## Path: Network/LDAP ## Description: Basic Configuration of the OpenLDAP Directory Server ## Type: yesno ## Default: yes ## ServiceRestart: ldap # # If set to "no" the LDAP server will not accept any "normal" LDAP connections # but just connections over "ldaps" or "ldapi". Setting this to "no" does only # make sense when either OPENLDAP_START_LDAPS or OPENLDAP_START_LDAPI is set # "yes". # OPENLDAP_START_LDAP="yes" ## Type: yesno ## Default: no ## ServiceRestart: ldap # # If set to "yes" the "ldap over ssl" feature of slapd will be enabled. Don't # forget to add the "TLSCertificateFile" and "TLSCertificateKeyFile" options # to the /etc/openldap/slapd.conf (man slapd.conf). # Note: Don't confuse this with "START_TLS", the preferred method for # making encrypted LDAP connections, which is enabled as soon as You # specify "TLSCertificateFile" and "TLSCertificateKeyFile" in your config # file # OPENLDAP_START_LDAPS="no" ## Type: yesno ## Default: no ## ServiceRestart: ldap # # If set to "yes", "ldap over IPC" feature of slapd will be enabled. # The ldap server creates a Unix domain socket as /var/run/slapd/ldapi. # Default: no # OPENLDAP_START_LDAPI="yes" ## Type: string ## Default: "" ## ServiceRestart: ldap # # If not empty, additional parameters for slapd daemon. # Default: "" # OPENLDAP_SLAPD_PARAMS="" ## Type: string ## Default: ldap ## ServiceRestart: ldap # # specifies a user, as which the openldap server should be executed # Default: ldap # OPENLDAP_USER="ldap" ## Type: string ## Default: ldap ## ServiceRestart: ldap # # specifies a group, as which the openldap server should be executed # Default: ldap # OPENLDAP_GROUP="ldap" ## Type: yesno ## Default: yes ## ServiceRestart: ldap # # If set to "yes" the init scripts will change the owner/group of the # different backend database directories (e.g. /var/lib/ldap) to the # user/group specified above # OPENLDAP_CHOWN_DIRS="yes" ## Type: string ## Default: "" ## ServiceRestart: ldap # # Use this to specify the interfaces that the server such accept # LDAP connections from. The values are specified in the format # <address>:<port>, where address is an IP address and port is the # portnumber, the daemon should listen to (defaulting to 389). If this # parameter is empty the server will attach to all interfaces. This # parameter is only evaluated if "OPENLDAP_START_LDAP" is set to # "yes" # Default: "" # OPENLDAP_LDAP_INTERFACES="" ## Type: string ## Default: "" ## ServiceRestart: ldap # # Use this to specify the interfaces that the server such accept # LDAPS connections from. The values are specified in the format # <address>:<port>, where address is an IP address and port is the # portnumber, the daemon should listen to (defaulting to 636). If this # parameter is empty the server will attach to all interfaces. This # parameter is only evaluated if "OPENLDAP_START_LDAPS" is set to # "yes" # Default: "" # OPENLDAP_LDAPS_INTERFACES="" ## Type: string ## Default: "" ## ServiceRestart: ldap # # Use this to specify the paths of the Unix Domain Sockets that # the server should create an accept incoming LDAPI connections # on. This parameter is only evaluated if "OPENLDAP_START_LDAPI" # is set to "yes". # Default: "" # OPENLDAP_LDAPI_INTERFACES="" ## Type: yesno ## Default: "yes" ## ServiceRestart: ldap # # If set to "no" the LDAP server will not try itself at a running SLP # daemon. # Default: "yes" # OPENLDAP_REGISTER_SLP="no" ## Type: string ## Default: "" ## ServiceRestart: ldap # # Set this to the name of the keytab, if you want to use a non-default # Kerberos Keytab. If OPENLDAP_CHOWN_DIRS is set to "yes" the permissions of # this file will be changed so that the group OPENLDAP_GROUP has read # access to the file. # Example: OPENLDAP_KRB5_KEYTAB="FILE:/etc/openldap/krb5.keytab # Default: "" # OPENLDAP_KRB5_KEYTAB="" ## Type: string ## Default: "files" ## ServiceRestart: ldap # # Here you can configure which of the configuration backends you want to # use. Possible values are "files" for slapd.conf(5) styleconfiguration or # "ldap" for the slapd-config(5) LDAP based configuration backend. # OPENLDAP_CONFIG_BACKEND="files" ## Type: yesno ## Default: "yes" ## ServiceRestart: ldap # # Here you can configure if the slapd shall start with or without memory limit. # OPENLDAP_MEMORY_LIMIT="yes"