Arthur de Jong

Open Source / Free Software developer

summaryrefslogtreecommitdiffstats
path: root/debian/nslcd.templates
blob: 5a57f0bdcc73d97d8c2e52714f3feff80e5de49a (plain)
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
Template: nslcd/ldap-uris
Type: string
_Description: LDAP server URI:
 Please enter the Uniform Resource Identifier of the LDAP server. The format
 is "ldap://<hostname_or_IP_address>:<port>/". Alternatively, "ldaps://" or
 "ldapi://" can be used. The port number is optional.
 .
 When using an ldap or ldaps scheme it is recommended to use an IP address to
 avoid failures when domain name services are unavailable.
 .
 Multiple URIs can be specified by separating them with spaces.

Template: nslcd/ldap-base
Type: string
_Description: LDAP server search base:
 Please enter the distinguished name of the LDAP search base. Many sites use
 the components of their domain names for this purpose. For example, the
 domain "example.net" would use "dc=example,dc=net" as the distinguished name
 of the search base.

Template: nslcd/ldap-auth-type
Type: select
__Choices: none, simple, SASL
Default: none
_Description: LDAP authentication to use:
 Please choose what type of authentication the LDAP database should
 require (if any):
 .
  * none: no authentication;
  * simple: simple bind DN and password authentication;
  * SASL: any Simple Authentication and Security Layer mechanism.

Template: nslcd/ldap-binddn
Type: string
_Description: LDAP database user:
 Enter the name of the account that will be used to log in to the LDAP
 database. This value should be specified as a DN (distinguished name).

Template: nslcd/ldap-bindpw
Type: password
_Description: LDAP user password:
 Enter the password that will be used to log in to the LDAP database.

Template: nslcd/ldap-sasl-mech
Type: select
Choices: auto, LOGIN, PLAIN, NTLM, CRAM-MD5, DIGEST-MD5, GSSAPI, OTP
_Description: SASL mechanism to use:
 Choose the SASL mechanism that will be used to authenticate to the LDAP
 database:
 .
  * auto: auto-negotiation;
  * LOGIN: deprecated in favor of PLAIN;
  * PLAIN: simple cleartext password mechanism;
  * NTLM: NT LAN Manager authentication mechanism;
  * CRAM-MD5: challenge-response scheme based on HMAC-MD5;
  * DIGEST-MD5: HTTP Digest compatible challenge-response scheme;
  * GSSAPI: used for Kerberos;
  * OTP: a One Time Password mechanism.

Template: nslcd/ldap-sasl-realm
Type: string
_Description: SASL realm:
 Enter the SASL realm that will be used to authenticate to the LDAP
 database.
 .
 The realm is appended to authentication and authorization identities.
 .
 For GSSAPI this can be left blank to use information from the Kerberos
 credential cache.

Template: nslcd/ldap-sasl-authcid
Type: string
_Description: SASL authentication identity:
 Enter the SASL authentication identity that will be used to authenticate to
 the LDAP database.
 .
 This is the login used in LOGIN, PLAIN, CRAM-MD5, and DIGEST-MD5 mechanisms.

Template: nslcd/ldap-sasl-authzid
Type: string
_Description: SASL proxy authorization identity:
 Enter the proxy authorization identity that will be used to authenticate to
 the LDAP database.
 .
 This is the object in the name of which the LDAP request is done.
 This value should be specified as a DN (distinguished name).

Template: nslcd/ldap-sasl-secprops
Type: string
_Description: Cyrus SASL security properties:
 Enter the Cyrus SASL security properties.
 Allowed values are described in the ldap.conf(5) manual page
 in the SASL OPTIONS section.

Template: nslcd/ldap-sasl-krb5-ccname
Type: string
Default: /var/run/nslcd/nslcd.tkt
_Description: Kerberos credential cache file path:
 Enter the GSSAPI/Kerberos credential cache file name that will be used.

Template: nslcd/ldap-starttls
Type: boolean
_Description: Use StartTLS?
 Please choose whether the connection to the LDAP server should use
 StartTLS to encrypt the connection.

Template: nslcd/ldap-reqcert
Type: select
__Choices: never, allow, try, demand
_Description: Check server's SSL certificate:
 When an encrypted connection is used, a server certificate can be requested
 and checked. Please choose whether lookups should be configured to require
 a certificate, and whether certificates should be checked for validity:
 .
  * never: no certificate will be requested or checked;
  * allow: a certificate will be requested, but it is not
           required or checked;
  * try: a certificate will be requested and checked, but if no
         certificate is provided it is ignored;
  * demand: a certificate will be requested, required, and checked.
 .
 If certificate checking is enabled, at least one of the tls_cacertdir or
 tls_cacertfile options must be put in /etc/nslcd.conf.