|
The following is the list of available ini settings that may be setup in
your surgeldap.ini file. Any standard text editor can be used to edited surgeldap.ini.
eg. notepad "\winnt\surgeldap.ini" (Windows)
vi /etc/surgeldap.ini
(Unix)
General configuration settings are stored in WebMail.ini which must be in
the same directory and have the same root name as the executable. So if the
CGI is renamed xmail.cgi, the configuration file will be xmail.ini
Main Module Settings
|
Label
|
Example
|
Explanation
|
| admin_email |
admin_email 127.0.0.1:25 admin@domain.com |
This is the SMTP server details and the surgemail admin email
address. SurgeMail will send out emails to the admin email address
in the following cases:
1. When the LDAP Server is started.
2. A Backup or Restore Command.
3. Replicate Database CRC checks. (Success and Failures)
4. The Server Crashes.
|
| module |
module manager all 6626 3600 2 man 127.0.0.1
module ldap all 389 3600 50 main
module http all 6680 3600 50 www 1.2.3.*
module replicate all 6630 3600 10
|
This ini setting is used to setup the various SurgeLDAP modules.
Layout: module type listern_IP listern_port timeout
max_cur_con [mod_id [allowed_ips]]
0 = Unlimited or no timeout
allowed_ips - this is a comma seperated list which can have wild
cards.
|
| workarea |
c:\surgeldap
|
This is the base workarea were SurgeLDAP installed.
This the base location where the user.dat file is located. |
| log_path |
c:\surgeldap\log
|
The directory were SurgeLDAP will place all of
it logs. |
| base_dn |
dc=netwin,dc=co,dc=nz
dc=netwin,dc=com |
This is very important, this is the Base DN were
you can create DN entries from. You can have multiple base dn values
if you wish. |
| default_base_dn |
dc=netwin,dc=co,dc=nz |
This is the DN that is used if a search
is requested and no DN is provided. |
Module Security Settings
|
Label
|
Example
|
Explanation
|
| allow_ip |
127.0.0.1,10.0.0.*,192.168.1.*,192.168.0.* |
This is the list of IPs which ignore
these IP security measures |
| max_ip_connection |
max_ip_connection main 10
max_ip_connection web 100 |
This is to Limit Concurrent Connections per ip.
Layout: max_ip_connection mod_id number |
| max_ip_rate |
max_ip_rate main 50 30 30 |
Setting to 'ignore' requests if they excceed a certain rate per
ip per time.
Layout: max_ip_rate mod_id number timeframe blocktime
|
| max_pass_guess |
max_pass_guess main 3 30 60
max_pass_guess web 3 60 60 |
Password Guessing is limited (limit guesses per
ip per time)
Layout: max_pass_guess mod_id number timeframe blocktime
|
HTTP Settings
|
Label
|
Example
|
Explanation
|
| nwimg |
/nwimg |
The relative URL to your
SurgeLDAP images from the webserver root directory. |
| temp_path |
c:\surgeldap\html
|
This is the location were temp files are created for
HTTP connections. |
| html_path |
c:\surgeldap\html\html_root
|
This is the root path of the build in web server.
The default installation should have an 'index.htm' and a 'nwimg' directory. |
| html_error |
c:\surgeldap\html\tpl\error
|
This directory is the location were the error templates
are stored. In SurgeLDAP it is possible to setup different errors to
have different looks. |
| tpl_path |
c:\surgeldap\html\tpl
|
This is the location were all the 'admin' and 'user'
templates are stored. These templates can be changes to give the look
and feel you wish to give your customers. |
| user_cgi_name |
user.cgi |
This is the name of the CGI that your users use to
gain access to the data. This can be named anything.
ie. user.htm |
| admin_cgi_name |
admin.cgi |
This is the name of the CGI that your admins use to
gain access to the data and management settings. This can be named anything.
ie. admin.htm |
Data Settings
|
Label
|
Example
|
Explanation
|
| bin_ksize |
100 |
This is max size and ldap bin is allowed
to get to. This setting should not be changed. |
| num_memory_bins |
200 |
This is the number of bins that are allowed
to be stored in memory at once. If you more bins that than this will
slow down teh performance of SurgeLDAP as it will need to swap out bins
as needed. |
bin_timeout
bin_all_timeout |
1800
86400 |
This setting is in seconds, if a bin hasn't
been access with this timetime it will be unloaded from memory. |
| bin_var_file_size |
2000 |
A value of a variable that is larger than
this size in bytes will be stored in a seperate data file. |
| record_password |
userPassword |
This is the field that is used within
the database to store passwords. If you know the password of a dn entry,
you are allow to have read access to the entry. |
|
alias_name
alias_tree_name
|
aliasedEntryName
aliasedTreeName |
SurgeLDAP supports 2 alias methods, were
these settings states what the field name is. 'alias_name' is the the
standard LDAP alias method.
