Apéndice D. Archivo de configuración /etc/courier/authldaprc

#
#VERSION: $Id: courier-authldaprc.xml,v 1.1 2004/06/29 20:33:32 sergio Exp $
#
# Copyright 2000-2004 Double Precision, Inc.  See COPYING for
# distribution information.
#
# Do not alter lines that begin with ##, they are used when upgrading
# this configuration.
#
# authldaprc created from authldaprc.dist by sysconftool
#
# DO NOT INSTALL THIS FILE with world read permissions.  This file
# might contain the LDAP admin password!
#
# This configuration file specifies LDAP authentication parameters
#
# The format of this file must be as follows:
#
# field[spaces|tabs]value
#
# That is, the name of the field, followed by spaces or tabs, followed by
# field value.  No trailing spaces.
#
# Here are the fields:

##NAME: LOCATION:0
#
# Location of your LDAP server:

LDAP_SERVER	gsr.pt
LDAP_PORT	389

##NAME: LDAP_BASEDN:0
#
# Look for authentication here:

LDAP_BASEDN	ou=people,dc=gsr,dc=pt

##NAME: LDAP_BINDDN:0
#
# You may or may not need to specify the following.  Because you've got
# a password here, authldaprc should not be world-readable!!!

LDAP_BINDDN	cn=postfix,dc=gsr,dc=pt
LDAP_BINDPW	********

##NAME: LDAP_TIMEOUT:0
#
# Timeout for LDAP search

LDAP_TIMEOUT	15

##NAME: LDAP_AUTHBIND:0
#
# Define this to have the ldap server authenticate passwords.  If LDAP_AUTHBIND
# the password is validated by rebinding with the supplied userid and password.
# If rebind succeeds, this is considered to be an authenticated request.  This
# does not support CRAM-MD5 authentication, which requires userPassword.

LDAP_AUTHBIND	1

##NAME: LDAP_MAIL:0
#
# Here's the field on which we query

LDAP_MAIL	mail

##NAME: LDAP_FILTER:0
#
# This LDAP filter will be ANDed with the query for the field defined above
# in LDAP_MAIL.  So if you are querying for mail, and you have LDAP_FILTER
# defined to be "(objectClass=CourierMailAccount)" the query that is performed
# will be "(&(objectClass=CourierMailAccount)(mail=<someAccount>))"

LDAP_FILTER	(!(quota=-1))


##NAME: LDAP_DOMAIN:0
#
# The following default domain will be appended, if not explicitly specified. 

LDAP_DOMAIN	gsr.pt

##NAME: LDAP_GLOB_IDS:0
#
# The following two variables can be used to set everybody's uid and gid.
# This is convenient if your LDAP specifies a bunch of virtual mail accounts
# The values can be usernames or userids:



##NAME: LDAP_HOMEDIR:0
#
# We will retrieve the following attributes
#
# The HOMEDIR attribute MUST exist, and we MUST be able to chdir to it

LDAP_HOMEDIR	homeDirectory

##NAME: LDAP_MAILROOT:0
#
# If homeDirectory is not an absolute path, define the root of the
# relative paths in LDAP_MAILROOT



##NAME: LDAP_MAILDIR:0
#
# The MAILDIR attribute is OPTIONAL, and specifies the location of the
# mail directory.  If not specified, ./Maildir will be used

LDAP_MAILDIR	mailbox

##NAME: LDAP_DEFAULTDELIVERY:0
#
# Courier mail server only: optional attribute specifies custom mail delivery
# instructions for this account (if defined) -- essentially overrides
# DEFAULTDELIVERY from ${sysconfdir}/courierd

LDAP_DEFAULTDELIVERY	defaultDelivery

##NAME: LDAP_MAILDIRQUOTA:0
#
# The following variable, if defined, specifies the field containing the
# maildir quota, see README.maildirquota for more information
#
# LDAP_MAILDIRQUOTA	quota



##NAME: LDAP_FULLNAME:0
#
# FULLNAME is optional, specifies the user's full name

LDAP_FULLNAME	cn

##NAME: LDAP_PW:0
#
# CLEARPW is the clear text password.  CRYPT is the crypted password.
# ONE OF THESE TWO ATTRIBUTES IS REQUIRED.  If CLEARPW is provided, and
# libhmac.a is available, CRAM authentication will be possible!

