|
# Default: no
|
|
#
|
|
OPENLDAP_START_LDAPI="yes"
|
|
|
|
## Type: string
|
|
## Default: ""
|
|
## ServiceRestart: ldap
|
|
#
|
|
# If not empty, additional parameters for slapd daemon.
|
|
# Default: ""
|
|
#
|
|
OPENLDAP_SLAPD_PARAMS=""
|
|
|
|
## Type: string
|
|
## Default: ldap
|
|
## ServiceRestart: ldap
|
|
#
|
|
# specifies a user, as which the openldap server should be executed
|
|
# Default: ldap
|
|
#
|
|
OPENLDAP_USER="ldap"
|
|
|
|
## Type: string
|
|
## Default: ldap
|
|
## ServiceRestart: ldap
|
|
#
|
|
# specifies a group, as which the openldap server should be executed
|
|
# Default: ldap
|
|
#
|
|
OPENLDAP_GROUP="ldap"
|
|
|
|
## Type: yesno
|
|
## Default: yes
|
|
## ServiceRestart: ldap
|
|
#
|
|
# If set to "yes" the init scripts will change the owner/group of the
|
|
# different backend database directories (e.g. /var/lib/ldap) to the
|
|
# user/group specified above
|
|
#
|
|
OPENLDAP_CHOWN_DIRS="yes"
|
|
|
|
## Type: string
|
|
## Default: ""
|
|
## ServiceRestart: ldap
|
|
#
|
|
# Use this to specify the interfaces that the server such accept
|
|
# LDAP connections from. The values are specified in the format
|
|
# <address>:<port>, where address is an IP address and port is the
|
|
# portnumber, the daemon should listen to (defaulting to 389). If this
|
|
# parameter is empty the server will attach to all interfaces. This
|
|
# parameter is only evaluated if "OPENLDAP_START_LDAP" is set to
|
|
# "yes"
|
|
# Default: ""
|
|
#
|
|
OPENLDAP_LDAP_INTERFACES=""
|
|
|
|
## Type: string
|
|
## Default: ""
|
|
## ServiceRestart: ldap
|
|
#
|
|
# Use this to specify the interfaces that the server such accept
|
|
# LDAPS connections from. The values are specified in the format
|
|
# <address>:<port>, where address is an IP address and port is the
|
|
# portnumber, the daemon should listen to (defaulting to 636). If this
|
|
# parameter is empty the server will attach to all interfaces. This
|
|
# parameter is only evaluated if "OPENLDAP_START_LDAPS" is set to
|
|
# "yes"
|
|
# Default: ""
|
|
#
|
|
OPENLDAP_LDAPS_INTERFACES=""
|
|
|
|
## Type: string
|
|
## Default: ""
|
|
## ServiceRestart: ldap
|
|
#
|
|
# Use this to specify the paths of the Unix Domain Sockets that
|
|
# the server should create an accept incoming LDAPI connections
|
|
# on. This parameter is only evaluated if "OPENLDAP_START_LDAPI"
|
|
# is set to "yes".
|
|
# Default: ""
|
|
#
|
|
OPENLDAP_LDAPI_INTERFACES=""
|
|
|
|
## Type: yesno
|
|
## Default: "yes"
|
|
## ServiceRestart: ldap
|
|
#
|
|
# If set to "no" the LDAP server will not try itself at a running SLP
|
|
# daemon.
|
|
# Default: "yes"
|
|
#
|
|
OPENLDAP_REGISTER_SLP="no"
|
|
|
|
## Type: string
|
|
## Default: ""
|
|
## ServiceRestart: ldap
|
|
#
|
|
# Set this to the name of the keytab, if you want to use a non-default
|
|
# Kerberos Keytab. If OPENLDAP_CHOWN_DIRS is set to "yes" the permissions of
|
|
# this file will be changed so that the group OPENLDAP_GROUP has read
|
|
# access to the file.
|
|
# Example: OPENLDAP_KRB5_KEYTAB="FILE:/etc/openldap/krb5.keytab
|
|
# Default: ""
|
|
#
|
|
OPENLDAP_KRB5_KEYTAB=""
|
|
|
|
## Type: string
|
|
## Default: "files"
|
|
## ServiceRestart: ldap
|
|
#
|
|
# Here you can configure which of the configuration backends you want to
|
|
# use. Possible values are "files" for slapd.conf(5) styleconfiguration or
|
|
# "ldap" for the slapd-config(5) LDAP based configuration backend.
|
|
#
|
|
OPENLDAP_CONFIG_BACKEND="files"
|
|
|
|
## Type: yesno
|
|
## Default: "yes"
|
|
## ServiceRestart: ldap
|
|
#
|
|
# Here you can configure if the slapd shall start with or without memory limit.
|
|
#
|
|
OPENLDAP_MEMORY_LIMIT="yes"
|
|
|