File: nslcd.templates

package info (click to toggle)
nss-pam-ldapd 0.9.10-2
  • links: PTS, VCS
  • area: main
  • in suites: buster, sid
  • size: 4,768 kB
  • sloc: ansic: 16,287; sh: 6,589; python: 3,368; xml: 1,925; makefile: 294; exp: 146
file content (130 lines) | stat: -rw-r--r-- 4,847 bytes parent folder | download
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
Template: nslcd/ldap-uris
Type: string
_Description: LDAP server URI:
 Please enter the Uniform Resource Identifier of the LDAP server. The format
 is "ldap://<hostname_or_IP_address>:<port>/". Alternatively, "ldaps://" or
 "ldapi://" can be used. The port number is optional.
 .
 When using an ldap or ldaps scheme it is recommended to use an IP address to
 avoid failures when domain name services are unavailable.
 .
 Multiple URIs can be separated by spaces.

Template: nslcd/ldap-base
Type: string
_Description: LDAP server search base:
 Please enter the distinguished name of the LDAP search base. Many sites use
 the components of their domain names for this purpose. For example, the
 domain "example.net" would use "dc=example,dc=net" as the distinguished name
 of the search base.

Template: nslcd/ldap-auth-type
Type: select
__Choices: none, simple, SASL
_Description: LDAP authentication to use:
 Please choose what type of authentication the LDAP database should
 require (if any):
 .
  * none: no authentication;
  * simple: simple bind DN and password authentication;
  * SASL: any Simple Authentication and Security Layer mechanism.

Template: nslcd/ldap-binddn
Type: string
_Description: LDAP database user:
 Please enter the name of the account that will be used to log in to the LDAP
 database. This value should be specified as a DN (distinguished name).

Template: nslcd/ldap-bindpw
Type: password
_Description: LDAP user password:
 Please enter the password that will be used to log in to the LDAP database.

Template: nslcd/ldap-sasl-mech
Type: select
Choices: auto, LOGIN, PLAIN, NTLM, CRAM-MD5, DIGEST-MD5, SCRAM, GSSAPI, SKEY, OTP, EXTERNAL
_Description: SASL mechanism to use:
 Please choose the SASL mechanism that will be used to authenticate to the LDAP
 database:
 .
  * auto: auto-negotiation;
  * LOGIN: deprecated in favor of PLAIN;
  * PLAIN: simple cleartext password mechanism;
  * NTLM: NT LAN Manager authentication mechanism;
  * CRAM-MD5: challenge-response scheme based on HMAC-MD5;
  * DIGEST-MD5: HTTP Digest compatible challenge-response scheme;
  * SCRAM: salted challenge-response mechanism;
  * GSSAPI: used for Kerberos;
  * SKEY: S/KEY mechanism (obsoleted by OTP);
  * OTP: One Time Password mechanism;
  * EXTERNAL: authentication is implicit in the context.

Template: nslcd/ldap-sasl-realm
Type: string
_Description: SASL realm:
 Please enter the SASL realm that will be used to authenticate to the LDAP
 database.
 .
 The realm is appended to authentication and authorization identities.
 .
 For GSSAPI, this can be left blank to use information from the Kerberos
 credentials cache.

Template: nslcd/ldap-sasl-authcid
Type: string
_Description: SASL authentication identity:
 Please enter the SASL authentication identity that will be used to authenticate to
 the LDAP database.
 .
 This is the login used in LOGIN, PLAIN, CRAM-MD5, and DIGEST-MD5 mechanisms.

Template: nslcd/ldap-sasl-authzid
Type: string
_Description: SASL proxy authorization identity:
 Please enter the proxy authorization identity that will be used to authenticate to
 the LDAP database.
 .
 This is the object in the name of which the LDAP request is done.
 This value should be specified as a DN (distinguished name).

Template: nslcd/ldap-sasl-secprops
Type: string
_Description: Cyrus SASL security properties:
 Please enter the Cyrus SASL security properties.
 .
 Allowed values are described in the ldap.conf(5) manual page
 in the SASL OPTIONS section.

Template: nslcd/ldap-sasl-krb5-ccname
Type: string
Default: /var/run/nslcd/nslcd.tkt
_Description: Kerberos credential cache file path:
 Please enter the GSSAPI/Kerberos credential cache file name that will be used.

Template: nslcd/ldap-starttls
Type: boolean
_Description: Use StartTLS?
 Please choose whether the connection to the LDAP server should use
 StartTLS to encrypt the connection.

Template: nslcd/ldap-reqcert
Type: select
__Choices: never, allow, try, demand
_Description: Check server's SSL certificate:
 When an encrypted connection is used, a server certificate can be requested
 and checked. Please choose whether lookups should be configured to require
 a certificate, and whether certificates should be checked for validity:
 .
  * never: no certificate will be requested or checked;
  * allow: a certificate will be requested, but it is not
           required or checked;
  * try: a certificate will be requested and checked, but if no
         certificate is provided, it is ignored;
  * demand: a certificate will be requested, required, and checked.

Template: nslcd/ldap-cacertfile
Type: string
Default: /etc/ssl/certs/ca-certificates.crt
_Description: Certificate authority certificate:
 When certificate checking is enabled this file contains the X.509
 certificate that is used to check the certificate provided by the server.