1
by Arthur de Jong
* rename software to nss-pam-ldapd to indicate that PAM module is now a |
1 |
# This is the configuration file for the LDAP nameservice
|
2 |
# switch library's nslcd daemon. It configures the mapping
|
|
3 |
# between NSS names (see /etc/nsswitch.conf) and LDAP
|
|
4 |
# information in the directory.
|
|
5 |
# See the manual page nslcd.conf(5) for more information.
|
|
6 |
||
7
by Arthur de Jong
* include libpam-heimdal in libnss-ldapd recommends list of PAM |
7 |
# The user and group nslcd should run as.
|
8 |
uid nslcd |
|
9 |
gid nslcd |
|
10 |
||
1
by Arthur de Jong
* rename software to nss-pam-ldapd to indicate that PAM module is now a |
11 |
# The uri pointing to the LDAP server to use for name lookups.
|
12 |
# Multiple entries may be specified. The address that is used
|
|
13 |
# here should be resolvable without using LDAP (obviously).
|
|
14 |
#uri ldap://127.0.0.1/
|
|
15 |
#uri ldaps://127.0.0.1/
|
|
16 |
#uri ldapi://%2fvar%2frun%2fldapi_sock/
|
|
17 |
# Note: %2f encodes the '/' used as directory separator
|
|
18 |
uri ldap://127.0.0.1/ |
|
19 |
||
20 |
# The LDAP version to use (defaults to 3
|
|
21 |
# if supported by client library)
|
|
22 |
#ldap_version 3
|
|
23 |
||
24 |
# The distinguished name of the search base.
|
|
25 |
base dc=example,dc=com |
|
26 |
||
27 |
# The distinguished name to bind to the server with.
|
|
28 |
# Optional: default is to bind anonymously.
|
|
29 |
#binddn cn=proxyuser,dc=example,dc=com
|
|
30 |
||
31 |
# The credentials to bind with.
|
|
32 |
# Optional: default is no credentials.
|
|
33 |
# Note that if you set a bindpw you should check the permissions of this file.
|
|
34 |
#bindpw secret
|
|
35 |
||
4
by Arthur de Jong
* allow password modification by root using the rootpwmoddn configuration |
36 |
# The distinguished name to perform password modifications by root by.
|
37 |
#rootpwmoddn cn=admin,dc=example,dc=com
|
|
38 |
||
1
by Arthur de Jong
* rename software to nss-pam-ldapd to indicate that PAM module is now a |
39 |
# The default search scope.
|
40 |
#scope sub
|
|
41 |
#scope one
|
|
42 |
#scope base
|
|
43 |
||
44 |
# Customize certain database lookups.
|
|
45 |
#base group ou=Groups,dc=example,dc=com
|
|
46 |
#base passwd ou=People,dc=example,dc=com
|
|
47 |
#base shadow ou=People,dc=example,dc=com
|
|
48 |
#scope group onelevel
|
|
49 |
#scope hosts sub
|
|
50 |
||
51 |
# Bind/connect timelimit.
|
|
52 |
#bind_timelimit 30
|
|
53 |
||
54 |
# Search timelimit.
|
|
55 |
#timelimit 30
|
|
56 |
||
57 |
# Idle timelimit. nslcd will close connections if the
|
|
58 |
# server has not been contacted for the number of seconds.
|
|
59 |
#idle_timelimit 3600
|
|
60 |
||
61 |
# Use StartTLS without verifying the server certificate.
|
|
62 |
#ssl start_tls
|
|
63 |
#tls_reqcert never
|
|
64 |
||
65 |
# CA certificates for server certificate verification
|
|
66 |
#tls_cacertdir /etc/ssl/certs
|
|
67 |
#tls_cacertfile /etc/ssl/ca.cert
|
|
68 |
||
69 |
# Seed the PRNG if /dev/urandom is not provided
|
|
70 |
#tls_randfile /var/run/egd-pool
|
|
71 |
||
72 |
# SSL cipher suite
|
|
73 |
# See man ciphers for syntax
|
|
74 |
#tls_ciphers TLSv1
|
|
75 |
||
76 |
# Client certificate and key
|
|
77 |
# Use these, if your server requires client authentication.
|
|
78 |
#tls_cert
|
|
79 |
#tls_key
|
|
80 |
||
81 |
# Mappings for Services for UNIX 3.5
|
|
82 |
#filter passwd (objectClass=User)
|
|
83 |
#map passwd uid msSFU30Name
|
|
84 |
#map passwd userPassword msSFU30Password
