2 Configuration

LDAP functions take their configuration from file ldap.conf, searched in the LDAP configuration path, which is initialized as ‘/etc:/etc/ldap:/etc/openldap’. Directories in that path are scanned sequentially until the file ldap.conf is found in one of them. The file is then read, and further scanning stops¹. The format of the configuration file is described elsewhere (see ldap.conf in ldap.conf manpage). mfmod_ldap uses the following settings:

LDAP setting: uri

Specifies the URI of an LDAP server or servers to which the mfmod_ldap should connect.

LDAP setting: base

The default base DN to use when performing ldap operations.

LDAP setting: ldap_version

Version of the LDAP protocol to use. Valid values are 2 and 3 (default).

LDAP setting: binddn

Specifies the default bind DN to use when performing ldap operations.

LDAP setting: bindpw

Specifies the password of binddn.

LDAP setting: bindpwfile

A more secure alternative to bindpw. It specifies the name of a (plaintext) file from which to read the password. Note that the file is read verbatim, which means that it should not end with a newline (unless it is part of the password, of course).

LDAP setting: tls

Configures TLS. The allowed values for this setting are:

yes

Use TLS when possible.

only

Use of TLS required. If TLS is not available, binding will fail.

no

Don’t use TLS.

LDAP setting: tls_cacert

Specifies the file that contains certificates for all of the Certificate Authorities the client will recognize.