Netscape Directory Server Gateway Customization Guide: Appendix A Parameters Defined in the .conf File

Gateway Customization Guide
Netscape Directory Server

Appendix A     Parameters Defined in the .conf File

The dsgw.conf and pb.conf files are installed during Netscape Directory Server (Directory Server) installation. This appendix describes the configuration parameters defined in these files. Associated directives are described in Appendix B "Gateway Directives."

authlifetime

Specifies the amount of time in seconds before a user's authentication expires in the gateway. When authenticating to the directory from the gateway, the gateway retains authentication credentials for the amount of time specified in this parameter. Once authentication credentials have expired, the gateway prompts the user to re-authenticate.

For information on authenticating to the Directory Server using the gateway, see the online documentation that is available through the gateway.

Format

authlifetime seconds

Example

The following example causes user authentication to expire in two hours. This is the default expiration time:

authlifetime 7200
baseurl

Specifies the host name and port number used to contact the Directory Server. This parameter also determines the search base used for searches performed from the gateway, and whether the gateway uses SSL to communicate with the Directory Server.

Format

baseurl [ldap | ldaps]://dirHost:dirPort/searchBase

ldap | ldaps. Use LDAP to have the gateway communicate the Directory Server without using SSL. Use LDAPS to have the gateway communicate with the Directory Server using SSL.

dirHost. Indicates the host name of the machine where the Directory Server is installed.

dirPort. Indicates the port number used by the Directory Server. Always specify a port number even when using standard LDAP or LDAPS port numbers (389 and 636, respectively).

searchBase. Indicates the distinguished name (DN) representing the point in the directory from which all searches are performed. Normally, search base is set to the directory's suffix.

Substitute the following hexadecimal values for the equal sign, space, and comma in the search base:

use %3D instead of equal sign (=)

use %20 instead of space ( )

use %2C instead of comma (,)

Example

The following example sets the base URL to use SSL communications to a server running on the well-known LDAP security port (636). The base search address is set to o=example.com.

baseurl "ldaps://dirserver.example.com:636/o%3Dexample.com"
binddnfile

Specifies the location of the file where the bind DN and bind password are stored. This file should be stored separately of the .conf file for the gateway instance. The binddnfile is used to authenticate to the server for non-anonymous searching.

Format

binddnfile binddn_filename

Example

binddnfile /export/TEST/binddnfile
changeHTML

Used by the gateway to substitute ideographic space for non-breaking space (nbsp) in Asian character sets.

Format

changeHTML nbsp_from nbsp_to charset

Example

changeHTML <space character> <space charac ter> Shift_JIS
charset

Defines the default character set for communication with HTTP clients. The default is UTF-8 (Unicode), which supports all the characters in the Directory Server. UTF-8 is the preferred character set, however many browsers don't support the UTF-8 charset, or display it poorly.

Some users may require a different character set than the one specified using this parameter. For these users, the charset parameter setting may be overridden by creating a <LANG>/dsgw/charset.conf file which contains the charset name. However, to receive the correct language, users will have to configure their browsers to send the appropriate accept-language headers.

For compatibility with HTTP clients that can't handle an HTTP response with a charset parameter in the content-type, comment out this parameter in the .conf file. This prevents the gateway from sending an explicit charset to gateway clients. When no charset parameter is defined, the gateway by default transmits ISO-8859-1 (Latin-1).

The charset parameter is ignored by Netscape Communicator 4.0 and Internet Explorer 4.0 and greater clients, which request the UTF-8 charset by default. Forcing these clients to use a non-UTF-8 charset (such as Latin-1) requires the ignoreAcceptCharsetFrom parameter, which was introduced in release 4.0 of the gateway.

More information: ignoreAcceptCharsetFrom

Format

charset character_set

Example

charset UTF-8
For more information about charsets, see RFC 1345, which defines the syntax of charset names.

configdir

Specifies the location of the configuration directory of the gateway. These include the object class templates, search configuration files, search result templates, and script files used to dynamically generate HTML forms for the user.

