147 lines
4.8 KiB
Plaintext
147 lines
4.8 KiB
Plaintext
# This is the configuration file for the LDAP nameservice
|
|
# switch library's nslcd daemon. It configures the mapping
|
|
# between NSS names (see /etc/nsswitch.conf) and LDAP
|
|
# information in the directory.
|
|
# See the manual page nslcd.conf(5) for more information.
|
|
#
|
|
# The user and group nslcd should run as.
|
|
#
|
|
uid nslcd
|
|
gid ldap
|
|
|
|
# The uri pointing to the LDAP server to use for name lookups.
|
|
# Multiple entries may be specified. The address that is used
|
|
# here should be resolvable without using LDAP (obviously).
|
|
# uri ldap://127.0.0.1/
|
|
# uri ldaps://127.0.0.1/
|
|
# uri ldapi://%2fvar%2frun%2fldapi_sock/
|
|
# Note: %2f encodes the '/' used as directory separator
|
|
# uri ldap://127.0.0.1/
|
|
#
|
|
uri ldap://<%= @ldapserver_host %>
|
|
|
|
# The distinguished name of the search base.
|
|
base dc=cgcs,dc=local
|
|
|
|
# The distinguished name to bind to the server with.
|
|
# Optional: default is to bind anonymously.
|
|
# binddn cn=ldapadmin,dc=cgcs,dc=local
|
|
# The credentials to bind with.
|
|
# Optional: default is no credentials.
|
|
# Note that if you set a bindpw you should check the permissions of this file.
|
|
# bindpw secretpw
|
|
<%- if @bind_anonymous != true -%>
|
|
binddn cn=ldapadmin,dc=cgcs,dc=local
|
|
bindpw <%= @admin_pw %>
|
|
<%- end -%>
|
|
|
|
# The distinguished name to perform password modifications by root by.
|
|
rootpwmoddn cn=ldapadmin,dc=cgcs,dc=local
|
|
|
|
# The default search scope.
|
|
#scope sub
|
|
#scope one
|
|
#scope base
|
|
|
|
# Customize certain database lookups.
|
|
#base group ou=Groups,dc=example,dc=com
|
|
#base passwd ou=People,dc=example,dc=com
|
|
#base shadow ou=People,dc=example,dc=com
|
|
#scope group onelevel
|
|
#scope hosts sub
|
|
|
|
# Bind/connect timelimit.
|
|
#bind_timelimit 30
|
|
|
|
# Search timelimit.
|
|
#timelimit 30
|
|
|
|
# Idle timelimit. nslcd will close connections if the
|
|
# server has not been contacted for the number of seconds.
|
|
#idle_timelimit 3600
|
|
|
|
# Use StartTLS without verifying the server certificate.
|
|
#ssl start_tls
|
|
#tls_reqcert never
|
|
|
|
# CA certificates for server certificate verification
|
|
#tls_cacertdir /etc/ssl/certs
|
|
#tls_cacertfile /etc/ssl/ca.cert
|
|
|
|
# Seed the PRNG if /dev/urandom is not provided
|
|
#tls_randfile /var/run/egd-pool
|
|
|
|
# SSL cipher suite
|
|
# See man ciphers for syntax
|
|
#tls_ciphers TLSv1
|
|
|
|
# Client certificate and key
|
|
# Use these, if your server requires client authentication.
|
|
#tls_cert
|
|
#tls_key
|
|
|
|
# Mappings for Services for UNIX 3.5
|
|
#filter passwd (objectClass=User)
|
|
#map passwd uid msSFU30Name
|
|
#map passwd userPassword msSFU30Password
|
|
#map passwd homeDirectory msSFU30HomeDirectory
|
|
#map passwd homeDirectory msSFUHomeDirectory
|
|
#filter shadow (objectClass=User)
|
|
#map shadow uid msSFU30Name
|
|
#map shadow userPassword msSFU30Password
|
|
#filter group (objectClass=Group)
|
|
#map group member msSFU30PosixMember
|
|
|
|
# Mappings for Services for UNIX 2.0
|
|
#filter passwd (objectClass=User)
|
|
#map passwd uid msSFUName
|
|
#map passwd userPassword msSFUPassword
|
|
#map passwd homeDirectory msSFUHomeDirectory
|
|
#map passwd gecos msSFUName
|
|
#filter shadow (objectClass=User)
|
|
#map shadow uid msSFUName
|
|
#map shadow userPassword msSFUPassword
|
|
#map shadow shadowLastChange pwdLastSet
|
|
#filter group (objectClass=Group)
|
|
#map group member posixMember
|
|
|
|
# Mappings for Active Directory
|
|
#pagesize 1000
|
|
#referrals off
|
|
#idle_timelimit 800
|
|
#filter passwd (&(objectClass=user)(!(objectClass=computer))(uidNumber=*)(unixHomeDirectory=*))
|
|
#map passwd uid sAMAccountName
|
|
#map passwd homeDirectory unixHomeDirectory
|
|
#map passwd gecos displayName
|
|
#filter shadow (&(objectClass=user)(!(objectClass=computer))(uidNumber=*)(unixHomeDirectory=*))
|
|
#map shadow uid sAMAccountName
|
|
#map shadow shadowLastChange pwdLastSet
|
|
#filter group (objectClass=group)
|
|
|
|
# Alternative mappings for Active Directory
|
|
# (replace the SIDs in the objectSid mappings with the value for your domain)
|
|
#pagesize 1000
|
|
#referrals off
|
|
#idle_timelimit 800
|
|
#filter passwd (&(objectClass=user)(objectClass=person)(!(objectClass=computer)))
|
|
#map passwd uid cn
|
|
#map passwd uidNumber objectSid:S-1-5-21-3623811015-3361044348-30300820
|
|
#map passwd gidNumber objectSid:S-1-5-21-3623811015-3361044348-30300820
|
|
#map passwd homeDirectory "/home/$cn"
|
|
#map passwd gecos displayName
|
|
#map passwd loginShell "/bin/bash"
|
|
#filter group (|(objectClass=group)(objectClass=person))
|
|
#map group gidNumber objectSid:S-1-5-21-3623811015-3361044348-30300820
|
|
|
|
# Mappings for AIX SecureWay
|
|
#filter passwd (objectClass=aixAccount)
|
|
#map passwd uid userName
|
|
#map passwd userPassword passwordChar
|
|
#map passwd uidNumber uid
|
|
#map passwd gidNumber gid
|
|
#filter group (objectClass=aixAccessGroup)
|
|
#map group cn groupName
|
|
#map group gidNumber gid
|
|
# This comment prevents repeated auto-migration of settings.
|
|
|