web500gw: web500gw.conf configuration file

web500gw now needs a configuration file which is located at WEB500GWDIR/web500gw.conf, usually: /usr/local/etc/web500/web500gw.conf. This may be overriden by flag -c.

The general format of web500gw.conf is as follows:

# Lines starting with # and empty lines are comments and are ignored
# Format is:   keyword: value
# Lines may be wrapped by adding a \
keyword: value

There are different types of configuration options:

Integer	integer number (decimal)
Boolean	`on`, `true`, `yes`, `1` means "feature enabled" otherwise "feature disabled".
String	DN	Distinguished Name
	Pathname	Absolute filename = starting with /
	Filename	Relative or absolute
	regexp	Regular expression, see the regexp(3) Manpage.
	Other strings	see description
Special	described below

Configuration options:

Keyword Type Default value Description

General configuration

port Integer 8888 Port for web500gw to listen on HTTP requests. May be overridden by flag -p.

ldapserver String - hostname
or IP localhost Default LDAP server to contact. May be a space separated list of hostnames. May be overridden by flag -x.

ldapport Integer 389 Port where the LDAP server can be reached. May be overridden by flag -P.

otherservers Boolean off Allow to use other LDAP servers which could be specified in the URL.

timelimit Integer 240 Maximum timelimit for LDAP operations in seconds.

sizelimit Integer 0 (unlimited) Maximum number of search results when searching outside of HomeDN. Search limit below HomeDN may be specified for each ACCESS rule differently.

rootishome Boolean off Meaning of requests without a DN:

off: / = "X.500 root", /M = HomeDN
on: / = HomeDN, /root = "X.500 root"

derefaliases Boolean off Dereferencing all alias entries during search. May be expensive ... May be switched on by flag -a.

showonematch Boolean on If a search finds one match just show this entry.

ufnsearch Boolean on Allow UFN search if a search value contains a comma.

subsearch String organization, organizationalUnit A comma separated list of objectclasses. Below nodes of this objectclasses the default search strategy is "subtree".

lastmodified Boolean on Send "Last-Modified:" HTTP header if entry has a "lastModifiedTime" attribute?

expires Integer -1 (no expire) Send "Expire:" HTTP header?

-1 = don't expire, allow caching in Web client and cache servers
0 = expire now, don't allow caching
n > 0 = expire after n seconds

maxvalues Integer 0 If MODIFY is compiled in (-DMODIFY, see Makefile): Limits the number of values that a user can add to attributes with web500gw's modify feature.

0 = don't allow adding any value, just modify existing values
1 = modify existing values and allow adding one value to empty attributes
n > 1 = allow adding values to attributes till n values

robots String User-agent: * Disallow: / Text to send when /robots.txt is requested. It should make Web robots go away...

syslog Boolean off Log all reqests via syslog facility local3.info. May be switched on by flag -l.

logformat String %h "%r" %s %e "%a" %b %l Format of the logging line per request.

`%a`	ACCESS description	`%l`	Response language
`%b`	Browser description	`%r`	HTTP request (first line)
`%B`	Full Browser string	`%s`	HTTP response status
`%e`	LDAP error code	`%t`	Response time
`%f`	Request referer	`%T`	Time in seconds between receipt of the client's request and the server's response.
`%h`	Client host	`%x`	used LDAP server

Default values

homedn String - DN empty = the Root Default "Home-DN" for URLs /M. Search results below this DN may be limited, so this is usually your own domain.

web500dn String - DN empty = don´t bind Default DN to bind to the Directory before any LDAP action is done. May be specified for each ACCESS rule differently.

web500pw String empty ... password for web500dn (simple auth). May be specified for each ACCESS rule differently.

Other configuration files

etcdir String - Pathname WEB500GWDIR usually /usr/local/etc/web500 Directory containig all configuration files. May be overridden by flag -e.

attrfile String - Filename web500gw.attr Default name of the helpfile on attributes (for modify - URL: /HA) .

filterfile String - Filename ldapfilter.conf Default name of the search filter definitions.

friendlyfile String - Filename ldapfriendly Default name of the friendly names definitions

messagefile String - Filename web500gw.messages Default name of the messages file.

templatefile String - Filename ldaptemplates.conf Default name of the templatefile.

helpfile String - Filename web500gw.help Default name of the helpfile (URL: /H)

External programs

g3togif String - Pathname none = no conversion A filter program that converts images from G3Fax to GIF format.

jpegtogif String - Pathname none = no conversion A filter program that converts images from JPEG to GIF format (for old browsers).

Access Control

access See below At least one ACCESS entry is required!

Format:

access: name : pattern : rights : sizelimit : language : startDN : bindDN : bind passwd : suffix for ACCESS specific files

name String A description (used for logging - %a)

pattern String - regexp Access control is dependent on the requesting client host. A regular expression pattern is used to find the corresponding ACCESS rule for the requesting host. The first matching ACCESS line is used, so the order is important.

rights String - one of these tokens: What rights has the requesting client.

