KOLAB_META_START
TARGET=/etc/saslauthd.conf
PERMISSIONS=0644
OWNERSHIP=root:root
KOLAB_META_END
# (c) 2003 Tassilo Erlewein <tassilo.erlewein@erfrakon.de>
# (c) 2003 Martin Konold <martin.konold@erfrakon.de>
# (c) 2003 Achim Frank <achim.frank@erfrakon.de>
# This program is Free Software under the GNU General Public License (>=v2).
# Read the file COPYING that comes with this packages for details.
# this file is automatically written by the Kolab config backend
# manual additions are lost unless made to the template in the Kolab config directory
ldap_servers: @@@user_ldap_uri@@@
#ldap_servers: <ldap://localhost/>
# Specify URI(s) refering to LDAP server(s), e.g. ldaps://10.1.1.2:999/.
# You can specify multiple servers separated by a space.
ldap_bind_dn: @@@user_bind_dn@@@
# Specify DN (distinguished name) to bind to the LDAP directory. Do not
# specify this parameter for the anonymous bind.
ldap_bind_pw: @@@user_bind_pw@@@
# Specify the password for ldap_bind_dn. Do not specify this parameter
# for the anonymous bind.
ldap_version: 3
#ldap_version: <3> <2|3>
# Specify the LDAP protocol version to use.
ldap_timeout: 15
# Specify a number of seconds a search can take before timing out.
ldap_time_limit: 15
# Specify a number of seconds for a search request to complete.
ldap_deref: always
#ldap_deref: <none> <search|find|always|never>
# Specify how aliases dereferencing is handled during a search.
#ldap_referrals: <no>
# Specify whether or not the client should follow referrals.
ldap_restart: yes
# Specify whether or not LDAP I/O operations are automatically restarted
# if they abort prematurely.
#ldap_cache_ttl: <0>
# Non zero enables client side caching. Cached results will expire after
# specified number seconds, e.g. 30. Use this option with care.
# OpenLDAP folks consider this feature experimental.
#ldap_cache_mem: <0>
# If client side caching is enabled, the value specifies the cache size
# in bytes, e.g. 32768.
ldap_scope: sub
#ldap_scope: <sub> <sub|one|base>
# Search scope.
ldap_search_base: @@@user_dn_list@@@
#ldap_search_base: <none>
# Specify a starting point for the search. e.g. dc=foo,dc=com
ldap_auth_method: bind
#ldap_auth_method: <bind> <bind|custom>
# Specify an authentication method. The default 'bind' method uses the
# LDAP simple bind facility to verify the password. The custom method
# uses userPassword attribute to verify the password. Currently, {CRYPT}
# hash is supported.
ldap_filter: (&(|(mail=%u@%d)(mail=%u)(uid=%u@%d)(uid=%u))(!(kolabdeleteflag=*)))
#ldap_filter: <uid=%u>
# Specify a filter. Use the %u and %r tokens for the username and realm
# substitution. The %u token has to be used at minimum for the filter to
# be useful. If ldap_auth_method is 'bind', the filter will search for
# the DN (distinguished name) attribute. Otherwise, the search will look
# for the userPassword attribute.
#ldap_debug: <0>
# Specify a debugging level in the OpenLDAP libraries. See
# ldap_set_option(3) for more (LDAP_OPT_DEBUG_LEVEL).
#ldap_tls_check_peer: <no> <yes|no>
# Require and verify server certificate. If this option is yes,
# you must specify ldap_tls_cacert_file or ldap_tls_cacert_dir.
#ldap_tls_cacert_file: <none>
# File containing CA (Certificate Authority) certificate(s).
#ldap_tls_cacert_dir: <none>
# Path to directory with CA (Certificate Authority) certificates.
#ldap_tls_ciphers: <DEFAULT>
# List of SSL/TLS ciphers to allow. The format of the string is
# described in ciphers(1).
#ldap_tls_cert: <none>
# File containing the client certificate.
#ldap_tls_key: <none>
# File containing the private client key.