The configuration directory for the default gateway (dsgw.conf) is ../config. The configuration directory for Directory Express (pb.conf) is ../pbconfig.

Format

configdir "configuration_directory"

Example

configdir "../exampleconfig"
dirmgr

Specifies the distinguished name of the directory manager. This is the DN used to bind to the Directory Server when users authenticate as the directory manager from the gateway. Use a DN other than the root DN for this purpose. It is intended that the DN specified here has read and write authority for the subtree that the gateway sees.

For information on authenticating as the directory manager from the gateway, see the online documentation that is available through the gateway.

Format

dirmgr "distinguished_name"

Example

dirmgr "cn=Directory Manager, o=example.com"
For information on the root DN and on setting permissions for the directory, see the Netscape Directory Server Administrator's Guide.

enable-aim-presence

Specifies the AIM® presence (online or offline) of a user by displaying or hiding the AIM icon in the Directory Server Gateway UI. If enable-aim-presence is set to true and if the user being displayed is logged into the AIM service, the AIM icon show ups in the UI when the full entry for a user is being displayed.

By default, the AIM icon won't show up for lists of users because it would have adverse affects on search performance. To see AIM presence for lists of users (or multiple search results), the following files will need to be modified:

config/list-People.html

config/list-NT-People.html

pbconfig/list-People.html

The block of text that needs to be modified is shown below:

<SCRIPT LANGUAGE="JavaScript">

,
"" //
);

//// Uncomment the above DS_ATTRIBUTE directive and remove the ////
//// double quotes to have aim presence in search results lists ////

The modified block of text is shown below (the "" and // removed from the sixth line):

<SCRIPT LANGUAGE="JavaScript">

,

);

//// Uncomment the above DS_ATTRIBUTE directive and remove the ////
//// double quotes to have aim presence in search results lists ////

Once this is done, listings of multiple users will show AIM presence for each user.

Note

By default, nsaimid and nsaimstatustext are used for AIM ID and AIM presence information respectively. If you use different attributes, be sure to change the HTML files.

Format

enable-aim-presence true | false

Example

enable-aim-presence true

gwnametrans

Used by the gateway CGI scripts to specify the URL to output for HTTP redirection. This needs to be specified as "/clients/dsgw/<htmldir>" and should be the same as the NameTrans set in the HTTP server, if any is being used.

Format

gwenametrans "HTTP_redirect"

Example

gwnametrans "/clients/dsgw/pbhtml/"
htmldir

Specifies the location of the HTML files for the gateway. These include the HTML files controlling the appearance of gateway forms.

The HTML directory for the default gateway (dsgw.conf) is ../html. The HTML directory for Directory Express (pb.conf) is ../pbhtml.

Format

htmldir "html_directory"

Example

htmldir "/exampleconfig"
ignoreAcceptCharsetFrom

Ignores request headers for the UTF-8 character set automatically sent by Netscape Communicator 4.x and Internet Explorer 4.x browsers. Can be used together with the charset parameter to transmit a charset other than Unicode to all gateway clients.

Format

ignoreAcceptCharsetFrom HTTP_ client_version_string

Example

ignoreAcceptCharsetFrom Mozilla/4.01x-NSCP Mozilla/3
More information: charset.

include

Specifies the location of another configuration file that should be read by the gateway.

Format

include "configuration_file"

Example

include "../config/dsgw-l10n.conf"
location

Defines the location choices selectable from the gateway when adding new entries. Each location parameter represents a branch point in the directory tree below which new entries can be added.

Format

location handle "friendly_name""dn"

handle. An arbitrary string used by the location-suffix parameter to map a type of entry to the locations where the entry can be created. For more information, see location-suffix.

friendly_name. An arbitrary string that represents the location. This string should describe the location because the gateway displays this string to users to represent the location.

dn. The distinguished name (DN) representing this branch point in the directory. If this value is not terminated with a pound sign, the value specified on the include parameter is appended to this value to build the fully qualified distinguished name. If dn terminated with a pound sign (#), the value represented here is assumed to be a fully qualified distinguished name, and the pound sign is stripped from the distinguished name before the DN is used by the gateway.

