"Fossies" - the Fresh Open Source Software Archive

Member "nss_ldap-265/ldap.conf" (6 Nov 2009, 9472 Bytes) of package /linux/privat/old/nss_ldap-265.tar.gz:

    1 # @(#)$Id: ldap.conf,v 2.49 2009/04/25 01:53:15 lukeh Exp $
    2 #
    3 # This is the configuration file for the LDAP nameservice
    4 # switch library and the LDAP PAM module.
    5 #
    6 # PADL Software
    7 # http://www.padl.com
    8 #
    9 
   10 # Your LDAP server. Must be resolvable without using LDAP.
   11 # Multiple hosts may be specified, each separated by a 
   12 # space. How long nss_ldap takes to failover depends on
   13 # whether your LDAP client library supports configurable
   14 # network or connect timeouts (see bind_timelimit).
   15 host 127.0.0.1
   16 
   17 # The distinguished name of the search base.
   18 base dc=padl,dc=com
   19 
   20 # Another way to specify your LDAP server is to provide an
   21 # uri with the server name. This allows to use
   22 # Unix Domain Sockets to connect to a local LDAP Server.
   23 #uri ldap://127.0.0.1/
   24 #uri ldaps://127.0.0.1/   
   25 #uri ldapi://%2fvar%2frun%2fldapi_sock/
   26 # Note: %2f encodes the '/' used as directory separator
   27 
   28 # The LDAP version to use (defaults to 3
   29 # if supported by client library)
   30 #ldap_version 3
   31 
   32 # The distinguished name to bind to the server with.
   33 # Optional: default is to bind anonymously.
   34 #binddn cn=proxyuser,dc=padl,dc=com
   35 
   36 # The credentials to bind with. 
   37 # Optional: default is no credential.
   38 #bindpw secret
   39 
   40 # The distinguished name to bind to the server with
   41 # if the effective user ID is root. Password is
   42 # stored in /etc/ldap.secret (mode 600)
   43 #rootbinddn cn=manager,dc=padl,dc=com
   44 
   45 # The port.
   46 # Optional: default is 389.
   47 #port 389
   48 
   49 # The search scope.
   50 #scope sub
   51 #scope one
   52 #scope base
   53 
   54 # Search timelimit in seconds (0 for indefinite; default 0)
   55 #timelimit 0
   56 
   57 # Bind/connect timelimit (0 for indefinite; default 30)
   58 #bind_timelimit 30
   59 
   60 # Reconnect policy:
   61 #  hard_open: reconnect to DSA with exponential backoff if
   62 #             opening connection failed
   63 #  hard_init: reconnect to DSA with exponential backoff if
   64 #             initializing connection failed
   65 #  hard:      alias for hard_open
   66 #  soft:      return immediately on server failure
   67 #bind_policy hard
   68 
   69 # Connection policy:
   70 #  persist:   DSA connections are kept open (default)
   71 #  oneshot:   DSA connections destroyed after request
   72 #nss_connect_policy persist
   73 
   74 # Idle timelimit; client will close connections
   75 # (nss_ldap only) if the server has not been contacted
   76 # for the number of seconds specified below.
   77 #idle_timelimit 3600
   78 
   79 # Use paged rseults
   80 #nss_paged_results yes
   81 
   82 # Pagesize: when paged results enable, used to set the
   83 # pagesize to a custom value
   84 #pagesize 1000
   85 
   86 # Filter to AND with uid=%s
   87 #pam_filter objectclass=account
   88 
   89 # The user ID attribute (defaults to uid)
   90 #pam_login_attribute uid
   91 
   92 # Search the root DSE for the password policy (works
   93 # with Netscape Directory Server)
   94 #pam_lookup_policy yes
   95 
   96 # Check the 'host' attribute for access control
   97 # Default is no; if set to yes, and user has no
   98 # value for the host attribute, and pam_ldap is
   99 # configured for account management (authorization)
  100 # then the user will not be allowed to login.
  101 #pam_check_host_attr yes
  102 
  103 # Check the 'authorizedService' attribute for access
  104 # control
  105 # Default is no; if set to yes, and the user has no
  106 # value for the authorizedService attribute, and
  107 # pam_ldap is configured for account management
  108 # (authorization) then the user will not be allowed
  109 # to login.