`read`	= read only attributes in template file
`readall`	= read all attributes (if allowed by directory)
`full`	= readall + modify
`none`	= nothing

Of course, the Directory Access rights are not overridden by these rights. So with readall a certain attribute cannot be read if the Directory doesn't allow it for bindDN.

sizelimit Integer Maximum number of results when searched below Home DN. Defaults to sizelimit.

language String The default language - must be defined with language option.

startDN String - DN "Start DN" for URLs "/M". Defaults to homedn.

bindDN String - DN Default DN to bind to the Directory before any LDAP action is done. Defaults to web500dn.

bind passwd String ... password for web500dn (simple auth). Defaults to web500pw.

suffix String Suffix for the ACCESS specific files (templatefile, filterfile). Default is no suffix.

Example:

access: Local : .*\.tu-chemnitz\.de$ : full : 0 : de ::::\ .internal access: German : *\.de$ : read : 20: de : c=DE ::: access: World : .* : read : 20: en : / : : :
The first line is an entry for local clients (in tu-chemnitz.de domain, note the notation for the regexp!). They have full access, no search limits and default language is de (defined in a language: option). The values for HomeDN, BindDN and Bindpw are taken from the defined default values. The filenames for the ACCESS specific template and filter file are build by adding the suffix ".internal" to the values of the templatefile and filterfile keywords defined above.

The second line is for clients coming from DE. They only can read default attributes defined in templatefile. Searches below HomeDN results in maximum 20 matches. Default language is German, HomeDN is c=DE. Other values are taken from the default.

The last line is the default entry for clients coming from anywhere else.

Browser specific configuration

browser Web500gw can display Directory entries and search results in different ways. This can be used to adapt the HTML output to the (mis-) features of several browsers (e.g. don´t use TABLE for Lynx).

Format:

browser: name : User-Agent pattern : options : display flags : navigation

name String A description (used for logging - %b)

User-Agent pattern String - regexp The right browser entry is found by matching the User-Agent: header given in the HTTP request with this regular expression pattern. The first matching browser line is taken, so the order is important.

options String - one or more of these tokens (separated by comma): HTML features supported by the requesting client

`forms`	= supports `<FORM>`
`mailto`	= supports `mailto:` URLs
`img`	= supports inline images
`jpg`	= supports inline JPEG images
`html32`	= supports all the options above

display flags String - one or more of these tokens (separated by comma): Formatting of the entries and search results

`table`	= as tables `<TABLE>`
`list`	= as lists `<DL>`
`oneline`	= all values for an attribute in one line - compact display Could be combined with `table` or `list`

navigation String - one or more of these tokens (separated by comma): Location and style of the navigation elements ("Go up" and search form)

`top`	= on top of the page (before entry)
`bottom`	= on bottom of the page (after entry)
`small`	= "Go up" in one line (RDNs as Links)
`list`	= "Go up" as list `<UL>`
`menu`	= "Go up" as selection menu `<SELECT>`
`none`	= no navigation elements

Example:

browser: Mozilla : Mozilla/.* : html32 : table : top,menu browser: Lynx : Lynx.* : forms,mailto : list : bottom,list browser: Other : .* : forms,mailto,img: list : top,list

The first line is an entry for Netscape (and friends :-?) browsers. They are HTML 3.2 compatible (supports forms, tables, images ...), entries are presented as tables with the navigation tools on top as select menu.

The second line is for Lynx which supports forms and mailto URLs but no inline images and tables. So we present entries as lists with navigation tools on buttom as lists.

The last line is the default entry for other browsers.

Language definition

language See below For language support you need a set of files within this language: messagefile, friendlyfile, helpfile, attrfile.
The web500gw distribution contains English, German, Spanish / Castellano, and French versions of these files.

Format:

language: Content-Language : Accept-Language pattern : suffix for lang spec files

Content-Language	String	Used as `HTTP-Content-Language`: header in response in ACCESS definition (language) for logging - %l
Accept-Language pattern	String - regexp	The right language entry is found by matching the value of the `lang` flag in the requested URL (if given) or the `Accept-Language:` header given in the HTTP request with this regular expression pattern. The first matching language line is taken, so the order is important.
suffix for lang spec files	String	To build the right filenames for the language dependent files this suffix is added to the default values for `messagefile, friendlyfile, helpfile, attrfile`.

Example:

language: de : de.* : .german language: en : .* :

The first line defines German language. It is used when a request contains an URL flag lang=de, an header Accept-Language: de (or de...), or if this is a default language of an ACCESS rule. Response contains Content-Language: de and language specific files are with suffix ".german".
e.g. messagefile = etcdir/messagefile.german

The second line is the English language definition. It's the default language (matches all other Accept-Language: values). The language specific files have no suffix.
e.g. messagefile = etcdir/messagefile

Experimental options

gwswitch Boolean off Enables experimental WWW-X.500 switching (in DE)

monitordn String - DN empty Read this DN in a statistics-request /monitordn - may be the SLAPD monitor, e.g. /cn=monitor

VERSION: 2.1rc1
Availability
Features
Changes
Known Bugs
Links & References

Installation
Modes

Configuration:
web500gw.conf
Hints
vCards
Search interface
Adding entries

Examples:
web500gw.conf
ldaptemplates.conf
ldapfriendly

Support:
Y2K proof?
Mailing List
Troubleshooting
URL format
URLs in entries
LDAP errors

Developers
SF.net Project

Test it:
TU Chemnitz
TU Chemnitz CGI
Other sites

(web500gw.conf.html.php Version 1.1) last modified by dekarl on 2001/07/22 at 20:17:46 GMT