3
3
_Description: LDAP server URI:
4
4
Please enter the Uniform Resource Identifier of the LDAP server. The format
5
is 'ldap://<hostname_or_IP_address>:<port>/'. Alternatively, 'ldaps://' or
6
'ldapi://' can be used. The port number is optional.
5
is "ldap://<hostname_or_IP_address>:<port>/". Alternatively, "ldaps://" or
6
"ldapi://" can be used. The port number is optional.
8
8
When using an ldap or ldaps scheme it is recommended to use an IP address to
9
9
avoid failures when domain name services are unavailable.
18
18
domain "example.net" would use "dc=example,dc=net" as the distinguished name
19
19
of the search base.
21
Template: nslcd/ldap-auth-type
23
__Choices: none, simple, SASL
25
_Description: LDAP authentication to use:
26
Please choose what type of authentication the LDAP database should
29
* none: no authentication;
30
* simple: simple bind DN and password authentication;
31
* SASL: any Simple Authentication and Security Layer mechanism.
21
33
Template: nslcd/ldap-binddn
23
35
_Description: LDAP database user:
24
If the LDAP database requires a login for normal lookups, enter the name of
25
the account that will be used here. Leave it empty otherwise.
27
This value should be specified as a DN (distinguished name).
36
Enter the name of the account that will be used to log in to the LDAP
37
database. This value should be specified as a DN (distinguished name).
29
39
Template: nslcd/ldap-bindpw
31
41
_Description: LDAP user password:
32
42
Enter the password that will be used to log in to the LDAP database.
44
Template: nslcd/ldap-sasl-mech
46
Choices: auto, LOGIN, PLAIN, NTLM, CRAM-MD5, DIGEST-MD5, GSSAPI, OTP
47
_Description: SASL mechanism to use:
48
Choose the SASL mechanism that will be used to authenticate to the LDAP
51
* auto: auto-negotiation;
52
* LOGIN: deprecated in favor of PLAIN;
53
* PLAIN: simple cleartext password mechanism;
54
* NTLM: NT LAN Manager authentication mechanism;
55
* CRAM-MD5: challenge-response scheme based on HMAC-MD5;
56
* DIGEST-MD5: HTTP Digest compatible challenge-response scheme;
57
* GSSAPI: used for Kerberos;
58
* OTP: a One Time Password mechanism.
60
Template: nslcd/ldap-sasl-realm
62
_Description: SASL realm:
63
Enter the SASL realm that will be used to authenticate to the LDAP
66
The realm is appended to authentication and authorization identities.
68
For GSSAPI this can be left blank to use information from the Kerberos
71
Template: nslcd/ldap-sasl-authcid
73
_Description: SASL authentication identity:
74
Enter the SASL authentication identity that will be used to authenticate to
77
This is the login used in LOGIN, PLAIN, CRAM-MD5, and DIGEST-MD5 mechanisms.
79
Template: nslcd/ldap-sasl-authzid
81
_Description: SASL proxy authorization identity:
82
Enter the proxy authorization identity that will be used to authenticate to
85
This is the object in the name of which the LDAP request is done.
86
This value should be specified as a DN (distinguished name).
88
Template: nslcd/ldap-sasl-secprops
90
_Description: Cyrus SASL security properties:
91
Enter the Cyrus SASL security properties.
92
Allowed values are described in the ldap.conf(5) manual page
93
in the SASL OPTIONS section.
95
Template: nslcd/ldap-sasl-krb5-ccname
97
Default: /var/run/nslcd/nslcd.tkt
98
_Description: Kerberos credential cache file path:
99
Enter the GSSAPI/Kerberos credential cache file name that will be used.
34
101
Template: nslcd/ldap-starttls
36
103
_Description: Use StartTLS?
44
111
When an encrypted connection is used, a server certificate can be requested
45
112
and checked. Please choose whether lookups should be configured to require
46
113
a certificate, and whether certificates should be checked for validity:
47
115
* never: no certificate will be requested or checked;
48
116
* allow: a certificate will be requested, but it is not
49
117
required or checked;
50
118
* try: a certificate will be requested and checked, but if no
51
119
certificate is provided it is ignored;
52
120
* demand: a certificate will be requested, required, and checked.
53
122
If certificate checking is enabled, at least one of the tls_cacertdir or
54
123
tls_cacertfile options must be put in /etc/nslcd.conf.