~ubuntu-branches/ubuntu/trusty/nss-pam-ldapd/trusty-proposed : contents of nslcd.conf at revision 18

~ubuntu-branches/ubuntu/trusty/nss-pam-ldapd/trusty-proposed : (revision 18)

# This is the configuration file for the LDAP nameservice
# switch library's nslcd daemon. It configures the mapping
# between NSS names (see /etc/nsswitch.conf) and LDAP
# information in the directory.
# See the manual page nslcd.conf(5) for more information.

# The user and group nslcd should run as.
uid nslcd
gid nslcd

# The uri pointing to the LDAP server to use for name lookups.
# Multiple entries may be specified. The address that is used
# here should be resolvable without using LDAP (obviously).
#uri ldap://127.0.0.1/
#uri ldaps://127.0.0.1/
#uri ldapi://%2fvar%2frun%2fldapi_sock/
# Note: %2f encodes the '/' used as directory separator
uri ldap://127.0.0.1/

# The LDAP version to use (defaults to 3
# if supported by client library)
#ldap_version 3

# The distinguished name of the search base.
base dc=example,dc=com

# The distinguished name to bind to the server with.
# Optional: default is to bind anonymously.
#binddn cn=proxyuser,dc=example,dc=com

# The credentials to bind with.
# Optional: default is no credentials.
# Note that if you set a bindpw you should check the permissions of this file.
#bindpw secret

# The distinguished name to perform password modifications by root by.
#rootpwmoddn cn=admin,dc=example,dc=com

# The default search scope.
#scope sub
#scope one
#scope base

# Customize certain database lookups.
#base   group  ou=Groups,dc=example,dc=com
#base   passwd ou=People,dc=example,dc=com
#base   shadow ou=People,dc=example,dc=com
#scope  group  onelevel
#scope  hosts  sub

# Bind/connect timelimit.
#bind_timelimit 30

# Search timelimit.
#timelimit 30

# Idle timelimit. nslcd will close connections if the
# server has not been contacted for the number of seconds.
#idle_timelimit 3600

# Use StartTLS without verifying the server certificate.
#ssl start_tls
#tls_reqcert never

# CA certificates for server certificate verification
#tls_cacertdir /etc/ssl/certs
#tls_cacertfile /etc/ssl/ca.cert

# Seed the PRNG if /dev/urandom is not provided
#tls_randfile /var/run/egd-pool

# SSL cipher suite
# See man ciphers for syntax
#tls_ciphers TLSv1

# Client certificate and key
# Use these, if your server requires client authentication.
#tls_cert
#tls_key

# Mappings for Services for UNIX 3.5
#filter passwd (objectClass=User)
#map    passwd uid              msSFU30Name
#map    passwd userPassword     msSFU30Password
#map    passwd homeDirectory    msSFU30HomeDirectory
#map    passwd homeDirectory    msSFUHomeDirectory
#filter shadow (objectClass=User)
#map    shadow uid              msSFU30Name
#map    shadow userPassword     msSFU30Password
#filter group  (objectClass=Group)
#map    group  member           msSFU30PosixMember

# Mappings for Services for UNIX 2.0
#filter passwd (objectClass=User)
#map    passwd uid              msSFUName
#map    passwd userPassword     msSFUPassword
#map    passwd homeDirectory    msSFUHomeDirectory
#map    passwd gecos            msSFUName
#filter shadow (objectClass=User)
#map    shadow uid              msSFUName
#map    shadow userPassword     msSFUPassword
#map    shadow shadowLastChange pwdLastSet
#filter group  (objectClass=Group)
#map    group  member           posixMember

# Mappings for Active Directory
#pagesize 1000
#referrals off
#idle_timelimit 800
#filter passwd (&(objectClass=user)(!(objectClass=computer))(uidNumber=*)(unixHomeDirectory=*))
#map    passwd uid              sAMAccountName
#map    passwd homeDirectory    unixHomeDirectory
#map    passwd gecos            displayName
#filter shadow (&(objectClass=user)(!(objectClass=computer))(uidNumber=*)(unixHomeDirectory=*))
#map    shadow uid              sAMAccountName
#map    shadow shadowLastChange pwdLastSet
#filter group  (objectClass=group)

