web2ldap - hosts.py

This section describes the parameters related to specific LDAP hosts/backends.

Intro

ldap_host_list

List of LDAP hosts which will appear in the default select list of the login form.

Example:

      ldap_host_list = [
	'nldap.com',
	'ldap.surfnet.nl'
      ]
    

ldap_def

This is a string-keyed dictionary (Python data structure) which holds all options specific for certain LDAP hosts or backends( naming contexts). The values of the dictionary ldap_def are of the simple class Web2LDAPConfig which is instantiated via key word arguments.

Any configuration parameter in the dictionary web2ldapcnf.hosts.ldap_def is retrieved by looking at string-key 'ldap://ldap_host/ldap_basedn', 'ldap_host' and '_' in this particular order.
This allows to hold several database backends on the same host with the same DNS name. It also shortens the ldap_def dictionary by avoiding having to repeat same options for every server and makes browsing of completely unconfigured hosts easy.

Example:

  ldap_def = {

    '_': {
      # Default fall-back options
    },

    'nldap.com': {
      # Per-host options for host nldap.com
    },

    'ldap://localhost/dc=stroeder,dc=com': {
      # Options dictionary entries for backend
      # on host localhost with naming context dc=stroeder,dc=com
    }

  }

addform_oc_list

Default: []

binddnsearch

Default: '(uid=%s)'
Search filter template for smart login. Occurences of %s are substituted by the string the user entered.

cache_maxmem

Default: 0
Maximum cache size in bytes (per session!) If set to zero caching is turned-off.

cache_timeout

Default: 0
Maximum amount of time in seconds a result is valid in the cache. If set to zero caching is turned-off.

description

Default: ''
Textual description of the host or backend.

dit

Default: {}
This is a dictionary with DNs as string keys and tuples of the form (RDN attribute type,list of object classes,immutable flag) as value. Note that the values are used solely for new entries for the next level below the given DN.

RDN attribute type

Specifies which attribute type is used for forming the RDN (relative distinguished name) of the new entry.

list of object classes

List of object classes for new entries (no schema checking).

immutable flag

If this flag is set to non-zero value, the user cannot choose the object class or set the RDN manually.

hiddenattrs

Default: []
Attributes listed here are never displayed nor modified.
Example (might be a good idea to hide these...):
'hiddenattrs':['userPassword']

passwd_hashtypes

Default: []
List of strings specifying the allowed password-hash types. Valid values of implemented hashing schemes are:

'' (empty string)
no hashing, plain text
'crypt'
Unix crypt algorithm (with salt like used with Unix passwd)
'md5'
MD5 hash
'smd5'
salted MD5 hash
'sha'
SHA-1 hash
'ssha'
salted SHA-1 hash

The hash-based encodings require the appropriate Python modules to be installed on your system. The presence of the modules is automatically detected and the displayed select list shows the available password hash-types.
Example (allow only salted MD5 and salted SHA-1):
'passwd_hashtypes':['smd5','ssha']

print_cols

Default: '4'
Number of columns for printable output.

print_template

Default: None
HTML template files for printing table entries. This is a dictionary with object class names as key and path names of HTML template files as value.

read_operationalattrstemplate

Default: ''
Path name of a HTML template file for displaying operational attributes at the bottom when displaying a single entry.

read_template

Default: {}

search_attrs

Default: ['cn','mail']

search_attrsonly

Default: 1
There are some situations in which web2ldap just wants to get the existing attribute types of an entry and not the data itself for saving bandwidth. However some broken LDAP hosts (e.g. Notes Domino 4.61) have problems with such an attributetype-only request, they won't return any matches for a search. If you experience this problems (no matching entry) set this to 0.

search_resultsperpage

Default: 10
Integer which specifies the number of results shown per page. This affects the select list of the search form and displaying results of a search without prior use of a search form.

search_tablistattrs

Default: []

search_tdtemplate

Default: {}
HTML template strings used to display entries in the table of search results depending on the object class of an entry. This is a dictionary with object class names as key and HTML templates strings as value.

searchform_template

Default: ''
HTML template file for the input fields of a Basic Search Form. The HTML document must not contain HTML <head> section, <body> or <html> tags.

ssl_minlevel

Default: 0
Defines the minimum required SSL security level for accessing this host/backend through the web2ldap gateway.

ssl_valid_dn

Default: ''
Regex describing the valid subject DNs of client certificates.

ssl_valid_idn

Default: ''
Regex describing the valid DNs of issuer certificates of valid client certificates.

starttls

Default: 0
Integer defining whether StartTLS should not be used (value 0), StartTLS should be tried (value 1) or use of StartTLS is mandantory (value 2) for connecting to this server. Does only make sense per server.

timeout

Default: -1
Timeout value for LDAP operations on seconds. -1 switches off timeout handling.

vcard_template

Default: {}
HTML template files for vCard downloading. This is a dictionary with object class names as key and path names of vCard template files as value.