|
Packit |
6bd9ab |
# This is the configuration file for the LDAP nameservice
|
|
Packit |
6bd9ab |
# switch library's nslcd daemon. It configures the mapping
|
|
Packit |
6bd9ab |
# between NSS names (see /etc/nsswitch.conf) and LDAP
|
|
Packit |
6bd9ab |
# information in the directory.
|
|
Packit |
6bd9ab |
# See the manual page nslcd.conf(5) for more information.
|
|
Packit |
6bd9ab |
|
|
Packit |
6bd9ab |
# The user and group nslcd should run as.
|
|
Packit |
6bd9ab |
uid nslcd
|
|
Packit |
6bd9ab |
gid nslcd
|
|
Packit |
6bd9ab |
|
|
Packit |
6bd9ab |
# The uri pointing to the LDAP server to use for name lookups.
|
|
Packit |
6bd9ab |
# Multiple entries may be specified. The address that is used
|
|
Packit |
6bd9ab |
# here should be resolvable without using LDAP (obviously).
|
|
Packit |
6bd9ab |
#uri ldap://127.0.0.1/
|
|
Packit |
6bd9ab |
#uri ldaps://127.0.0.1/
|
|
Packit |
6bd9ab |
#uri ldapi://%2fvar%2frun%2fldapi_sock/
|
|
Packit |
6bd9ab |
# Note: %2f encodes the '/' used as directory separator
|
|
Packit |
6bd9ab |
uri ldap://127.0.0.1/
|
|
Packit |
6bd9ab |
|
|
Packit |
6bd9ab |
# The LDAP version to use (defaults to 3
|
|
Packit |
6bd9ab |
# if supported by client library)
|
|
Packit |
6bd9ab |
#ldap_version 3
|
|
Packit |
6bd9ab |
|
|
Packit |
6bd9ab |
# The distinguished name of the search base.
|
|
Packit |
6bd9ab |
base dc=example,dc=com
|
|
Packit |
6bd9ab |
|
|
Packit |
6bd9ab |
# The distinguished name to bind to the server with.
|
|
Packit |
6bd9ab |
# Optional: default is to bind anonymously.
|
|
Packit |
6bd9ab |
#binddn cn=proxyuser,dc=example,dc=com
|
|
Packit |
6bd9ab |
|
|
Packit |
6bd9ab |
# The credentials to bind with.
|
|
Packit |
6bd9ab |
# Optional: default is no credentials.
|
|
Packit |
6bd9ab |
# Note that if you set a bindpw you should check the permissions of this file.
|
|
Packit |
6bd9ab |
#bindpw secret
|
|
Packit |
6bd9ab |
|
|
Packit |
6bd9ab |
# The distinguished name to perform password modifications by root by.
|
|
Packit |
6bd9ab |
#rootpwmoddn cn=admin,dc=example,dc=com
|
|
Packit |
6bd9ab |
|
|
Packit |
6bd9ab |
# The default search scope.
|
|
Packit |
6bd9ab |
#scope sub
|
|
Packit |
6bd9ab |
#scope one
|
|
Packit |
6bd9ab |
#scope base
|
|
Packit |
6bd9ab |
|
|
Packit |
6bd9ab |
# Customize certain database lookups.
|
|
Packit |
6bd9ab |
#base group ou=Groups,dc=example,dc=com
|
|
Packit |
6bd9ab |
#base passwd ou=People,dc=example,dc=com
|
|
Packit |
6bd9ab |
#base shadow ou=People,dc=example,dc=com
|
|
Packit |
6bd9ab |
#scope group onelevel
|
|
Packit |
6bd9ab |
#scope hosts sub
|
|
Packit |
6bd9ab |
|
|
Packit |
6bd9ab |
# Bind/connect timelimit.
|
|
Packit |
6bd9ab |
#bind_timelimit 30
|
|
Packit |
6bd9ab |
|
|
Packit |
6bd9ab |
# Search timelimit.
|
|
Packit |
6bd9ab |
#timelimit 30
|
|
Packit |
6bd9ab |
|
|
Packit |
6bd9ab |
# Idle timelimit. nslcd will close connections if the
|
|
Packit |
6bd9ab |
# server has not been contacted for the number of seconds.
|
|
Packit |
6bd9ab |
#idle_timelimit 3600
|
|
Packit |
6bd9ab |
|
|
Packit |
6bd9ab |
# Use StartTLS without verifying the server certificate.
|
|
Packit |
6bd9ab |
#ssl start_tls
|
|
Packit |
6bd9ab |
#tls_reqcert never
|
|
Packit |
6bd9ab |
|
|
Packit |
6bd9ab |
# CA certificates for server certificate verification
|
|
Packit |
6bd9ab |
#tls_cacertdir /etc/ssl/certs
|
|
Packit |
6bd9ab |
#tls_cacertfile /etc/ssl/ca.cert
|
|
Packit |
6bd9ab |
|
|
Packit |
6bd9ab |
# Seed the PRNG if /dev/urandom is not provided
|
|
Packit |
6bd9ab |
#tls_randfile /var/run/egd-pool
|
|
Packit |
6bd9ab |
|
|
Packit |
6bd9ab |
# SSL cipher suite
|
|
Packit |
6bd9ab |
# See man ciphers for syntax
|
|
Packit |
6bd9ab |
#tls_ciphers TLSv1
|
|
Packit |
6bd9ab |
|
|
Packit |
6bd9ab |
# Client certificate and key
|
