This appendix describes, in alphabetical order, gateway configuration parameters. Parameters are defined in dsgw.conf and pb.conf, installed during Directory Server installation.
Description
Specifies the amount of time in seconds before a user's authentication expires in the gateway. When authenticating to the Directory from the gateway, the gateway retains authentication credentials for the amount of time specified in this parameter. Once authentication credentials have expired, the gateway prompts the user to re-authenticate.
authlifetime <seconds>
Example
The following example causes user authentication to expire in two hours. This is the default expiration time:
baseurl
Specifies the host name and port number used to contact the Directory Server. This parameter also determines the search base used for searches performed from the gateway, and whether the gateway uses SSL to communicate with the Directory Server.
baseurl [ldap | ldaps]://<host>:<port>/<search base>
ldap | ldaps . Use ldap to have the gateway communicate the Directory Server without using SSL. Use ldaps to have the gateway communicate with the Directory Server using SSL.
<host>. Indicates the host name of the device where the Directory Server is installed.
<port>. Indicates the port number used by the Directory Server. Always specify a port number even when using standard ldap or ldaps port numbers (389 and 636, respectively).
<search base> . Indicates the distinguished name representing the point in the directory from which all searches are performed. Normally, the search base is set to the directory's suffix.
use %3D instead of an equal sign (=)
use %20 instead of a space ( )
use %2C instead of a comma (,)
The following example sets the base URL to use SSL communications to a server running on the well-known LDAP security port (636). The base search address is set to o=airius.com:
binddnfile
Specifies the location of the file where the bind DN and bind password are stored. This file is used to authenticate to the server for non-anonymous searching.
This file should be stored separately of the .conf file for the gateway instance.
binddnfile <filename>
binddnfile /export/TEST/bindfile
changeHTML
Used by the gateway to substitute ideographic space for nonbreaking space ( ) in Asian character sets.
changeHTML <nbsp_from> <nbsp_to> <charset>
changeHTML <space character> <space character> Shift_JIS
charset
Defines the default character set for communication with HTTP clients. The default is UTF-8 (Unicode), which supports all the characters in the Netscape Directory. UTF-8 is the preferred character set, however many browsers don't support the UTF-8 charset, or display it poorly.
charset <charset>
charset UTF-8
For more information about charsets, see RFC 1345, which defines the syntax of charset names.
Specifies the location of the configuration directory of the gateway. These include the object class templates, search configuration files, search result templates, and script files used to dynamically generate HTML forms for the user.
configdir "<configuration directory>"
configdir "../airiusconfig"
dirmgr
Specifies the distinguished name of the directory manager. This is the DN used to bind to the Directory Server when users authenticate as the directory manager from the gateway. Netscape recommends using a DN other than the root DN for this purpose. It is intended that the DN specified here has read and write authority for the subtree that the gateway sees.
dirmgr "<distinguished name>"
dirmgr "cn=Directory Manager, o=airius.com"
For information on the root DN and on setting permissions for the directory, see the Netscape Directory Server Administrator's Guide.
Used by gateway CGIs to specify the URL to output for HTTP redirection. This needs to be specified as "/dsgw/<htmldir>" and should be the same as the NameTrans set in the HTTP server, if any is being used.
gwenametrans "<HTTP redirect>"
gwnametrans "/dsgw/pbhtml/" htmldir
Specifies the location of the HTML files for the gateway. These include the HTML files controlling the appearance of gateway forms.
htmldir "<html directory>"
htmldir "/airiusconfig"
ignoreAccetpCharsetFrom
Ignores request headers for the UTF-8 character set automatically sent by Netscape Communicator 4.x and Internet Explorer 4.x browsers. Can be used together with the charset parameter to transmit a charset other than Unicode to all gateway clients.
ignoreAcceptCharsetFrom <HTTP client version string>
ignoreAcceptCharsetFrom Mozilla/4.01x-NSCP Mozilla/3 include
Specifies the location of another config file that should be read by the gateway.
include "<config file>"
include "../config/dsgw-l10n.conf" location
Defines the location choices for adding new entries to the gateway. Each location parameter represents a branch point in the directory tree below which new entries can be added.
location <handle> "<friendly name>" "<dn>"
<handle>. An arbitrary string used by the location-suffix parameter to map a type of entry to the locations where the entry can be created.
<friendly name> . An arbitrary string that represents the location. This string should describe the location because the gateway displays this string to users to represent the location.
<dn>. The distinguished name representing this branch point in the directory. If this value is not terminated with a pound sign, the value specified on the include parameter is appended to this value to build the fully qualified distinguished name. If dn is terminated with a hash mark (#), the value represented here is assumed to be a fully qualified distinguished name, and the pound sign is stripped from the distinguished name before the DN is used by the gateway.