  110 #pam_check_service_attr yes
  111 
  112 # Group to enforce membership of
  113 #pam_groupdn cn=PAM,ou=Groups,dc=padl,dc=com
  114 
  115 # Group member attribute
  116 #pam_member_attribute uniquemember
  117 
  118 # Specify a minium or maximum UID number allowed
  119 #pam_min_uid 0
  120 #pam_max_uid 0
  121 
  122 # Template login attribute, default template user
  123 # (can be overriden by value of former attribute
  124 # in user's entry)
  125 #pam_login_attribute userPrincipalName
  126 #pam_template_login_attribute uid
  127 #pam_template_login nobody
  128 
  129 # HEADS UP: the pam_crypt, pam_nds_passwd,
  130 # and pam_ad_passwd options are no
  131 # longer supported.
  132 #
  133 # Do not hash the password at all; presume
  134 # the directory server will do it, if
  135 # necessary. This is the default.
  136 #pam_password clear
  137 
  138 # Hash password locally; required for University of
  139 # Michigan LDAP server, and works with Netscape
  140 # Directory Server if you're using the UNIX-Crypt
  141 # hash mechanism and not using the NT Synchronization
  142 # service. 
  143 #pam_password crypt
  144 
  145 # Remove old password first, then update in
  146 # cleartext. Necessary for use with Novell
  147 # Directory Services (NDS)
  148 #pam_password nds
  149 
  150 # RACF is an alias for the above. For use with
  151 # IBM RACF
  152 #pam_password racf
  153 
  154 # Update Active Directory password, by
  155 # creating Unicode password and updating
  156 # unicodePwd attribute.
  157 #pam_password ad
  158 
  159 # Use the OpenLDAP password change
  160 # extended operation to update the password.
  161 #pam_password exop
  162 
  163 # Redirect users to a URL or somesuch on password
  164 # changes.
  165 #pam_password_prohibit_message Please visit http://internal to change your password.
  166 
  167 # Use backlinks for answering initgroups()
  168 #nss_initgroups backlink
  169 
  170 # Enable support for RFC2307bis (distinguished names in group
  171 # members)
  172 #nss_schema rfc2307bis
  173 
  174 # RFC2307bis naming contexts
  175 # Syntax:
  176 # nss_base_XXX      base?scope?filter
  177 # where scope is {base,one,sub}
  178 # and filter is a filter to be &'d with the
  179 # default filter.
  180 # You can omit the suffix eg:
  181 # nss_base_passwd   ou=People,
  182 # to append the default base DN but this
  183 # may incur a small performance impact.
  184 #nss_base_passwd    ou=People,dc=padl,dc=com?one
  185 #nss_base_shadow    ou=People,dc=padl,dc=com?one
  186 #nss_base_group     ou=Group,dc=padl,dc=com?one
  187 #nss_base_hosts     ou=Hosts,dc=padl,dc=com?one
  188 #nss_base_services  ou=Services,dc=padl,dc=com?one
  189 #nss_base_networks  ou=Networks,dc=padl,dc=com?one
  190 #nss_base_protocols ou=Protocols,dc=padl,dc=com?one
  191 #nss_base_rpc       ou=Rpc,dc=padl,dc=com?one
  192 #nss_base_ethers    ou=Ethers,dc=padl,dc=com?one
  193 #nss_base_netmasks  ou=Networks,dc=padl,dc=com?ne
  194 #nss_base_bootparams    ou=Ethers,dc=padl,dc=com?one
  195 #nss_base_aliases   ou=Aliases,dc=padl,dc=com?one
  196 #nss_base_netgroup  ou=Netgroup,dc=padl,dc=com?one
  197 
  198 # attribute/objectclass mapping
  199 # Syntax:
  200 #nss_map_attribute  rfc2307attribute    mapped_attribute
  201 #nss_map_objectclass    rfc2307objectclass  mapped_objectclass
  202 
  203 # configure --enable-nds is no longer supported.
  204 # NDS mappings
  205 #nss_map_attribute uniqueMember member
  206 
  207 # Services for UNIX 3.5 mappings
  208 #nss_map_objectclass posixAccount User
  209 #nss_map_objectclass shadowAccount User
  210 #nss_map_attribute uid msSFU30Name
  211 #nss_map_attribute uniqueMember msSFU30PosixMember
  212 #nss_map_attribute userPassword msSFU30Password
  213 #nss_map_attribute homeDirectory msSFU30HomeDirectory
  214 #nss_map_attribute homeDirectory msSFUHomeDirectory
  215 #nss_map_objectclass posixGroup Group
  216 #pam_login_attribute msSFU30Name
  217 #pam_filter objectclass=User
  218 #pam_password ad
  219 
  220 # configure --enable-mssfu-schema is no longer supported.
