.TH LDAP.CONF 5 "RELEASEDATE" "OpenLDAP LDVERSION"
.\" $OpenLDAP$
-.\" Copyright 1998-2015 The OpenLDAP Foundation All Rights Reserved.
+.\" Copyright 1998-2018 The OpenLDAP Foundation All Rights Reserved.
.\" Copying restrictions apply. See COPYRIGHT/LICENSE.
.SH NAME
ldap.conf, .ldaprc \- LDAP configuration file/environment variables
# Right - DN syntax needs quoting for Example, Inc:
BASE ou=IT staff,o="Example, Inc",c=US
# or:
- BASE ou=IT staff,o=Example2C Inc,c=US
+ BASE ou=IT staff,o=Example\\2C Inc,c=US
# Wrong - comment on same line as option:
DEREF never # Never follow aliases
.TP
.B SASL_MECH <mechanism>
Specifies the SASL mechanism to use.
-.B This is a user-only option.
.TP
.B SASL_REALM <realm>
Specifies the SASL realm.
-.B This is a user-only option.
.TP
.B SASL_AUTHCID <authcid>
Specifies the authentication identity.
specifies the maximum security layer receive buffer
size allowed. 0 disables security layers. The default is 65536.
.RE
+.TP
+.B SASL_NOCANON <on/true/yes/off/false/no>
+Do not perform reverse DNS lookups to canonicalize SASL host names. The default is off.
.SH GSSAPI OPTIONS
If OpenLDAP is built with Generic Security Services Application Programming Interface support,
there are more options you can specify.
.nf
TLS_CERT my hardware device:Certificate for Sam Carter
.fi
-Use certutil -L to list the certificates by name:
+Use certutil \-L to list the certificates by name:
.nf
- certutil -d /path/to/certdbdir -L
+ certutil \-d /path/to/certdbdir \-L
.fi
.TP
.B TLS_KEY <filename>
the location of the cert/key database, use modutil to change the password
to the empty string:
.nf
- modutil -dbdir ~/.moznss -changepw 'NSS Certificate DB'
+ modutil \-dbdir ~/.moznss \-changepw 'NSS Certificate DB'
.fi
You must have the old password, if any. Ignore the WARNING about the running
browser. Press 'Enter' for the new password.