For more information, see include.

Example

The following example defines an entry creation location in a user directory. This location corresponds to the Marketing organizational unit, and the remainder of the distinguished name is built from the value set in the include parameter:

location marketing "Marketing Organization" "ou=Marketing"
A slightly different example defines the same location, but specifies the fully qualified distinguished name:

location marketing "Marketing Organization" "ou=Marketing, o=example.com#"
For a more complete example of the location parameter, see Mapping Locations and Entry Types.

location-suffix

Identifies the directory suffix used to create new entries in the directory.

This value is appended to the DN field of the NLS parameter when the gateway is used to create new entries in the directory.

Format

location-suffix "suffix"

Example

location-suffix "o=example.com"
newtype

Defines the types of entries that can be added to the directory using the gateway. newtype also defines the locations in the directory where an entry type can be added. For a user to create the entry, the corresponding location must be defined using the location parameter.

Format

newtype template_name "friendly_name" rdnattr locations

template_name. The name of a display-template_name.html file that defines the object class listed. Template files are stored in the ../config directory. The gateway uses these files to define how various types of entries are displayed when entries are being created or viewed:

orgperson—corresponds to the display-orgperson.html template. Defines how the gateway displays an entry of object class type inetOrgPerson.

groupun—corresponds to the display-groupun.html template. Defines how the gateway displays an entry of object class type groupOfUniqueNames.

orgunit—corresponds to the display-orgunit.html template. Defines how the gateway displays an entry of object class type organizationalUnit.

org—corresponds to the display-org.html template. Defines how the gateway displays an entry of object class type organization.

friendly_name. An arbitrary string that describes the entry. This string should be reasonably descriptive of the entry type because the gateway displays this string to users who are adding entries.

rdnattr. The attribute used to name entries of this type. For example, the default value for the rdnattr field for people entries is uid. This means that any people entries created using the gateway will have DNs of the following format:

uid=string

The rdnattr field can be modified so that entries are named using a different attribute. For example, to change the rdnattr of the newtype orgperson line from uid to cn, people entries created using the gateway will have cn-based DNs rather than the UID-based DNs (the default setting).

locations. A space-separated list of the locations where this type of entry can be added. The locations in this list must be identical to the handle specified on the corresponding location parameter.

Example

The following example allows persons to be added to the Marketing subtree using the template for organizationalPerson:

newtype orgperson   "Person"   cn marketing
For a more complete example of the newtype parameter, see Mapping Locations and Entry Types.

NLS

Identifies the libNLS data directory, which should contain a directory named "locales", containing the configuration files LANG.ctx, LANG.col, and LANG.txt for each supported language (locale).

Format

NLS libNLS_data_directory

Example

NLS ../../lib/nls
orgchart-attrib-farleft-rdn

Specifies the attribute to be used as the leftmost RDN for the DNs of user entries (in order to enable the Org Chart application to search for entries).

The orgchart-attrib-farleft-rdn attribute is the same as the one included in the Org Chart's configuration file (serverRoot/clients/orgchart/config.txt), and the attribute value (uid, cn, and so on) must match the values specified in the config.txt file.

Format

orgchart-attrib-farleft-rdn attribute

Example

orgchart-attrib-farleft-rdn uid

securitypath

Identifies the location of the certificate database used by the gateway when using SSL to communicate with the Directory Server. The certificate database contains the Certificate Authority issuing the certificate for the Directory Server.

Format

securitypath "/usr/netscape/servers/alias/cert.db"

Example

securitypath "/usr/netscape/servers/alias/pb-cert.db"
template

Maps specific object classes to internal gateway templates. These templates define how a specific object class such as a person, a group, or an organizational unit is displayed in the gateway. The templatename identified has a corresponding HTML template stored in clients/dsgw/config/.