'alias_tree_name' is SurgeLDAP alias tree option, were the alias is
ALWAYS done for searchs and the search will search thought the alias. |
bin_clear_time
bin_order_time |
600
3600
|
These are SurgeLDAP timeout for built
in database management tool. When the 'bin_clear_time' has been reach,
the SurgeLDAP management tool will tidy up any spare space with in every
bin.
When 'bin_order_time' has been reach, the entries with a bin are ordered
to speed up the searchs though the database. |
| Referral |
"ldap://alk.host/dc=alk, dc=netwin,dc=co,dc=nz"
dc=alk,dc=netwin,dc=co,dc=nz
|
This allows you to setup a referral. So
if a application requests data from the stated 'dn' the SurgeLDAP will
refer them to another LDAP server. This server DOES NOT need to be SurgeLDAP. |
| dynamic_subtrees |
dynamic_subtrees "<dn>"
<timesec>
dynamic_subtrees "*c=netmeeting" 600 |
This sets up a section of
the database to allow dynamic records that will timeout.
Records that are dynamic have their timeout reset in the following ways:
1. The record is modified.
2. When the atttribute: 'entryTtl' is requested. |
| shell |
shell id "wild_dn"
"cmd=file_to_run" flags |
SurgeLDAP now supports shell
commands where selected commands on selected domains cause an external
program to be run with the command which can modify the command, It
can either return back the modified command or tell SurgeLDAP that it
was successfull. |
| bin_safe_write |
true |
Ensures that the data is safely saved. (This is now the default
in v1.0e)
This should be turned on.
|
LDIF Backup Settings
|
Label
|
Example
|
Explanation
|
| backup_ldif_file |
/usr/local/surgelpda/backup |
This is the location where all the daily back up LDIF
files are stored. |
| backup_cron |
0 0 * * sun |
This allows you to setup a cron job to make a complete backup of
the database, schema and LDIF files. You can also restore the database
via the admin interface.
layout: backup_cron minute hour dom month dow
The time and date fields are:
| field |
allowed values |
| minute |
0-59 |
| hour |
0-23 |
| day of month |
1-31 |
| month |
1-12 (or names, see below) |
| day of week |
0-7 (0 or 7 is Sun, or use names) |
Valid Settings:
| Single |
8 |
| Range |
8-12 |
| Lists |
1,2,5,9 or 0-4,8-12 |
| Step |
0-13/2 or */2 |
| Names |
Can use the first 3 letters of the day/month. |
|
Net Meeting Settings
See manual NetMeeting Intergration
for more information. For the below setting to have any effect you MUST
have a have an ILS server setup in SurgeLDAP.
|
Label
|
Example
|
Explanation
|
| base_dn |
o=Microsoft,c=-,c=netmeeting |
This is the base dn of where the netmeeting data will
be stored |
| dynamic_subtrees |
"*c=netmeeting" 600 |
This is so that the records will timeout after 10
minutes of not being accessed. |
| shell |
main "*objectClass=RTPerson" "search=||workarea||\netmeeting.exe
-auth netmeeting mysecret" NONE
...etc.
|
This is to shell out the inputted data from netmeeting
to the external program called 'netmeeting' which comes with SurgeLDAP.
This will convert the ILS commands to valid LDAP commands. See Shell
INI setting for more information about this setting layout. |
Replicate Settings
See manual Backup and Mirroring
for more information. For the below setting to have any effect you MUST
have a replicate module setup in SurgeLDAP.
|
Label
|
Example
|
Explanation
|
| replicate_email |
127.0.0.1:25 admin@domain.com |
This is the email address which any problems are sent. |
| replicate_min_send |
10 |
This is the time in seconds that the replicate
data will do it's checks. |
| replicate_max_check |
3600 |
If this time elaps without any data being replicated
it will verify against the database to ensure this is true. |
| replicate_tag |
taga |
This is the replicate tag name of this computer.
Its used for all repicate data that is created from this server. |
| replicate_base_directory |
/usr/local/surgeldap/replicate |
The location where the replicate data is stored. |
| replicate_in |
taga "*dc=com" ldap.server.com:6630
"cn=manager,dc=example,dc=com" "xpass" |
This server is accepting replicate data from the
stated server. |
| replicate |
tagb"*dc=com" ldap.server.com:6630 "cn=manager,dc=example,dc=com"
"xpass" |
This server is replicate data to another SurgeLDAP
were the tag of the target server is tagb. |
| replicate_crc_check |
3600 |
This is the minimum time that surgeldap will check all replicate
servers CRC's against this local SurgeLDAP Server. The report
is emailed to the admin email address. And also logged in the
log directory.
It will ONLY report on CRC failures it will not attempt to fix
them.
|
Optional ini settings
|
Label
|
Example
|
Default
|
Explanation
|
| debug |
true |
false |
Enables verbose debug output. |
| timezone |
nzst |
gmt |
The timezone setting is used to display times in
the selected time zone. |
|
