Complete Contents
Preface
Chapter 1 Gateway Features
Chapter 2 Setting Up the Gateway
Chapter 3 Gateway Localization
Chapter 4 Files Controlling Gateway Functionality
Chapter 5 Entry Types and Object Class Attributes
Chapter 6 Search Attributes, Features, and Results
Chapter 7 Customizing Color and Graphics
Appendix A .conf Parameters
Appendix B Gateway Directives Reference
Appendix C CGI Usage
Appendix D Gateway User Help
Previous Next Contents Index


Appendix A .conf Parameters

This appendix describes, in alphabetical order, gateway configuration parameters. Parameters are defined in dsgw.conf and pb.conf, installed during Directory Server installation.

Associated directives are described in Appendix B, "Gateway Directives Reference."

authlifetime

Description

Specifies the amount of time in seconds before a user's authentication expires in the gateway. When authenticating to the Directory from the gateway, the gateway retains authentication credentials for the amount of time specified in this parameter. Once authentication credentials have expired, the gateway prompts the user to re-authenticate.

Format

authlifetime <seconds>

Example

The following example causes user authentication to expire in two hours. This is the default expiration time:

authlifetime 7200

baseurl

Description

Specifies the host name and port number used to contact the Directory Server. This parameter also determines the search base used for searches performed from the gateway, and whether the gateway uses SSL to communicate with the Directory Server.

Format

baseurl [ldap | ldaps]://<host>:<port>/<search base>

ldap | ldaps . Use ldap to have the gateway communicate the Directory Server without using SSL. Use ldaps to have the gateway communicate with the Directory Server using SSL.

<host>. Indicates the host name of the device where the Directory Server is installed.

<port>. Indicates the port number used by the Directory Server. Always specify a port number even when using standard ldap or ldaps port numbers (389 and 636, respectively).

<search base> . Indicates the distinguished name representing the point in the directory from which all searches are performed. Normally, the search base is set to the directory's suffix.

Netscape recommends substituting the following hexadecimal values for the equal sign, space, and comma in the search base:

Example

The following example sets the base URL to use SSL communications to a server running on the well-known LDAP security port (636). The base search address is set to o=airius.com:

baseurl "ldaps://dirserver.airius.com:636/o%3Dairius.com"

binddnfile

Description

Specifies the location of the file where the bind DN and bind password are stored. This file is used to authenticate to the server for non-anonymous searching.

The binddnfile contains two lines, the first specifying the dn with which to bind, and the second specifying the bind password. For example:

binddn "<dn>"
bindpw <password>

This file should be stored separately of the .conf file for the gateway instance.

Format

binddnfile <filename>

Example

binddnfile /export/TEST/bindfile

changeHTML

Description

Used by the gateway to substitute ideographic space for nonbreaking space (&nbsp;) in Asian character sets.

Format

changeHTML <nbsp_from> <nbsp_to> <charset>

Example

changeHTML <space character> <space character> Shift_JIS

charset

Description

Defines the default character set for communication with HTTP clients. The default is UTF-8 (Unicode), which supports all the characters in the Netscape Directory. UTF-8 is the preferred character set, however many browsers don't support the UTF-8 charset, or display it poorly.

Some users may require a different character set than the one specified using this parameter. For these users, the charset parameter setting may be overridden by creating a <LANG>/dsgw/charset.conf file which contains the charset name. However, to receive the correct language, users will have to configure their browsers to send the appropriate accept-language headers.

For compatibility with HTTP clients that can't handle an HTTP response with a charset parameter in the content-type, comment out this parameter in the.conf file. this prevents the gateway from sending an explicit charset to gateway clients. When no charset parameter is defined, the gateway by default transmits ISO-8859-1 (Latin-1).

The charset parameter is ignored by Netscape Communicator 4.0 and Internet Explorer 4.0 and greater clients, which request the UTF-8 charset by default. Forcing these clients to use a non-UTF-8 charset (such as Latin-1) requires the ignoreAcceptCharsetFrom parameter, introduced in Directory Server 4.0.

Format

charset <charset>

Example

charset UTF-8

For more information about charsets, see RFC 1345, which defines the syntax of charset names.

configdir

Description

Specifies the location of the configuration directory of the gateway. These include the object class templates, search configuration files, search result templates, and script files used to dynamically generate HTML forms for the user.

The configuration directory for the default gateway (dsgw.conf) is ../config. The configuration directory for Directory Express (pb.conf) is ../pbconfig.

Format

configdir "<configuration directory>"

Example

configdir "../airiusconfig"

dirmgr

Description

Specifies the distinguished name of the directory manager. This is the DN used to bind to the Directory Server when users authenticate as the directory manager from the gateway. Netscape recommends using a DN other than the root DN for this purpose. It is intended that the DN specified here has read and write authority for the subtree that the gateway sees.

Format

dirmgr "<distinguished name>"

Example

dirmgr "cn=Directory Manager, o=airius.com"

For information on the root DN and on setting permissions for the directory, see the Netscape Directory Server Administrator's Guide.

gwnametrans

Description

Used by gateway CGIs to specify the URL to output for HTTP redirection. This needs to be specified as "/dsgw/<htmldir>" and should be the same as the NameTrans set in the HTTP server, if any is being used.

Format

gwenametrans "<HTTP redirect>"

Example

gwnametrans "/dsgw/pbhtml/"

htmldir

Description

Specifies the location of the HTML files for the gateway. These include the HTML files controlling the appearance of gateway forms.