LDAP_CLEARPW	clearPassword
LDAP_CRYPTPW	userPassword

##NAME: LDAP_IDS:0
#
# Uncomment the following, and modify as appropriate, if your LDAP database
# stores individual userids and groupids.  Otherwise, you must uncomment
# LDAP_GLOB_UID and LDAP_GLOB_GID above.  LDAP_GLOB_UID and LDAP_GLOB_GID
# specify a uid/gid for everyone.  Otherwise, LDAP_UID and LDAP_GID must
# be defined as attributes for everyone.
#
LDAP_UID		uidNumber
LDAP_GID		gidNumber

##NAME: LDAP_AUXOPTIONS:0
#
# Auxiliary options.  The LDAP_AUXOPTIONS setting should contain a list of
# comma-separated "ATTRIBUTE=NAME" pairs.  These names are additional
# attributes that define various per-account "options", as given in 
# INSTALL's description of the OPTIONS setting.
#
# Each ATTRIBUTE specifies an LDAP attribute name.  If it is present,
# the attribute value gets placed in the OPTIONS variable, with the name
# NAME.  For example:
#
#    LDAP_AUXOPTIONS	shared=sharedgroup,allowimap=allowimap
#
# Then, if an LDAP record contains the following attributes:
#
#     shared: domain1
#     allowimap: 0
#
# Then authldap will initialize OPTIONS to "sharedgroup=domain1,allowimap=0"
#
# NOTE: ** no spaces in this setting **, the above example has exactly
# one tab character after LDAP_AUXOPTIONS



##NAME: LDAP_DEREF:0
#
# Determines how aliases are handled during a search.  This option is available
# only with OpenLDAP 2.0
#
# LDAP_DEREF can be one of the following values:
# never, searching, finding, always. If not specified, aliases are
# never dereferenced.

LDAP_DEREF	never


##NAME: LDAP_TLS:0
#
# Set LDAP_TLS to 1 to enable LDAP over SSL/TLS.  Experimental setting.
# Requires OpenLDAP 2.0
#

LDAP_TLS	0


##NAME: LDAP_EMAILMAP:0
#
# The following optional settings, if enabled, result in an extra LDAP
# lookup to first locate a handle for an E-mail address, then a second lookup
# on that handle to get the actual authentication record.  You'll need
# to uncomment these settings to enable an email handle lookup.
#
# The E-mail address must be of the form [email protected], and this is plugged
# into the following search string.  "@[email protected]" and "@[email protected]" are placeholders
# for the user and the realm portions of the login ID.
#
# LDAP_EMAILMAP		(&([email protected]@)([email protected]@))



##NAME: LDAP_EMAILMAP_BASEDN:0
#
# Specify the basedn for the email lookup.  The default is LDAP_BASEDN.
#
# LDAP_EMAILMAP_BASEDN	o=emailmap, c=com



##NAME: LDAP_EMAILMAP_ATTRIBUTE:0
#
# The attribute which holds the handle.  The contents of this attribute
# are then plugged into the regular authentication lookup, and you must set
# LDAP_EMAILMAP_MAIL to the name of this attribute in the authentication
# records (which may be the same as LDAP_MAIL).
# You MUST also leave LDAP_DOMAIN undefined.  This enables authenticating
# by handles only.
#
# Here's an example:
#
# dn: userid=john, realm=example.com, o=emailmap, c=com # LDAP_EMAILMAP_BASEDN
# userid: john          # LDAP_EMAILMAP search
# realm: example.com    # LDAP_EMAILMAP search
# handle: cc223344      # LDAP_EMAILMAP_ATTRIBUTE
#
#
# dn: controlHandle=cc223344, o=example, c=com      # LDAP_BASEDN
# controlHandle: cc223344         # LDAP_EMAILMAP_MAIL set to "controlHandle"
# uid: ...
# gid: ...
# [ etc... ]
#
# LDAP_EMAILMAP_ATTRIBUTE handle



##NAME: LDAP_EMAILMAP_MAIL:0
#
# After reading LDAP_EMAIL_ATTRIBUTE, the second query will go against
# LDAP_BASEDN, but will key against LDAP_EMAILMAP_MAIL instead of LDAP_MAIL.
#
# LDAP_EMAILMAP_MAIL mail