/etc/benno-web/ldapauth.conf
#
# LDAP Authentication configuration file
#
# This file must be readable by the user of the web server
#
# LDAP host
#
# <hostname>:<port>
#
# secondary ldap servers: <server1[:port]>,<server2[:port]>, ...
# Univention UCS + Samba4: <hostname>:7389
#
host = localhost
# LDAP base dn
#
# Base dn of the ldap directory, the bind dn will be determined by a search
#
# request the user uid
#
basedn = dc=lw-systems,dc=net
# User id attribute
#
# The attribute which holds the user id for authentication
#
# Windows AD: userattr = sAMAccountName
#userattr = uid
# user rdn
#
# Authentication will be performed as: $userattr=USERLOGIN,$usersuffix
#
# If disabled, a LDAP search operation will be performed to detect the user dn
#usersuffix =
# User objectclas
#
# Objectclass of user object
#
# Windows AD: objectclass = user
#objectclass = posixAccount
# User filter
#
# LDAP search filter for user object
# Overwrites "userattr" and "objectclass" settings.
#
# The authentication module need to search in LDAP, thus "binddn" and
# "password" settings could be necessary.
# The "usersuffix" parameter will be disabled internally.
#
# %s - match login name
# %u - match userpart of login name
# %d - match domainpart of login name
#
#userfilter = (&(objectClass=posixAccount)(uid=%s))
# Encrypt LDAP connection
# STARTLS port 389: tls = true
# LDAPS port 636: tls = ldaps
#tls = false
# DN to bind for search requests
#
# Dn of an user with permissions to search at the ldap tree.
# Enable if anonymous search is not permitted!
#
# Windows AD: binddn = <username>@<windows-domain>
#binddn =
# Password of the admin user
#
#password =
## User is allowed to access his own email adresses and
## addtional adresses
# Email address attribute
# Univention UCS: mailPrimaryAddress
#email = mail
# Email alias attribute
# Windows AD: proxyAddress | proxyAddresses
# Univention UCS: mailAlternativeAddress
#alias = emailAlias
# Allow access to additional email addresses
#addemail = info@lw-systems.net, mailing@lw-systems.net
# Benno role attribute
#role = bennoRole
# Benno container name attribute
#container = bennoContainer
# Default container (if containerattr not set in LDAP)
#default_container = BennoContainer
# List of username who will always assigned the admin role
#adminuser = bennoadmin, superadmin
# List of addressfilters for admin user (default *@*)
#adminaddress = *@*
# List of username who will always assigned the revisor role
#revisoruser = revisor
# remove domain from username during authentication if set to "true"
#remove_domainsuffix = false
# set debug level
# 0: log only warnings (default)
# 1: log authprotocol responses
# 2: log ldap attribute data
# 3: log ldap requests
#loglevel = 0
### Settings for benno_ldapgroup
# Group objectclas
#
# Objectclass of group objects
#
# Windows AD: objectclass = group
#groupobjectclass = posixGroup
# Group user id attribute
#
# The attribute which holds the userids in group
#
#groupuserattr = memberUid
# Email group address attribute
#
# Univention UCS: mailPrimaryAddress, univentionFreeAttributeXX
#groupmailattr =