Google

web2ldap - standalone.py

The configuration module for stand-alone mode
General
<Download> <News> <Demo> <Related>
Support
<Commercial> <Feedback> <FAQ>
Documentation
<Features> <Installing> <Configuration> <Compability> <Security> <Changes> <Files> <Roadmap>

This module contains configuration options solely needed if running as stand-alone web server.

[access_allowed] [access_log] [debug_log] [dir_listing_allowed] [document_root] [error_log] [mime_types] [pid_file] [run_username] [server_admin] [server_signature] [ssl_CertificateFile] [ssl_CertificateKeyFile] [ssl_Engine] [ssl_Protocols] [ssl_VerifyClient] [ssl_VerifyDepth] [ssl_debug] [ssl_randfile]

Misc. options

run_username
User account name to setuid after being started as root. This options might be overriden by command-line option -u.
server_admin
Contact mail address of the server admin when running stand-alone.
server_signature
This is the server's signature which can be appended to every HTML page. You can use a dictionary string-formatting of all environment vars.

Example:

server_signature = """
%(SERVER_SOFTWARE)s at %(SERVER_NAME)s Port %(SERVER_PORT)s
"""
access_allowed
List of accepted address/net mask strings of accepted client addresses.

Example for accepting all client IP addresses:

access_allowed = ['0.0.0.0/0.0.0.0']

Example for accepting only clients from loopback network:

access_allowed = ['127.0.0.1/255.0.0.0']

Path names

Path names of needed files and directories.
pid_file
Path name for file the PID of the main thread is written to.
access_log
Path name of access log file.
error_log
Path name of error log file.
debug_log
Path name of debug log file. stdout and stderr are redirected to this file for redirecting debug messages of underlying modules.
document_root
Where the static documents reside.
mime_types
Path name of IANA mime.types file.
dir_listing_allowed
Allow listing of directories. Set to 0 to disable, set 1 to enable the directory listings.

SSL

These options configure the behaviour or basic options when running with encryption protocl SSL. These variables have pretty much the same meaning as similar named SSL configuration directives in mod_ssl.

Note:
SSL support in stand-alone mode is still somewhat experimental and some features are not fully implemented yet. If you need a stable SSL implementation for production use run web2ldap under the control of a full-blown SSL capable web server via FastCGI (e.g. Apache or Netscape).

ssl_Engine
Set on for having SSL support. If off the options in this section are not needed. This options might be overriden by command-line option -s.
ssl_Protocols
List of supported protocols (up to now only ['sslv23'] works with Netscape).
ssl_debug
Set to 'on' for debugging messages from M2Crypto module.
ssl_CertificateFile
Server Certificate: Point SSLCertificateFile at a PEM encoded certificate. If the certificate is encrypted, then you will be prompted for a pass phrase.
ssl_CertificateKeyFile
Server Private Key: If the key is not combined with the certificate, use this directive to point at the key file.
ssl_CACertificatePath or ssl_CACertificateFile
Certificate Authority (CA): Set the CA certificate verification path where to find CA certificates for client authentication or alternatively one huge file containing all of them (file must be PEM encoded)
Note: Inside SSLCACertificatePath you need hash symlinks to point to the certificate files. Use the provided Makefile to update the hash symlinks after changes.
ssl_VerifyClient
Client Authentication (Type): Client certificate verification type and depth. Types are none (0), optional (1), require (3).
ssl_VerifyDepth
Depth is a number which specifies how deeply to verify the certificate issuer chain before deciding the certificate is not valid.
ssl_randfile
File with random data to seed PRNG (you won't need that on Linux since /dev/urandom is used there).

Page last modified: Saturday, 05-Jan-2002 21:06:44 CET, © by Michael Ströder <michael@stroeder.com>