LDAP¶
Section [LDAP]¶
- LDAP.Server: list¶
Each entry maps to an instance of
ldap.LDAPServerConfigDefines a list of LDAP server configuration sections. For details on configuring section lists, see the general configuration guide Array Tables for TOML.
- Server.Port: int¶
Maps to
ldap.LDAPServerConfig.ldap_portSpecifies the port on which the LDAP server instance listens. This option is required and must be defined within each individual **``[[LDAP.Server]]`` **section.
- Server.Connectionless: bool¶
Maps to
ldap.LDAPServerConfig.ldap_udpConfigures the LDAP server to operate over UDP (CLDAP), rather than the default TCP transport. This option must be set within each individual server section and is not allowed in the global ``[LDAP]`` section.
The attributes described below may also be specified in the global
[LDAP]section, where they will serve as default values for all individual server entries — unless explicitly overridden.- Server.Capabilities: list[str]¶
Maps to
ldap.LDAPServerConfig.ldap_caps. Can also be set in[LDAP]Lists LDAP capabilities returned by the server when queried. Default values include:
"1.2.840.113556.1.4.800"(LDAP_CAP_ACTIVE_DIRECTORY_OID):Indicates the LDAP server is running Active Directory Domain Services (AD DS). [1]
"1.2.840.113556.1.4.1791"(LDAP_CAP_ACTIVE_DIRECTORY_LDAP_INTEG_OID):Specifies that the server supports LDAP signing and sealing with NTLM authentication, and can handle subsequent binds over secure channels. [1]
"1.2.840.113556.1.4.1670"(LDAP_CAP_ACTIVE_DIRECTORY_V51_OID):Indicates the LDAP server is running at least the Windows Server 2003 version of AD DS. [1]
- Server.SASLMechanisms: list[str]¶
Maps to
ldap.LDAPServerConfig.ldap_mech. Can also be set in[LDAP]Defines the list of supported SASL authentication mechanisms. By default, the server supports: GSSAPI, GSS-SPNEGO, and simple binds.
- Server.Timeout: int¶
Maps to
ldap.LDAPServerConfig.ldap_timeout. Can also be set in[LDAP]Configures the LDAP operation timeout in seconds. A value of
0disables the timeout (default), which may cause issues during tool shutdown. Any non-zero value sets the maximum allowed duration for operations.
- Server.FQDN: str¶
Maps to
ldap.LDAPServerConfig.ldap_fqdn. Can also be set in[LDAP]Specifies the server’s hostname or fully qualified domain name (FQDN). The domain portion is optional. Example:
"HOSTNAME.domain.local".
- Server.ErrorCode: str | int¶
Maps to
ldap.LDAPServerConfig.ldap_error_code. Can also be set in[LDAP]Sets the LDAP error code to return upon successful authentication. It is recommended to return a valid error (rather than success). By default, the server returns
"unwillingToPerform".
- Server.TLS: bool = false¶
Maps to
ldap.LDAPServerConfig.ldap_tls. Can also be set in[LDAP]Enables SSL/TLS encryption using a custom certificate.
- Server.Cert: str¶
Maps to
ldap.LDAPServerConfig.ldap_tls_cert. Can also be set in[LDAP]or[Globals]Specifies the path to the certificate file used when TLS is enabled.
- Server.Key: str¶
Maps to
ldap.LDAPServerConfig.ldap_tls_key. Can also be set in[LDAP]or[Globals]Specifies the path to the private key file associated with the TLS certificate.
Default Configuration¶
1[LDAP]
2Timeout = 2
3FQDN = "DEMENTOR"
4TLS = false
5ErrorCode = "unwillingToPerform"
6
7[[LDAP.Server]]
8Connectionless = false
9Port = 389
10
11[[LDAP.Server]]
12# means UDP
13Port = 389
14Connectionless = true