|
|
85 |
#map passwd homeDirectory msSFU30HomeDirectory
|
|
86 |
#map passwd homeDirectory msSFUHomeDirectory
|
|
87 |
#filter shadow (objectClass=User)
|
|
88 |
#map shadow uid msSFU30Name
|
|
89 |
#map shadow userPassword msSFU30Password
|
|
90 |
#filter group (objectClass=Group)
|
|
15
by Arthur de Jong
* Upload to unstable |
91 |
#map group member msSFU30PosixMember
|
1
by Arthur de Jong
* rename software to nss-pam-ldapd to indicate that PAM module is now a |
92 |
|
93 |
# Mappings for Services for UNIX 2.0
|
|
94 |
#filter passwd (objectClass=User)
|
|
95 |
#map passwd uid msSFUName
|
|
96 |
#map passwd userPassword msSFUPassword
|
|
97 |
#map passwd homeDirectory msSFUHomeDirectory
|
|
3
by Arthur de Jong
* some attributes may be mapped to a shell-like expression that expand |
98 |
#map passwd gecos msSFUName
|
1
by Arthur de Jong
* rename software to nss-pam-ldapd to indicate that PAM module is now a |
99 |
#filter shadow (objectClass=User)
|
100 |
#map shadow uid msSFUName
|
|
101 |
#map shadow userPassword msSFUPassword
|
|
102 |
#map shadow shadowLastChange pwdLastSet
|
|
103 |
#filter group (objectClass=Group)
|
|
15
by Arthur de Jong
* Upload to unstable |
104 |
#map group member posixMember
|
1
by Arthur de Jong
* rename software to nss-pam-ldapd to indicate that PAM module is now a |
105 |
|
106 |
# Mappings for Active Directory
|
|
107 |
#pagesize 1000
|
|
108 |
#referrals off
|
|
14.1.3
by Arthur de Jong
* fix problem with endless loop on incorrect password |
109 |
#idle_timelimit 800
|
1
by Arthur de Jong
* rename software to nss-pam-ldapd to indicate that PAM module is now a |
110 |
#filter passwd (&(objectClass=user)(!(objectClass=computer))(uidNumber=*)(unixHomeDirectory=*))
|
111 |
#map passwd uid sAMAccountName
|
|
112 |
#map passwd homeDirectory unixHomeDirectory
|
|
113 |
#map passwd gecos displayName
|
|
114 |
#filter shadow (&(objectClass=user)(!(objectClass=computer))(uidNumber=*)(unixHomeDirectory=*))
|
|
115 |
#map shadow uid sAMAccountName
|
|
116 |
#map shadow shadowLastChange pwdLastSet
|
|
117 |
#filter group (objectClass=group)
|
|
118 |
||
14.1.4
by Arthur de Jong
* support using the objectSid attribute to provide numeric user and group |
119 |
# Alternative mappings for Active Directory
|
120 |
# (replace the SIDs in the objectSid mappings with the value for your domain)
|
|
121 |
#pagesize 1000
|
|
122 |
#referrals off
|
|
123 |
#idle_timelimit 800
|
|
124 |
#filter passwd (&(objectClass=user)(objectClass=person)(!(objectClass=computer)))
|
|
125 |
#map passwd uid cn
|
|
126 |
#map passwd uidNumber objectSid:S-1-5-21-3623811015-3361044348-30300820
|
|
127 |
#map passwd gidNumber objectSid:S-1-5-21-3623811015-3361044348-30300820
|
|
128 |
#map passwd homeDirectory "/home/$cn"
|
|
129 |
#map passwd gecos displayName
|
|
130 |
#map passwd loginShell "/bin/bash"
|
|
131 |
#filter group (|(objectClass=group)(objectClass=person))
|
|
132 |
#map group gidNumber objectSid:S-1-5-21-3623811015-3361044348-30300820
|
|
133 |
||
1
by Arthur de Jong
* rename software to nss-pam-ldapd to indicate that PAM module is now a |
134 |
# Mappings for AIX SecureWay
|
135 |
#filter passwd (objectClass=aixAccount)
|
|
136 |
#map passwd uid userName
|
|
137 |
#map passwd userPassword passwordChar
|
|
138 |
#map passwd uidNumber uid
|
|
139 |
#map passwd gidNumber gid
|
|
140 |
#filter group (objectClass=aixAccessGroup)
|
|
141 |
#map group cn groupName
|
|
142 |
#map group gidNumber gid
|