summaryrefslogtreecommitdiff
path: root/conf/templates/saslauthd.conf.template
blob: 116d667dce1e7639ffb5845970f4552449cca580 (plain)
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
KOLAB_META_START
TARGET=@@@sasl_authdconffile@@@
PERMISSIONS=0600
OWNERSHIP=@@@kolab_musr@@@:@@@kolab_mgrp@@@
RUNONCHANGE=@@@KOLABRC@@@ rc sasl restart
KOLAB_META_END
# (c) 2003 Tassilo Erlewein <tassilo.erlewein@erfrakon.de>
# (c) 2003 Martin Konold <martin.konold@erfrakon.de>
# (c) 2003 Achim Frank <achim.frank@erfrakon.de>
# This program is Free Software under the GNU General Public License (>=v2).
# Read the file COPYING that comes with this packages for details.

@@@warning@@@

ldap_servers: @@@user_ldap_uri@@@
#ldap_servers: <ldap://localhost/>
#        Specify URI(s) refering to LDAP server(s), e.g. ldaps://10.1.1.2:999/.
#        You can specify multiple servers separated by a space.

ldap_bind_dn: @@@user_bind_dn@@@
#        Specify DN (distinguished name) to bind to the LDAP directory.  Do not
#        specify this parameter for the anonymous bind.

ldap_bind_pw: @@@user_bind_pw@@@
#        Specify the password for ldap_bind_dn.  Do not specify this parameter
#        for the anonymous bind.

# Avoid the "Domain/Realm not available" error message
# Does not have the desired effect and causes
# kolab/issue2869 (Can login to imapd with localpart of primary email address) 
#ldap_default_realm: @@@postfix-mydomain@@@

ldap_version: 3
#ldap_version: <3> <2|3>
#        Specify the LDAP protocol version to use.

ldap_timeout: 15
#        Specify a number of seconds a search can take before timing out.

ldap_time_limit: 15
#        Specify a number of seconds for a search request to complete.

ldap_deref: always
#ldap_deref: <none> <search|find|always|never>
#        Specify how aliases dereferencing is handled during a search.

#ldap_referrals: <no>
#        Specify whether or not the client should follow referrals.

ldap_restart: yes
#        Specify whether or not LDAP I/O operations are automatically restarted
#        if they abort prematurely.

#ldap_cache_ttl: <0>
#        Non zero enables client side caching.  Cached results will expire after
#        specified number seconds, e.g. 30.  Use this option with care.
#        OpenLDAP folks consider this feature experimental.

#ldap_cache_mem: <0>
#        If client side caching is enabled, the value specifies the cache size
#        in bytes,  e.g. 32768.

ldap_scope: sub
#ldap_scope: <sub> <sub|one|base>
#        Search scope.

ldap_search_base: @@@user_dn_list@@@
#ldap_search_base: <none>
#        Specify a starting point for the search.  e.g. dc=foo,dc=com

ldap_auth_method: bind
#ldap_auth_method: <bind> <bind|custom>
#        Specify an authentication method.  The default 'bind' method uses the
#        LDAP simple bind facility to verify the password.  The custom method
#        uses userPassword attribute to verify the password.  Currently, {CRYPT}
#        hash is supported.

ldap_filter: (&(|(mail=%u@%d)(mail=%u)(uid=%u@%d)(uid=%u))(!(kolabdeleteflag=*))(objectClass=kolabInetOrgPerson))
#ldap_filter: <uid=%u>
#        Specify a filter.  Use the %u and %r tokens for the username and realm
#        substitution.  The %u token has to be used at minimum for the filter to
#        be useful.  If ldap_auth_method is 'bind', the filter will search for
#        the DN (distinguished name) attribute.  Otherwise, the search will look
#        for the userPassword attribute.

#ldap_debug: <0>
#        Specify a debugging level in the OpenLDAP libraries.  See
#        ldap_set_option(3) for more (LDAP_OPT_DEBUG_LEVEL).

#ldap_tls_check_peer: <no> <yes|no>
#        Require and verify server certificate.  If this option is yes,
#        you must specify ldap_tls_cacert_file or ldap_tls_cacert_dir.

#ldap_tls_cacert_file: <none>
#        File containing CA (Certificate Authority) certificate(s).

#ldap_tls_cacert_dir: <none>
#        Path to directory with CA (Certificate Authority) certificates.

#ldap_tls_ciphers: <DEFAULT>
#        List of SSL/TLS ciphers to allow.  The format of the string is
#        described in ciphers(1).

#ldap_tls_cert: <none>
#        File containing the client certificate.

#ldap_tls_key: <none>
#        File containing the private client key.