# Alternative mappings for Active Directory
# (replace the SIDs in the objectSid mappings with the value for your domain)
#pagesize 1000
#referrals off
#idle_timelimit 800
#filter passwd (&(objectClass=user)(objectClass=person)(!(objectClass=computer)))
#map    passwd uid           cn
#map    passwd uidNumber     objectSid:S-1-5-21-3623811015-3361044348-30300820
#map    passwd gidNumber     objectSid:S-1-5-21-3623811015-3361044348-30300820
#map    passwd homeDirectory "/home/$cn"
#map    passwd gecos         displayName
#map    passwd loginShell    "/bin/bash"
#filter group (|(objectClass=group)(objectClass=person))
#map    group gidNumber      objectSid:S-1-5-21-3623811015-3361044348-30300820

# Mappings for AIX SecureWay
#filter passwd (objectClass=aixAccount)
#map    passwd uid              userName
#map    passwd userPassword     passwordChar
#map    passwd uidNumber        uid
#map    passwd gidNumber        gid
#filter group  (objectClass=aixAccessGroup)
#map    group  cn               groupName
#map    group  gidNumber        gid

1 by Arthur de Jong * rename software to nss-pam-ldapd to indicate that PAM module is now a	1	# This is the configuration file for the LDAP nameservice
	2	# switch library's nslcd daemon. It configures the mapping
	3	# between NSS names (see /etc/nsswitch.conf) and LDAP
	4	# information in the directory.
	5	# See the manual page nslcd.conf(5) for more information.
	6
7 by Arthur de Jong * include libpam-heimdal in libnss-ldapd recommends list of PAM	7	# The user and group nslcd should run as.
	8	uid nslcd
	9	gid nslcd
	10
1 by Arthur de Jong * rename software to nss-pam-ldapd to indicate that PAM module is now a	11	# The uri pointing to the LDAP server to use for name lookups.
	12	# Multiple entries may be specified. The address that is used
	13	# here should be resolvable without using LDAP (obviously).
	14	#uri ldap://127.0.0.1/
	15	#uri ldaps://127.0.0.1/
	16	#uri ldapi://%2fvar%2frun%2fldapi_sock/
	17	# Note: %2f encodes the '/' used as directory separator
	18	uri ldap://127.0.0.1/
	19
	20	# The LDAP version to use (defaults to 3
	21	# if supported by client library)
	22	#ldap_version 3
	23
	24	# The distinguished name of the search base.
	25	base dc=example,dc=com
	26
	27	# The distinguished name to bind to the server with.
	28	# Optional: default is to bind anonymously.
	29	#binddn cn=proxyuser,dc=example,dc=com
	30
	31	# The credentials to bind with.
	32	# Optional: default is no credentials.
	33	# Note that if you set a bindpw you should check the permissions of this file.
	34	#bindpw secret
	35
4 by Arthur de Jong * allow password modification by root using the rootpwmoddn configuration	36	# The distinguished name to perform password modifications by root by.
	37	#rootpwmoddn cn=admin,dc=example,dc=com
	38
1 by Arthur de Jong * rename software to nss-pam-ldapd to indicate that PAM module is now a	39	# The default search scope.
	40	#scope sub
	41	#scope one
	42	#scope base
	43
	44	# Customize certain database lookups.
	45	#base group ou=Groups,dc=example,dc=com
	46	#base passwd ou=People,dc=example,dc=com
	47	#base shadow ou=People,dc=example,dc=com
	48	#scope group onelevel
	49	#scope hosts sub
	50
	51	# Bind/connect timelimit.
	52	#bind_timelimit 30
	53
	54	# Search timelimit.
	55	#timelimit 30
	56
	57	# Idle timelimit. nslcd will close connections if the
	58	# server has not been contacted for the number of seconds.
	59	#idle_timelimit 3600
	60
	61	# Use StartTLS without verifying the server certificate.
	62	#ssl start_tls
	63	#tls_reqcert never
	64
	65	# CA certificates for server certificate verification
	66	#tls_cacertdir /etc/ssl/certs
