AuthenticationOptions

Authentication Options

General Options

Option	Description
StripAuthenticationDomain	Strips the login value up to and including the first slash. This will change a login of "coils.example.com\adam" to "adam". This is useful for some clients which may automatically qualify the username with a domain.
AllowSpacesInLogin	This option is for compatibility with OpenGrouwpare Legacy, it currently has not effect on how Coils processes authentication.
LSUseLowercaseLogin	If enabled the login value will be changed to lower-case before matched to the account database. Several authentication backends, including LDAP, process account names as case-insensitive strings while others are case-sensitive. Set this directive according to the authentication backend in use.

All these options are YES / NO.

coils-server-config --directive=LSUseLowercaseLogin --value=YES
coils-server-config --directive=LSUseLowercaseLogin --value=YES

If you are attempting to use the Microsoft Windows Filesystem Redirector to access or mount OpenGroupware Coils via WeDAV and are failing with a "System Error 5 has occurred" enabling the StripAuthenticationDomain is a probable solution.

Trusted Hosts

The PYTrustedHosts configuration directive is a list of hostnames from which connections should be trusted. When a connection is trusted the credentials are not verified, the connection will be authenticated as the declared user/context.

coils-server-config --directive=PYTrustedHosts --value='["host1.example.com","host2.example.net"]'

Be cautions when adding host names to PYTrustedHosts. DNS is not necessarily a secure server and, especially if proxy servers are involved, the true origin of a connection can be obscured.

LDAP Authentication

LDAP Authentication is enabled for BASIC authentication if the LSAuthLDAPServer directive is defined.

Option	Description
LSAuthLDAPServer
LSAuthLDAPSearchFilter
LSAuthLDAPServerRoot
LDAPInitialBindDN
LDAPInitialBindPW
LDAPLoginAttributeName