  221 # Services for UNIX 2.0 mappings
  222 #nss_map_objectclass posixAccount User
  223 #nss_map_objectclass shadowAccount user
  224 #nss_map_attribute uid msSFUName
  225 #nss_map_attribute uniqueMember posixMember
  226 #nss_map_attribute userPassword msSFUPassword
  227 #nss_map_attribute homeDirectory msSFUHomeDirectory
  228 #nss_map_attribute shadowLastChange pwdLastSet
  229 #nss_map_objectclass posixGroup Group
  230 #nss_map_attribute cn msSFUName
  231 #pam_login_attribute msSFUName
  232 #pam_filter objectclass=User
  233 #pam_password ad
  234 
  235 # RFC 2307 (AD) mappings
  236 #nss_map_objectclass posixAccount user
  237 #nss_map_objectclass shadowAccount user
  238 #nss_map_attribute uid sAMAccountName
  239 #nss_map_attribute homeDirectory unixHomeDirectory
  240 #nss_map_attribute shadowLastChange pwdLastSet
  241 #nss_map_objectclass posixGroup group
  242 #nss_map_attribute uniqueMember member
  243 #pam_login_attribute sAMAccountName
  244 #pam_filter objectclass=User
  245 #pam_password ad
  246 
  247 # configure --enable-authpassword is no longer supported
  248 # AuthPassword mappings
  249 #nss_map_attribute userPassword authPassword
  250 
  251 # AIX SecureWay mappings
  252 #nss_map_objectclass posixAccount aixAccount
  253 #nss_base_passwd ou=aixaccount,?one
  254 #nss_map_attribute uid userName
  255 #nss_map_attribute gidNumber gid
  256 #nss_map_attribute uidNumber uid
  257 #nss_map_attribute userPassword passwordChar
  258 #nss_map_objectclass posixGroup aixAccessGroup
  259 #nss_base_group ou=aixgroup,?one
  260 #nss_map_attribute cn groupName
  261 #nss_map_attribute uniqueMember member
  262 #pam_login_attribute userName
  263 #pam_filter objectclass=aixAccount
  264 #pam_password clear
  265 
  266 # For pre-RFC2307bis automount schema
  267 #nss_map_objectclass automountMap nisMap
  268 #nss_map_attribute automountMapName nisMapName
  269 #nss_map_objectclass automount nisObject
  270 #nss_map_attribute automountKey cn
  271 #nss_map_attribute automountInformation nisMapEntry
  272 
  273 # Netscape SDK LDAPS
  274 #ssl on
  275 
  276 # Netscape SDK SSL options
  277 #sslpath /etc/ssl/certs
  278 
  279 # OpenLDAP SSL mechanism
  280 # start_tls mechanism uses the normal LDAP port, LDAPS typically 636
  281 #ssl start_tls
  282 #ssl on
  283 
  284 # OpenLDAP SSL options
  285 # Require and verify server certificate (yes/no)
  286 # Default is to use libldap's default behavior, which can be configured in
  287 # /etc/openldap/ldap.conf using the TLS_REQCERT setting.  The default for
  288 # OpenLDAP 2.0 and earlier is "no", for 2.1 and later is "yes".
  289 #tls_checkpeer yes
  290 
  291 # CA certificates for server certificate verification
  292 # At least one of these are required if tls_checkpeer is "yes"
  293 #tls_cacertfile /etc/ssl/ca.cert
  294 #tls_cacertdir /etc/ssl/certs
  295 
  296 # Seed the PRNG if /dev/urandom is not provided
  297 #tls_randfile /var/run/egd-pool
  298 
  299 # SSL cipher suite
  300 # See man ciphers for syntax
  301 #tls_ciphers TLSv1
  302 
  303 # Client certificate and key
  304 # Use these, if your server requires client authentication.
  305 #tls_cert
  306 #tls_key
  307 
  308 # Disable SASL security layers. This is needed for AD.
  309 #sasl_secprops maxssf=0
  310 
  311 # Override the default Kerberos ticket cache location.
  312 #krb5_ccname FILE:/etc/.ldapcache
  313