1 #*_/_/_/_/_/_/_/_/_/_/_/_/_/_/_/_/_/_/_/_/_/_/_/_/_/_/_/_/_/_/_/_/_/_/_/_/_/
5 # Function:..Ressource-File for TWEB *
9 # Authors:...Dr. Kurt Spanier & Bernhard Winkler, *
10 # Zentrum fuer Datenverarbeitung, Bereich Entwicklung *
11 # neuer Dienste, Universitaet Tuebingen, GERMANY *
14 # Creation date: Z D D V V *
15 # July 26 1995 Z D D V V *
16 # Last modification: Z D D V V *
17 # January 11 1999 ZZZZ DDD V *
19 #/_/_/_/_/_/_/_/_/_/_/_/_/_/_/_/_/_/_/_/_/_/_/_/_/_/_/_/_/_/_/_/_/_/_/_/_/*/
20 #==========================================================================
21 # $Id: tweb.rc.dist,v 1.6 1999/09/10 15:01:22 zrnsk01 Exp $
24 ##########################################################################
26 # set the following variables to your local addresses (NEEDED) #
27 # check also for the location of certain help files #
28 # and proper timeout #
30 ##########################################################################
32 # the base port, TWEB is listening on;
33 # indizes for the languages are added to this base port number
34 # (e.g., TWEB with language 1 is listening on port (WEBPORT + 1))
35 WEBPORT <the-base-port-tweb-should-listen-to>
37 # the host and port, your x500 server (e.g., UMICH slapd) is listening on
38 LDAPD <the-host-running-your-ldap-server>
39 LDAPPORT <the-port-of-that-ldapserver>
42 #------------------------------------------------------------------------#
44 # the DN, TWEB will consider it´s home, together with header and
45 # footer files to be display´ed at that position
47 # the BASEDN will be accessed, when NO DN is given (http://host:port/
48 # the BASEDN will be stripped off from hyperlinks beeing display´ed
49 # access to DIT areas NOT below BASEDN will be denied, if STRICT-BASEDN
50 # (see tweb.rc(.dist)) is activ
52 # BEWARE: HEADER AND FOORTER FILE NAMES ARE ONLY THE BASE NAMES; THE
53 # CORRESPONDING WORKING FILES MUST HAVE EXTENSIONS OF '.x'
54 # WITH x INDICATING THE DESIRED GATEWAY LANGUAGE NUMBER (0-9)
56 BASEDN "o=<my-organization>, c=<my-country-ID>" tweb-base.head tweb-base.foot
59 #------------------------------------------------------------------------#
61 # assuming you have copied the binary into the TWEB_conFiles directory,
62 # the ETCDIR directory should be a parallel directory of the current one
65 # the filter file directs the mode, TWEB will search for entries
66 # (e.g., first search input as is in attribute cn, then search
67 # for any one word in attributes cn and/or sn ... )
68 FILTERFILE ldapfilter.conf
70 # the time in secs, TWEB will try to get a connection to the x500 server
74 ##########################################################################
76 # check the following variables for proper access rights #
77 # and handling of entry lists/legal hints #
78 # (NOT NEEDED FOR FIRST START-UP) #
80 ##########################################################################
82 # DN and password of an x500 entry, TWEB will use, when access of the
83 # user to the servers data is without restrictions
85 # WEBDN "cn=<TWEB-DN-1>, o=<your-organization>, c=<your-country>"
88 # DN (and password) of an x500 entry, TWEB will use, when access of the
89 # user to the servers data is restricted (e.g., external users);
90 # a NULL password (by not configuring) will lead to anonymous access,
91 # irrespective, whether the DN is given or not
93 # WEBDN2 "cn=<TWEB-DN-2>, o=<your-organization>, c=<your-country>"
96 # Refuse/grant service to certain IP hosts/domains names;
97 # both settings will be checked when deciding deniel of service;
98 # the most special definition for the host given will dominate
99 # (settings can be given by using regular expressions, to cover more than
100 # one host/domain with one expression; alternatives, which should be
101 # or'ed must be seperated by '|')
102 # (continuations can be given on follow-up lines, whith no additional
103 # character at the end of the previous line, and an indentation by
104 # TAB or SPACE on the follow-up line)
106 # REFUSE some-host(\.some-sub-domain)?\.some-domain$|another-domain$|
107 # ^some-initial-char[0-9]+.+\.some-domain$
109 # GRANT (host1|host2|host3).*\.another-domain$
111 # When service is granted to the requesting host, allow-string/deny-string
112 # decide on full or restricted access to the servers data; in both cases
113 # one of WEBDN1/WEBDN2 (or anonymous if not configured) is used for
114 # accessing the server;
115 # ACLs on the server must be set accourding to the required visibility of
116 # data (see description of ACLs in the servers documentation)
117 # (host/domain names are given as with GRANT/REFUSE)
119 # ALLOW-STRING my-domain$