Format

template template_name object_class

Example

The following example identifies orgperson as the template defining attributes for person and inetorgperson object classes:

template orgperson person inetorgperson
url-orgchart-base

Points to the Org Chart application, providing a link to the Org Chart application from the Directory Server Gateway UI pages. By default, the Directory Server installation program sets the base to use the Netscape Administration Server as the web server. You can change the host name and port number to be that of a dedicated web server. (See "HTTP Server Configuration".)

In the absence of the url-orgchart-base configuration field, there will be no link to the Org Chart application in the Directory Server Gateway UI.

Note that the Org Chart application also has a similar URL which points to the Directory Server Gateway (the dsgw instance). You can change it to ..../lang?context=pb to have the Org Chart link to the Phonebook or remove the context=dsgw altogether and have it link to the default gateway instance (default.conf, which is the dsgw instance).

Format

url-orgchart-base http://adminHost:adminPort/clients/orgchart/bin/org?context=dsgw&data=

adminHost. Specifies the host name of the machine on which the Netscape Administration Server is installed.

adminPort. Specifies the port number used by the Netscape Administration Server.

Example

http://machine.example.com:24020/clients/orgchart/bin/org?context=dsgw&data=

vcard-property

Directory Server Gateway allows users to view vCards for person and NT person directory entries. The vCard and LDAP specifications define different labels to access information: vCards use properties and LDAP uses attributes. Therefore, there must be a way to map the vCard property names to the LDAP attribute names so that the Directory Server can locate the information for the vCard display. The vcard-property parameter accomplishes this vCard property to LDAP attribute mapping.

Format

vcard-property vcardprop syntax ldapattr [ldapattr2...]

vcardprop. The name of a vCard property. vCard properties that are currently mapped to LDAP attributes are:

FN—The Formatted Name property. All vCards must have a FN property. By default, FN is mapped to the cn attribute.

N—The Name property. By default, N is mapped to the sn and givenName attributes.

ORG—The ORG property may refer to the organizational name and units of the person or resource associated with the vCard. By default, ORG is mapped to the o and ou attributes.

ROLE—The ROLE property may refer to the role, occupation or business category of the person or resource described by the vCard. By default, ROLE is mapped to the businessCategory attribute.

ADR;WORK—The work address of the of the person or resource described by the vCard. By default, ADR;WORK is mapped to the postalAddress attribute.

ADR;HOME—The home address of the of the person or resource described by the vCard. By default, ADR;HOME is mapped to the homePostalAddress attribute.

EMAIL;INTERNET—The email address of the person or resource described by the vCard. By default, EMAIL;INTERNET is mapped to the mail attribute.

TITLE—The TITLE property specifies the job title, functional position or function of the person or resource described by the vCard. By default, TITLE is mapped to the title attribute.

TEL;WORK—The business telephone number of the person or resource described by the vCard. By default, TEL;WORK is mapped to the telephoneNumber attribute.

TEL;FAX—The fax number of the person or resource described by the vCard. By default, TEL;FAX is mapped to the facsimileTelephoneNumber attribute.

TEL;CELL—The cellular telephone number of the person or resource described by the vCard. By default, TEL;CELL is mapped to the mobile attribute.

TEL;HOME—The residential telephone number of the person or resource described by the vCard. By default, TEL;HOME is mapped to the homePhone attribute.

NOTE—Provides any additional comments or information about the person or resource described by the vCard. By default, NOTE is mapped to the description attribute.

syntax. A string that describes the nature of the vCard information. The following syntaxes are supported:

cis—used for simple strings, such as a person's name or telephone number

mls—used for multi-line strings, such as a mailing address

ldapattr [ldapattr2...]. The attribute(s) to be mapped to the vCard property. This is useful when mapping a vCard property to a custom attribute.

Example

The following example changes the mapping of the NOTE property from the default description attribute to a custom attribute named hobbies:

vcard-property NOTE mls hobbies

Last Updated October 31, 2003


Note	By default, `nsaimid` and `nsaimstatustext` are used for AIM ID and AIM presence information respectively. If you use different attributes, be sure to change the HTML files.