web500gw: web500gw.conf configuration file

  web500gw now needs a configuration file which is located at WEB500GWDIR/web500gw.conf, usually: /usr/local/etc/web500/web500gw.conf. This may be overriden by flag -c.
The general format of web500gw.conf is as follows:
# Lines starting with # and empty lines are comments and are ignored
# Format is:   keyword: value
# Lines may be wrapped by adding a \
keyword: value

There are different types of configuration options:
Integer   integer number (decimal)
Boolean   on, true, yes, 1 means "feature enabled"
otherwise "feature disabled".
String    DN   Distinguished Name
Pathname   Absolute filename = starting with /
Filename   Relative or absolute
regexp   Regular expression, see the regexp(3) Manpage.
Other strings   see description
Specialdescribed below

Configuration options:

Keyword Type Default value Description
General configuration
port Integer 8888 Port for web500gw to listen on HTTP requests. May be overridden by flag -p.
ldapserver String - hostname
or IP
localhost Default LDAP server to contact. May be a space separated list of hostnames. May be overridden by flag -x.
ldapport Integer 389 Port where the LDAP server can be reached. May be overridden by flag -P.
otherservers Boolean off Allow to use other LDAP servers which could be specified in the URL.
timelimit Integer 240 Maximum timelimit for LDAP operations in seconds.
sizelimit Integer 0 (unlimited) Maximum number of search results when searching outside of HomeDN. Search limit below HomeDN may be specified for each ACCESS rule differently.
rootishome Boolean off Meaning of requests without a DN:
off: / = "X.500 root", /M = HomeDN
on: / = HomeDN, /root = "X.500 root"
derefaliases Boolean off Dereferencing all alias entries during search. May be expensive ... May be switched on by flag -a.
showonematch Boolean on If a search finds one match just show this entry.
ufnsearch Boolean on Allow UFN search if a search value contains a comma.
subsearch String organization, organizationalUnit A comma separated list of objectclasses. Below nodes of this objectclasses the default search strategy is "subtree".
lastmodified Boolean on Send "Last-Modified:" HTTP header if entry has a "lastModifiedTime" attribute?
expires Integer -1 (no expire) Send "Expire:" HTTP header?
-1 = don't expire, allow caching in Web client and cache servers
0 = expire now, don't allow caching
n > 0 = expire after n seconds
maxvalues Integer 0 If MODIFY is compiled in (-DMODIFY, see Makefile): Limits the number of values that a user can add to attributes with web500gw's modify feature.
0 = don't allow adding any value, just modify existing values
1 = modify existing values and allow adding one value to empty attributes
n > 1 = allow adding values to attributes till n values
robots String User-agent: *
Disallow: /
Text to send when /robots.txt is requested. It should make Web robots go away...
syslog Boolean off Log all reqests via syslog facility local3.info. May be switched on by flag -l.
logformat String %h "%r" %s %e "%a" %b %l Format of the logging line per request.
%a   ACCESS description %l   Response language
%b   Browser description %r   HTTP request (first line)
%B   Full Browser string %s   HTTP response status
%e   LDAP error code %t   Response time
%f   Request referer %T   Time in seconds between receipt of the client's request and the server's response.
%h   Client host %x   used LDAP server
Default values
homedn String - DN empty = the Root Default "Home-DN" for URLs /M. Search results below this DN may be limited, so this is usually your own domain.
web500dn String - DN empty = donīt bind Default DN to bind to the Directory before any LDAP action is done. May be specified for each ACCESS rule differently.
web500pw String empty ... password for web500dn (simple auth). May be specified for each ACCESS rule differently.
Other configuration files
etcdir String - Pathname WEB500GWDIR usually /usr/local/etc/web500 Directory containig all configuration files. May be overridden by flag -e.
attrfile String - Filename web500gw.attr Default name of the helpfile on attributes (for modify - URL: /HA) .
filterfile String - Filename ldapfilter.conf Default name of the search filter definitions.
friendlyfile String - Filename ldapfriendly Default name of the friendly names definitions
messagefile String - Filename web500gw.messages Default name of the messages file.
templatefile String - Filename ldaptemplates.conf Default name of the templatefile.
helpfile String - Filename web500gw.help Default name of the helpfile (URL: /H)
External programs
g3togif String - Pathname none = no conversion A filter program that converts images from G3Fax to GIF format.
jpegtogif String - Pathname none = no conversion A filter program that converts images from JPEG to GIF format (for old browsers).
Access Control
access See below At least one ACCESS entry is required!
Format: access: name : pattern : rights : sizelimit : language : startDN : bindDN : bind passwd : suffix for ACCESS specific files
name String A description (used for logging - %a)
pattern String - regexp Access control is dependent on the requesting client host. A regular expression pattern is used to find the corresponding ACCESS rule for the requesting host. The first matching ACCESS line is used, so the order is important.
rights String - one of these tokens: What rights has the requesting client.
read = read only attributes in template file
readall = read all attributes (if allowed by directory)
full = readall + modify
none = nothing
Of course, the Directory Access rights are not overridden by these rights. So with readall a certain attribute cannot be read if the Directory doesn't allow it for bindDN.
sizelimit Integer Maximum number of results when searched below Home DN. Defaults to sizelimit.
language String The default language - must be defined with language option.
startDN String - DN "Start DN" for URLs "/M". Defaults to homedn.
bindDN String - DN Default DN to bind to the Directory before any LDAP action is done. Defaults to web500dn.
bind passwd String ... password for web500dn (simple auth). Defaults to web500pw.
suffix String Suffix for the ACCESS specific files (templatefile, filterfile). Default is no suffix.
Example: access: Local : .*\.tu-chemnitz\.de$ : full : 0 : de ::::\
access: German : *\.de$ : read : 20: de : c=DE :::
access: World : .* : read : 20: en : / : : :