120 # DENY-STRING some-special-host/sub-domain-in-my-domain\.my-domain$
122 # Consider WWW proxies as not authorized to get un-restricted access
125 # Consider the explicit list of proxies as authorized to get full access
126 # (the list is as colon-seperated list of host names)
127 # ALLOW-PROXY proxy.in.my.domain:some-proxy.in.another.domain
129 # Refuse access to DNs, outside the scope of TWEBs BASEDN
130 # (this is necessary, if no referral mechanism is working on the
131 # x500 server level; e.g., with slapd in the UMICH package)
134 # Activate anti-hacking code: count access from a range of IP adresses
135 # (IP-Group) to the gateway during a timeslice (randomly selected between
136 # a minimum and maximum number of secs); if the count exceeds a pre-
137 # defined maximum, refuse service for a certain number of timeslices;
138 # after that resume service for the IP-Group
139 # Print statistics for number of accesses from all IP-Groups to file,
140 # at regular intervalls
142 # COMREFUSE TMIN TMAX MAX_ACCEPT SUSPEND_CYCLE STAT_CYCLE STAT_FILE
143 COMREFUSE 100 200 40 12 43200 /LDAP/ldap-3.0/tweb-1.0/hack-stats
145 #------------------------------------------------------------------------#
147 # The maximum number of entries display'ed on any one HTML page
150 # During searching/browsing restrict the number of person entries to the
151 # given number; numbers apply to each of the person groups given by the
153 # STRICT means, even allowed access will be restricted in numbers
154 # NO-BROWSE means, during browsing no person entries are shown at all
155 # MAX-PERSON 5 STRICT NO-BROWSE
157 # List of (parts of ) RDNs, which should not be display'ed
158 # For the current release, strings are seperated by BLANK, with forced
159 # matching to the beginning or end of an RDN signalled by '|';
160 # in a future release, this will be replaced by regular expressions,
161 # very like as in GRANT/REFUSE and beasts
162 NO-SHOW-RDN "|cn=Dummy| netz| LDAP-SAP Mail500|"
165 # Print a legal message for restricted users;
166 # normally, this message is printed at the end of the HTML page,
167 # with ON-TOP, the message can be printed near the top of the page
172 ##########################################################################
174 # configure TWEB gateway-switching #
176 ##########################################################################
178 # Gateway-switching is an original feature of the TWEB, www-x500-gateway.
179 # Switching enables TWEB to generate hyper-links, that are directed towards
180 # other well-known gateways. Following those hyper-links will lead the
181 # user to those gateways, effectively balancing the load between a net
182 # of gateways. Another benefit is the 'Corporate Identity' each gateway
183 # can implement for an organizations own directory data.
185 # Gateway-switching can be configured statically, in the config files
186 # tweb.rc and/or tweb.conf.? , or dynamically, via hints in the
187 # directory data to be display'ed.
189 # Select dynamic gateway-switching: TWEB will look for labeleduri
190 # attributes within each entry to be display'ed as a hyper-link
191 # before constructing the host-part of the hyper-link URL; the
192 # labelleduri attribut must follow the syntax:
193 # <base-url-of-the-other-gateway> <some-label> (gw[-<language-key>])
194 # The DN of the entry will be appended to the base-url, if the language
195 # selection matches, or no specific selection is given (gw)
199 # Configure static gateway switches; they may be replaced at run-time by
200 # dynamic switches (in tweb.rc, gateways, which only support one language
201 # are given; gatways supporting more languages are defined in the
203 GW-SWITCH "l=DFN,c=DE" http://ambix.uni-tuebingen.de:8889/
206 ##########################################################################
208 # some miscelleneous configuration parameters #
210 ##########################################################################
212 # the labelling of buttons/links leading to gateways with other languages
216 # the hierarchy above the current DIT position is presented as a
217 # pull down menu and an action button, or as a list of hyperlinks
220 # entries are kept for some time in a WWW browser´s or proxy´s cache,
222 CACHE-EXPIRE-DEFAULT 900
224 # digits at the end of RDNs (e.g., to make RDNs unique) are stripped
225 # off before displaying; in the config parameter a list of object
226 # classes with stripping in the RDN parts is given
227 # STRIP-PIN |toc_profs|person|toc_primas|toc_cperson|toc_funcs|toc_pextra|
229 # when MODIFY is configured (in tweb.conf.x), entries belonging to
230 # the object class(es) given here can NOT be modified
231 # NO-MODIFY |toc_primas|