	67	#tls_cacertfile /etc/ssl/ca.cert
	68
	69	# Seed the PRNG if /dev/urandom is not provided
	70	#tls_randfile /var/run/egd-pool
	71
	72	# SSL cipher suite
	73	# See man ciphers for syntax
	74	#tls_ciphers TLSv1
	75
	76	# Client certificate and key
	77	# Use these, if your server requires client authentication.
	78	#tls_cert
	79	#tls_key
	80
	81	# Mappings for Services for UNIX 3.5
	82	#filter passwd (objectClass=User)
	83	#map passwd uid msSFU30Name
	84	#map passwd userPassword msSFU30Password
	85	#map passwd homeDirectory msSFU30HomeDirectory
	86	#map passwd homeDirectory msSFUHomeDirectory
	87	#filter shadow (objectClass=User)
	88	#map shadow uid msSFU30Name
	89	#map shadow userPassword msSFU30Password
	90	#filter group (objectClass=Group)
15 by Arthur de Jong * Upload to unstable	91	#map group member msSFU30PosixMember
1 by Arthur de Jong * rename software to nss-pam-ldapd to indicate that PAM module is now a	92
	93	# Mappings for Services for UNIX 2.0
	94	#filter passwd (objectClass=User)
	95	#map passwd uid msSFUName
	96	#map passwd userPassword msSFUPassword
	97	#map passwd homeDirectory msSFUHomeDirectory
3 by Arthur de Jong * some attributes may be mapped to a shell-like expression that expand	98	#map passwd gecos msSFUName
1 by Arthur de Jong * rename software to nss-pam-ldapd to indicate that PAM module is now a	99	#filter shadow (objectClass=User)
	100	#map shadow uid msSFUName
	101	#map shadow userPassword msSFUPassword
	102	#map shadow shadowLastChange pwdLastSet
	103	#filter group (objectClass=Group)
15 by Arthur de Jong * Upload to unstable	104	#map group member posixMember
1 by Arthur de Jong * rename software to nss-pam-ldapd to indicate that PAM module is now a	105
	106	# Mappings for Active Directory
	107	#pagesize 1000
	108	#referrals off
14.1.3 by Arthur de Jong * fix problem with endless loop on incorrect password	109	#idle_timelimit 800
1 by Arthur de Jong * rename software to nss-pam-ldapd to indicate that PAM module is now a	110	#filter passwd (&(objectClass=user)(!(objectClass=computer))(uidNumber=)(unixHomeDirectory=))
	111	#map passwd uid sAMAccountName
	112	#map passwd homeDirectory unixHomeDirectory
	113	#map passwd gecos displayName
	114	#filter shadow (&(objectClass=user)(!(objectClass=computer))(uidNumber=)(unixHomeDirectory=))
	115	#map shadow uid sAMAccountName
	116	#map shadow shadowLastChange pwdLastSet
	117	#filter group (objectClass=group)
	118
14.1.4 by Arthur de Jong * support using the objectSid attribute to provide numeric user and group	119	# Alternative mappings for Active Directory
	120	# (replace the SIDs in the objectSid mappings with the value for your domain)
	121	#pagesize 1000
	122	#referrals off
	123	#idle_timelimit 800
	124	#filter passwd (&(objectClass=user)(objectClass=person)(!(objectClass=computer)))
	125	#map passwd uid cn
	126	#map passwd uidNumber objectSid:S-1-5-21-3623811015-3361044348-30300820
	127	#map passwd gidNumber objectSid:S-1-5-21-3623811015-3361044348-30300820
	128	#map passwd homeDirectory "/home/$cn"
	129	#map passwd gecos displayName
	130	#map passwd loginShell "/bin/bash"
	131	#filter group (\|(objectClass=group)(objectClass=person))
	132	#map group gidNumber objectSid:S-1-5-21-3623811015-3361044348-30300820
	133
1 by Arthur de Jong * rename software to nss-pam-ldapd to indicate that PAM module is now a	134	# Mappings for AIX SecureWay
	135	#filter passwd (objectClass=aixAccount)
	136	#map passwd uid userName
	137	#map passwd userPassword passwordChar
	138	#map passwd uidNumber uid
	139	#map passwd gidNumber gid
	140	#filter group (objectClass=aixAccessGroup)
	141	#map group cn groupName
	142	#map group gidNumber gid