The first line is an entry for local clients (in tu-chemnitz.de domain, note the notation for the regexp!). They have full access, no search limits and default language is de (defined in a language: option). The values for HomeDN, BindDN and Bindpw are taken from the defined default values. The filenames for the ACCESS specific template and filter file are build by adding the suffix ".internal" to the values of the templatefile and filterfile keywords defined above.

The second line is for clients coming from DE. They only can read default attributes defined in templatefile. Searches below HomeDN results in maximum 20 matches. Default language is German, HomeDN is c=DE. Other values are taken from the default.

The last line is the default entry for clients coming from anywhere else.

Browser specific configuration
browser Web500gw can display Directory entries and search results in different ways. This can be used to adapt the HTML output to the (mis-) features of several browsers (e.g. donīt use TABLE for Lynx).
Format: browser: name : User-Agent pattern : options : display flags : navigation
name String A description (used for logging - %b)
User-Agent pattern String - regexp The right browser entry is found by matching the User-Agent: header given in the HTTP request with this regular expression pattern. The first matching browser line is taken, so the order is important.
options String - one or more of these tokens (separated by comma): HTML features supported by the requesting client
forms = supports <FORM>
mailto = supports mailto: URLs
img = supports inline images
jpg = supports inline JPEG images
html32 = supports all the options above
display flags String - one or more of these tokens (separated by comma): Formatting of the entries and search results
table = as tables <TABLE>
list = as lists <DL>
oneline = all values for an attribute in one line - compact display
Could be combined with table or list
navigation String - one or more of these tokens (separated by comma): Location and style of the navigation elements ("Go up" and search form)
top = on top of the page (before entry)
bottom = on bottom of the page (after entry)
small = "Go up" in one line (RDNs as Links)
list = "Go up" as list <UL>
menu = "Go up" as selection menu <SELECT>
none = no navigation elements
Example: browser: Mozilla : Mozilla/.* : html32 : table : top,menu
browser: Lynx : Lynx.* : forms,mailto : list : bottom,list
browser: Other : .* : forms,mailto,img: list : top,list

The first line is an entry for Netscape (and friends :-?) browsers. They are HTML 3.2 compatible (supports forms, tables, images ...), entries are presented as tables with the navigation tools on top as select menu.

The second line is for Lynx which supports forms and mailto URLs but no inline images and tables. So we present entries as lists with navigation tools on buttom as lists.

The last line is the default entry for other browsers.

Language definition
language See below For language support you need a set of files within this language: messagefile, friendlyfile, helpfile, attrfile.
The web500gw distribution contains English, German, Spanish / Castellano, and French versions of these files.
Format: language: Content-Language : Accept-Language pattern : suffix for lang spec files
Content-Language String Used
  • as HTTP-Content-Language: header in response
  • in ACCESS definition (language)
  • for logging - %l
Accept-Language pattern String - regexp The right language entry is found by matching the value of the lang flag in the requested URL (if given) or the Accept-Language: header given in the HTTP request with this regular expression pattern. The first matching language line is taken, so the order is important.
suffix for lang spec files String To build the right filenames for the language dependent files this suffix is added to the default values for messagefile, friendlyfile, helpfile, attrfile.
Example: language: de : de.* : .german
language: en : .* :

The first line defines German language. It is used when a request contains an URL flag lang=de, an header Accept-Language: de (or de...), or if this is a default language of an ACCESS rule. Response contains Content-Language: de and language specific files are with suffix ".german".
e.g. messagefile = etcdir/messagefile.german

The second line is the English language definition. It's the default language (matches all other Accept-Language: values). The language specific files have no suffix.
e.g. messagefile = etcdir/messagefile

Experimental options
gwswitch Boolean off Enables experimental WWW-X.500 switching (in DE)
monitordn String - DN empty Read this DN in a statistics-request /monitordn - may be the SLAPD monitor, e.g. /cn=monitor
VERSION: 2.1rc1
 Known Bugs
 Links & References


 Search interface
 Adding entries


 Y2K proof?
 Mailing List
 URL format
 URLs in entries
 LDAP errors

 SF.net Project

Test it:
 TU Chemnitz
 TU Chemnitz CGI
 Other sites

hosted by sourceforge
  (web500gw.conf.html.php Version 1.1) last modified by dekarl on 2001/07/22 at 20:17:46 GMT