The HTML directory for the default gateway (dsgw.conf) is ../html. The HTML directory for Directory Express (pb.conf) is ../pbhtml.

Format

htmldir "<html directory>"

Example

htmldir "/airiusconfig"

ignoreAccetpCharsetFrom

Description

Ignores request headers for the UTF-8 character set automatically sent by Netscape Communicator 4.x and Internet Explorer 4.x browsers. Can be used together with the charset parameter to transmit a charset other than Unicode to all gateway clients.

Format

ignoreAcceptCharsetFrom <HTTP client version string>

Example

ignoreAcceptCharsetFrom Mozilla/4.01x-NSCP Mozilla/3

include

Description

Specifies the location of another config file that should be read by the gateway.

Format

include "<config file>"

Example

include "../config/dsgw-l10n.conf"

location

Description

Defines the location choices for adding new entries to the gateway. Each location parameter represents a branch point in the directory tree below which new entries can be added.

Format

location <handle> "<friendly name>" "<dn>"

<handle>. An arbitrary string used by the location-suffix parameter to map a type of entry to the locations where the entry can be created.

<friendly name> . An arbitrary string that represents the location. This string should describe the location because the gateway displays this string to users to represent the location.

<dn>. The distinguished name representing this branch point in the directory. If this value is not terminated with a pound sign, the value specified on the include parameter is appended to this value to build the fully qualified distinguished name. If dn is terminated with a hash mark (#), the value represented here is assumed to be a fully qualified distinguished name, and the pound sign is stripped from the distinguished name before the DN is used by the gateway.

Example

The following example defines an entry creation location in a user directory. This location corresponds to the Marketing organizational unit, and the remainder of the distinguished name is built from the value set in the include parameter:

location marketing "Marketing Organization" "ou=Marketing"

A slightly different example defines the same location but specifies the fully qualified distinguished name:

location marketing "Marketing Organization" "ou=Marketing, o=airius.com#"

location-suffix

Description

Identifies the directory suffix used to create new entries in the directory.

This value is appended to the DN field of the NLS parameter when the gateway is used to create new entries in the directory.

Format

location-suffix "<suffix>"

Example

location-suffix "o=airius.com"

newtype

Description

Defines the types of entries that can be added to the directory using the gateway. The newtype parameter also defines the locations in the directory where an entry type can be added. For a user to create the entry, the corresponding location must be defined using the location parameter.

Format

newtype <template_name> "<friendly_name>" <rdnattr> <locations>

<template_name> . The name of a display-<template_name>.html file that defines the object class listed. Template files are stored in the ../config directory. The gateway uses these files to define how various types of entries are displayed when entries are being created or viewed:

<friendly_name>. An arbitrary string that describes the entry. This string should be reasonably descriptive of the entry type because the gateway displays this string to users who are adding entries.

<rdnattr>. The attribute used to name entries of this type. For example, the default value for the rdnattr field for people entries is uid. This means that any people entries created using the gateway will have DNs of the following format:

uid=<string>

The rdnattr field can be modified so that entries are named using a different attribute. For example, to change the rdnattr of the newtype orgperson line from uid to cn, people entries created using the gateway will have cn-based DNs rather than the UID-based DNs (the default setting).

<locations>. A space-separated list of the locations where this type of entry can be added. The locations in this list must be identical to the <handle> specified on the corresponding location parameter.

Example

The following example allows persons to be added to the Marketing subtree using the template for organizationalPerson:

newtype orgperson "Person" cn marketing

NLS

Description

Identifies the libNLS data directory, which should contain a directory named "locales", containing the configuration files LANG.ctx, LANG.col, and LANG.txt for each supported language (locale).

Format

NLS <libNLS data directory>

Example

NLS ../../lib/nls

securitypath

Description

Identifies the location of the certificate database used by the gateway when using SSL to communicate with the Directory Server. The certificate database contains the Certificate Authority issuing the certificate for the Directory Server. [rob--helpful to say that on install for DE and dsgw, this points to the certificate database for the admin server?]

Format

securitypath <NSHOME>/alias/<cert.db>

Example

securitypath "/export/TEST/alias/pb-cert.db"

template

Description

Maps specific object classes to internal gateway templates. These templates define how a specific object class such as a person, a group, or an organizational unit is displayed in the gateway. The templatename identified has a corresponding HTML template stored in dsgw/conf/.

Format

template <templatename> <objectclass>

Example

The following example identifies orgperson as the template defining attributes for person and inetorgperson object classes:

template orgperson person inetorgperson

vcard-property

Description

The Directory Server gateway allows users to view vCards for person and NT person directory entries. The vCard and LDAP specifications define different labels to access information: vCards use properties and LDAP uses attributes. Therefore, there must be a way to map the vCard property names to the LDAP attribute names so that the Directory Server can locate the information for the vCard display. The vcard-property parameter accomplishes this vCard property to LDAP attribute mapping.

Format

vcard-property <vcardprop> <syntax> <ldapattr> [<ldapattr2>...]

<vcardprop>. The name of a vCard property. The following vCard properties are mapped to LDAP attributes:

<syntax>. A string that describes the nature of the vCard information. The following syntaxes are supported:

<ldapattr> [<ldapattr2>...]. The attribute(s) to be mapped to the vCard property. This is useful when mapping a vCard property to a custom attribute.

Example

The following example changes the mapping of the NOTE property from the default description attribute to a custom attribute named hobbies:

vcard-property NOTE mls hobbies

 

© Copyright 1999 Netscape Communications Corporation