The following example defines an entry creation location in a user directory. This location corresponds to the Marketing organizational unit, and the remainder of the distinguished name is built from the value set in the include parameter:
A slightly different example defines the same location but specifies the fully qualified distinguished name:
location-suffix
Identifies the directory suffix used to create new entries in the directory.
location-suffix "<suffix>"
location-suffix "o=airius.com"
newtype
Defines the types of entries that can be added to the directory using the gateway. The newtype parameter also defines the locations in the directory where an entry type can be added. For a user to create the entry, the corresponding location must be defined using the location parameter.
newtype <template_name> "<friendly_name>" <rdnattr> <locations>
<template_name> . The name of a display-<template_name>.html file that defines the object class listed. Template files are stored in the ../config directory. The gateway uses these files to define how various types of entries are displayed when entries are being created or viewed:
orgpersoncorresponds to the display-orgperson.html template. Defines how the gateway displays an entry of object class type inetOrgPerson.
groupuncorresponds to the display-groupun.html template. Defines how the gateway displays an entry of object class type groupOfUniqueNames.
orgunitcorresponds to the display-orgunit.html template. Defines how the gateway displays an entry of object class type organizationalUnit.
orgcorresponds to the display-org.html template. Defines how the gateway displays an entry of object class type organization.
<friendly_name>. An arbitrary string that describes the entry. This string should be reasonably descriptive of the entry type because the gateway displays this string to users who are adding entries.
<rdnattr>. The attribute used to name entries of this type. For example, the default value for the rdnattr field for people entries is uid. This means that any people entries created using the gateway will have DNs of the following format:
The rdnattr field can be modified so that entries are named using a different attribute. For example, to change the rdnattr of the newtype orgperson line from uid to cn, people entries created using the gateway will have cn-based DNs rather than the UID-based DNs (the default setting).
<locations>. A space-separated list of the locations where this type of entry can be added. The locations in this list must be identical to the <handle> specified on the corresponding location parameter.
The following example allows persons to be added to the Marketing subtree using the template for organizationalPerson:
NLS
Identifies the libNLS data directory, which should contain a directory named "locales", containing the configuration files LANG.ctx, LANG.col, and LANG.txt for each supported language (locale).
NLS <libNLS data directory>
NLS ../../lib/nls
securitypath
Identifies the location of the certificate database used by the gateway when using SSL to communicate with the Directory Server. The certificate database contains the Certificate Authority issuing the certificate for the Directory Server. [rob--helpful to say that on install for DE and dsgw, this points to the certificate database for the admin server?]
securitypath <NSHOME>/alias/<cert.db>
securitypath "/export/TEST/alias/pb-cert.db"
template
Maps specific object classes to internal gateway templates. These templates define how a specific object class such as a person, a group, or an organizational unit is displayed in the gateway. The templatename identified has a corresponding HTML template stored in dsgw/conf/.
template <templatename> <objectclass>
The following example identifies orgperson as the template defining attributes for person and inetorgperson object classes:
vcard-property
The Directory Server gateway allows users to view vCards for person and NT person directory entries. The vCard and LDAP specifications define different labels to access information: vCards use properties and LDAP uses attributes. Therefore, there must be a way to map the vCard property names to the LDAP attribute names so that the Directory Server can locate the information for the vCard display. The vcard-property parameter accomplishes this vCard property to LDAP attribute mapping.
vcard-property <vcardprop> <syntax> <ldapattr> [<ldapattr2>...]
<vcardprop>. The name of a vCard property. The following vCard properties are mapped to LDAP attributes:
FNThe Formatted Name property. All vCards must have a FN property. By default, FN is mapped to the cn attribute.
NThe Name property. By default, N is mapped to the sn and givenName attributes.
ORGThe ORG property may refer to the organizational name and units of the person or resource associated with the vCard. By default, ORG is mapped to the o and ou attributes.
ROLEThe ROLE property may refer to the role, occupation or business category of the person or resource described by the vCard. By default, ROLE is mapped to the businessCategory attribute.
ADR;WORKThe work address of the of the person or resource described by the vCard. By default, ADR;WORK is mapped to the postalAddress attribute.
ADR;HOMEThe home address of the of the person or resource described by the vCard. By default, ADR;HOME is mapped to the homePostalAddress attribute.
EMAIL;INTERNETThe email address of the person or resource described by the vCard. By default, EMAIL;INTERNET is mapped to the mail attribute.
TITLEThe TITLE property specifies the job title, functional position or function of the person or resource described by the vCard. By default, TITLE is mapped to the title attribute.
TEL;WORKThe business telephone number of the person or resource described by the vCard. By default, TEL;WORK is mapped to the telephoneNumber attribute.
TEL;FAXThe fax number of the person or resource described by the vCard. By default, TEL;FAX is mapped to the facsimileTelephoneNumber attribute.
TEL;CELLThe cellular telephone number of the person or resource described by the vCard. By default, TEL;CELL is mapped to the mobile attribute.
TEL;HOMEThe residential telephone number of the person or resource described by the vCard. By default, TEL;HOME is mapped to the homePhone attribute.
NOTEProvides any additional comments or information about the person or resource described by the vCard. By default, NOTE is mapped to the description attribute.
<syntax>. A string that describes the nature of the vCard information. The following syntaxes are supported:
cisused for simple strings, such as a person's name or telephone number
mlsused for multiline strings, such as a mailing address
<ldapattr> [<ldapattr2>...]. The attribute(s) to be mapped to the vCard property. This is useful when mapping a vCard property to a custom attribute.
The following example changes the mapping of the NOTE property from the default description attribute to a custom attribute named hobbies: