List of strings which specifies the URL schemes to process in LDIF input
(marker :< in LDIF notation, see
This can be a security nightmare! Every resource addressable by URL
which is accessible by the system running web2ldap can be revealed.
Usually you MUST not allow file if others can access
your web2ldap installation and you MUST not allow any URL retrieval
when running at a security border (like somewhere at firewall border).
If unsure leave as empty list to ignore all URLs in LDIF.
Once again. This is the safe setting:
ldif_url_schemes = 
There are some situations where web2ldap just wants to determine the
existing attribute types of an entry and not the data itself for
However some LDAP hosts (e.g. Notes Domino 4.61 and prior versions)
have problems with such an search requesting only attribute types,
they won't return any matches for a search. If you experience this
problems (no matching entry) set this to 0.
Trace output of the LDAP connection can be written to error
output. Set to non-zero if you want debug your LDAP connection.
Warning! Passwords (credentials) are written to this trace log!
If unsure leave zero! Only set to non-zero for testing purposes
and if you have protected logs!
Path name to file
dumpasn1.cfg needed for displaying names of OIDs of
attribute types in subject and issuer name of certificates.
HTML and HTTP options
UTF-8 data is printed as is and charset is set to utf-8 in HTTP header.
This speeds up displaying dramatically! The browser has to set the
required HTTP header and your web server has to set the
if the browser sends Accept-Charset: utf-8 in HTTP header
and the web server sets HTTP_ACCEPT_CHARSET environment variable
The HTTP body can be sent compressed with gzip algorithm if this parameter
is set to a non-zero compressing level, the HTTP client sends
Accept-Encoding: gzip in the HTTP request header and the
web server sets HTTP_ACCEPT_CHARSET environment variable.
This also needs zlibmodule which is automatically detected.
This might speed things up if the server's CPU rather fast
compared to the network link. Even with large search results you
won't gain much by choosing gzip level higher than 1.
List of environment variables assumed to be constant throughout
web sessions with the same ID if existent.
These env vars are cross-checked each time when restoring an
web session to reduce the risk of session-hijacking.
Note: REMOTE_ADDR and REMOTE_HOST might not be constant if the client
access comes through a network of web proxy siblings.
You can set sec_expire to define the amount of
time (in seconds) the data is valid in the browser
(HTTP header Expires: is set).
Note: If you're doing modifications you might get
a very nasty behaviour if the pages are cached by your browser.
You can specify the required security level for each host and each command.
This default is chosen if there's no definition for a specific
host and command.
Set this to 2 if you are using SSL web server with client certificates.
Set to 1 if you use SSL connections.
Set to 0 if all LDAP data you are handling through this gateway is public.
Specifies a list of strings with the acceptable symmetric key ciphers to
reach at least security level 1.
http://www.apache-ssl.org/docs.html and the ApacheSSL
run-time directives SSLBanCipher, SSLRequireCipher, SSLRequiredCiphers
or similar options in your SSL capable web server.