|
Packit |
6bd9ab |
# Use these, if your server requires client authentication.
|
|
Packit |
6bd9ab |
#tls_cert
|
|
Packit |
6bd9ab |
#tls_key
|
|
Packit |
6bd9ab |
|
|
Packit |
6bd9ab |
# Mappings for Services for UNIX 3.5
|
|
Packit |
6bd9ab |
#filter passwd (objectClass=User)
|
|
Packit |
6bd9ab |
#map passwd uid msSFU30Name
|
|
Packit |
6bd9ab |
#map passwd userPassword msSFU30Password
|
|
Packit |
6bd9ab |
#map passwd homeDirectory msSFU30HomeDirectory
|
|
Packit |
6bd9ab |
#map passwd homeDirectory msSFUHomeDirectory
|
|
Packit |
6bd9ab |
#filter shadow (objectClass=User)
|
|
Packit |
6bd9ab |
#map shadow uid msSFU30Name
|
|
Packit |
6bd9ab |
#map shadow userPassword msSFU30Password
|
|
Packit |
6bd9ab |
#filter group (objectClass=Group)
|
|
Packit |
6bd9ab |
#map group member msSFU30PosixMember
|
|
Packit |
6bd9ab |
|
|
Packit |
6bd9ab |
# Mappings for Services for UNIX 2.0
|
|
Packit |
6bd9ab |
#filter passwd (objectClass=User)
|
|
Packit |
6bd9ab |
#map passwd uid msSFUName
|
|
Packit |
6bd9ab |
#map passwd userPassword msSFUPassword
|
|
Packit |
6bd9ab |
#map passwd homeDirectory msSFUHomeDirectory
|
|
Packit |
6bd9ab |
#map passwd gecos msSFUName
|
|
Packit |
6bd9ab |
#filter shadow (objectClass=User)
|
|
Packit |
6bd9ab |
#map shadow uid msSFUName
|
|
Packit |
6bd9ab |
#map shadow userPassword msSFUPassword
|
|
Packit |
6bd9ab |
#map shadow shadowLastChange pwdLastSet
|
|
Packit |
6bd9ab |
#filter group (objectClass=Group)
|
|
Packit |
6bd9ab |
#map group member posixMember
|
|
Packit |
6bd9ab |
|
|
Packit |
6bd9ab |
# Mappings for Active Directory
|
|
Packit |
6bd9ab |
#pagesize 1000
|
|
Packit |
6bd9ab |
#referrals off
|
|
Packit |
6bd9ab |
#idle_timelimit 800
|
|
Packit |
6bd9ab |
#filter passwd (&(objectClass=user)(!(objectClass=computer))(uidNumber=*)(unixHomeDirectory=*))
|
|
Packit |
6bd9ab |
#map passwd uid sAMAccountName
|
|
Packit |
6bd9ab |
#map passwd homeDirectory unixHomeDirectory
|
|
Packit |
6bd9ab |
#map passwd gecos displayName
|
|
Packit |
6bd9ab |
#filter shadow (&(objectClass=user)(!(objectClass=computer))(uidNumber=*)(unixHomeDirectory=*))
|
|
Packit |
6bd9ab |
#map shadow uid sAMAccountName
|
|
Packit |
6bd9ab |
#map shadow shadowLastChange pwdLastSet
|
|
Packit |
6bd9ab |
#filter group (objectClass=group)
|
|
Packit |
6bd9ab |
|
|
Packit |
6bd9ab |
# Alternative mappings for Active Directory
|
|
Packit |
6bd9ab |
# (replace the SIDs in the objectSid mappings with the value for your domain)
|
|
Packit |
6bd9ab |
#pagesize 1000
|
|
Packit |
6bd9ab |
#referrals off
|
|
Packit |
6bd9ab |
#idle_timelimit 800
|
|
Packit |
6bd9ab |
#filter passwd (&(objectClass=user)(objectClass=person)(!(objectClass=computer)))
|
|
Packit |
6bd9ab |
#map passwd uid cn
|
|
Packit |
6bd9ab |
#map passwd uidNumber objectSid:S-1-5-21-3623811015-3361044348-30300820
|
|
Packit |
6bd9ab |
#map passwd gidNumber objectSid:S-1-5-21-3623811015-3361044348-30300820
|
|
Packit |
6bd9ab |
#map passwd homeDirectory "/home/$cn"
|
|
Packit |
6bd9ab |
#map passwd gecos displayName
|
|
Packit |
6bd9ab |
#map passwd loginShell "/bin/bash"
|
|
Packit |
6bd9ab |
#filter group (|(objectClass=group)(objectClass=person))
|
|
Packit |
6bd9ab |
#map group gidNumber objectSid:S-1-5-21-3623811015-3361044348-30300820
|
|
Packit |
6bd9ab |
|
|
Packit |
6bd9ab |
# Mappings for AIX SecureWay
|
|
Packit |
6bd9ab |
#filter passwd (objectClass=aixAccount)
|
|
Packit |
6bd9ab |
#map passwd uid userName
|
|
Packit |
6bd9ab |
#map passwd userPassword passwordChar
|
|
Packit |
6bd9ab |
#map passwd uidNumber uid
|
|
Packit |
6bd9ab |
#map passwd gidNumber gid
|
|
Packit |
6bd9ab |
#filter group (objectClass=aixAccessGroup)
|
|
Packit |
6bd9ab |
#map group cn groupName
|
|
Packit |
6bd9ab |
#map group gidNumber gid
|