1 | # This is the configuration file for the LDAP nameservice |
---|
2 | # switch library's nslcd daemon. It configures the mapping |
---|
3 | # between NSS names (see /etc/nsswitch.conf) and LDAP |
---|
4 | # information in the directory. |
---|
5 | # See the manual page nss-ldapd.conf(5) for more information. |
---|
6 | |
---|
7 | # The uri pointing to the LDAP server to use for name lookups. |
---|
8 | # Mulitple entries may be specified. The address that is used |
---|
9 | # here should be resolvable without using LDAP (obviously). |
---|
10 | #uri ldap://127.0.0.1/ |
---|
11 | #uri ldaps://127.0.0.1/ |
---|
12 | #uri ldapi://%2fvar%2frun%2fldapi_sock/ |
---|
13 | # Note: %2f encodes the '/' used as directory separator |
---|
14 | uri ldapi://%2fvar%2frun%2fdirsrv%2fslapd-scripts.socket/ |
---|
15 | |
---|
16 | # The LDAP version to use (defaults to 3 |
---|
17 | # if supported by client library) |
---|
18 | #ldap_version 3 |
---|
19 | |
---|
20 | # The distinguished name of the search base. |
---|
21 | base dc=scripts,dc=mit,dc=edu |
---|
22 | |
---|
23 | # The distinguished name to bind to the server with. |
---|
24 | # Optional: default is to bind anonymously. |
---|
25 | #binddn cn=proxyuser,dc=padl,dc=com |
---|
26 | |
---|
27 | # The credentials to bind with. |
---|
28 | # Optional: default is no credentials. |
---|
29 | #bindpw secret |
---|
30 | |
---|
31 | # The default search scope. |
---|
32 | #scope sub |
---|
33 | #scope one |
---|
34 | #scope base |
---|
35 | |
---|
36 | # Customize certain database lookups. |
---|
37 | base group ou=Groups,dc=scripts,dc=mit,dc=edu |
---|
38 | base passwd ou=People,dc=scripts,dc=mit,dc=edu |
---|
39 | #base shadow ou=People,dc=example,dc=net |
---|
40 | #scope group onelevel |
---|
41 | #scope hosts sub |
---|
42 | |
---|
43 | # Bind/connect timelimit. |
---|
44 | bind_timelimit 120 |
---|
45 | |
---|
46 | # Search timelimit. |
---|
47 | timelimit 120 |
---|
48 | |
---|
49 | # Idle timelimit. nslcd will close connections if the |
---|
50 | # server has not been contacted for the number of seconds. |
---|
51 | idle_timelimit 3600 |
---|
52 | |
---|
53 | # Netscape SDK LDAPS |
---|
54 | #ssl on |
---|
55 | |
---|
56 | # Netscape SDK SSL options |
---|
57 | #sslpath /etc/ssl/certs |
---|
58 | |
---|
59 | # OpenLDAP SSL mechanism |
---|
60 | # start_tls mechanism uses the normal LDAP port, LDAPS typically 636 |
---|
61 | #ssl start_tls |
---|
62 | #ssl on |
---|
63 | |
---|
64 | # OpenLDAP SSL options |
---|
65 | # Require and verify server certificate (yes/no) |
---|
66 | # Default is to use libldap's default behavior, which can be configured in |
---|
67 | # /etc/openldap/ldap.conf using the TLS_REQCERT setting. The default for |
---|
68 | # OpenLDAP 2.0 and earlier is "no", for 2.1 and later is "yes". |
---|
69 | #tls_checkpeer yes |
---|
70 | |
---|
71 | # CA certificates for server certificate verification |
---|
72 | # At least one of these are required if tls_checkpeer is "yes" |
---|
73 | #tls_cacertdir /etc/ssl/certs |
---|
74 | #tls_cacertfile /etc/ssl/ca.cert |
---|
75 | |
---|
76 | # Seed the PRNG if /dev/urandom is not provided |
---|
77 | #tls_randfile /var/run/egd-pool |
---|
78 | |
---|
79 | # SSL cipher suite |
---|
80 | # See man ciphers for syntax |
---|
81 | #tls_ciphers TLSv1 |
---|
82 | |
---|
83 | # Client certificate and key |
---|
84 | # Use these, if your server requires client authentication. |
---|
85 | #tls_cert |
---|
86 | #tls_key |
---|
87 | |
---|
88 | # NDS mappings |
---|
89 | #map group uniqueMember member |
---|
90 | |
---|
91 | # Mappings for Services for UNIX 3.5 |
---|
92 | #filter passwd (objectClass=User) |
---|
93 | #map passwd uid msSFU30Name |
---|
94 | #map passwd userPassword msSFU30Password |
---|
95 | #map passwd homeDirectory msSFU30HomeDirectory |
---|
96 | #map passwd homeDirectory msSFUHomeDirectory |
---|
97 | #filter shadow (objectClass=User) |
---|
98 | #map shadow uid msSFU30Name |
---|
99 | #map shadow userPassword msSFU30Password |
---|
100 | #filter group (objectClass=Group) |
---|
101 | #map group uniqueMember msSFU30PosixMember |
---|
102 | |
---|
103 | # Mappings for Services for UNIX 2.0 |
---|
104 | #filter passwd (objectClass=User) |
---|
105 | #map passwd uid msSFUName |
---|
106 | #map passwd userPassword msSFUPassword |
---|
107 | #map passwd homeDirectory msSFUHomeDirectory |
---|
108 | #map passwd cn msSFUName |
---|
109 | #filter shadow (objectClass=User) |
---|
110 | #map shadow uid msSFUName |
---|
111 | #map shadow userPassword msSFUPassword |
---|
112 | #map shadow shadowLastChange pwdLastSet |
---|
113 | #filter group (objectClass=Group) |
---|
114 | #map group uniqueMember posixMember |
---|
115 | |
---|
116 | # Mappings for Active Directory |
---|
117 | #pagesize 1000 |
---|
118 | #referrals off |
---|
119 | #filter passwd (&(objectClass=user)(!(objectClass=computer))(uidNumber=*)(unixHomeDirectory=*)) |
---|
120 | #map passwd uid sAMAccountName |
---|
121 | #map passwd homeDirectory unixHomeDirectory |
---|
122 | #map passwd gecos displayName |
---|
123 | #filter shadow (&(objectClass=user)(!(objectClass=computer))(uidNumber=*)(unixHomeDirectory=*)) |
---|
124 | #map shadow uid sAMAccountName |
---|
125 | #map shadow shadowLastChange pwdLastSet |
---|
126 | #filter group (objectClass=group) |
---|
127 | #map group uniqueMember member |
---|
128 | |
---|
129 | # Mappings for AIX SecureWay |
---|
130 | #filter passwd (objectClass=aixAccount) |
---|
131 | #map passwd uid userName |
---|
132 | #map passwd userPassword passwordChar |
---|
133 | #map passwd uidNumber uid |
---|
134 | #map passwd gidNumber gid |
---|
135 | #filter group (objectClass=aixAccessGroup) |
---|
136 | #map group cn groupName |
---|
137 | #map group uniqueMember member |
---|
138 | #map group gidNumber gid |
---|