Attachment 470680 Details for Bug 730046

/etc/ldap.conf

ldap.conf (text/plain), 9.07 KB, created by Forgotten User Ku1lZ_yaEZ on 2012-01-11 12:05:17 UTC

(hide)

Description:

Filename:

MIME Type:

Creator: Forgotten User Ku1lZ_yaEZ

Created: 2012-01-11 12:05:17 UTC

Size: 9.07 KB

patch

obsolete

>
># The distinguished name of the search base.
>base	dc=hh1,dc=site
>
># Another way to specify your LDAP server is to provide an
># uri with the server name. This allows to use
># Unix Domain Sockets to connect to a local LDAP Server.
>#uri ldap://127.0.0.1/
>#uri ldaps://127.0.0.1/   
>#uri ldapi://%2fvar%2frun%2fldapi_sock/
># Note: %2f encodes the '/' used as directory separator
>
># The LDAP version to use (defaults to 3
># if supported by client library)
>#ldap_version 3
>
># The distinguished name to bind to the server with.
># Optional: default is to bind anonymously.
>#binddn cn=proxyuser,dc=example,dc=com
>
># The credentials to bind with. 
># Optional: default is no credential.
>#bindpw secret
>
># The distinguished name to bind to the server with
># if the effective user ID is root. Password is
># stored in /etc/ldap.secret (mode 600)
>#rootbinddn cn=manager,dc=example,dc=com
>
># The port.
># Optional: default is 389.
>#port 389
>
># The search scope.
>#scope sub
>#scope one
>#scope base
>
># Search timelimit
>#timelimit 30
>
># Bind/connect timelimit
>#bind_timelimit 30
>
># Reconnect policy:
>#  hard_open: reconnect to DSA with exponential backoff if
>#             opening connection failed
>#  hard_init: reconnect to DSA with exponential backoff if
>#             initializing connection failed
>#  hard:      alias for hard_open
>#  soft:      return immediately on server failure
>bind_policy	soft
>
># Connection policy:
>#  persist:   DSA connections are kept open (default)
>#  oneshot:   DSA connections destroyed after request
>#nss_connect_policy persist
>
># Idle timelimit; client will close connections
># (nss_ldap only) if the server has not been contacted
># for the number of seconds specified below.
>#idle_timelimit 3600
>
># Use paged rseults
>#nss_paged_results yes
>
># Pagesize: when paged results enable, used to set the
># pagesize to a custom value
>#pagesize 1000
>
># Filter to AND with uid=%s
>#pam_filter objectclass=account
>
># The user ID attribute (defaults to uid)
>#pam_login_attribute uid
>
># Search the root DSE for the password policy (works
># with Netscape Directory Server). Make use of
># Password Policy LDAP Control (as in OpenLDAP)
>pam_lookup_policy	yes
>
># Check the 'host' attribute for access control
># Default is no; if set to yes, and user has no
># value for the host attribute, and pam_ldap is
># configured for account management (authorization)
># then the user will not be allowed to login.
>#pam_check_host_attr yes
>
># Check the 'authorizedService' attribute for access
># control
># Default is no; if set to yes, and the user has no
># value for the authorizedService attribute, and
># pam_ldap is configured for account management
># (authorization) then the user will not be allowed
># to login.
>#pam_check_service_attr yes
>
># Group to enforce membership of
>#pam_groupdn cn=PAM,ou=Groups,dc=example,dc=com
>
># Group member attribute
>#pam_member_attribute uniquemember
>
># Specify a minium or maximum UID number allowed
>#pam_min_uid 0
>#pam_max_uid 0
>
># Template login attribute, default template user
># (can be overriden by value of former attribute
># in user's entry)
>#pam_login_attribute userPrincipalName
>#pam_template_login_attribute uid
>#pam_template_login nobody
>
># HEADS UP: the pam_crypt, pam_nds_passwd,
># and pam_ad_passwd options are no
># longer supported.
>#
># Do not hash the password at all; presume
># the directory server will do it, if
># necessary. This is the default.
>#pam_password clear
>
># Hash password locally; required for University of
># Michigan LDAP server, and works with Netscape
># Directory Server if you're using the UNIX-Crypt
># hash mechanism and not using the NT Synchronization
># service. 
>#pam_password crypt
>
># Remove old password first, then update in
># cleartext. Necessary for use with Novell
># Directory Services (NDS)
>#pam_password nds
>
># RACF is an alias for the above. For use with
># IBM RACF
>#pam_password racf
>
># Update Active Directory password, by
># creating Unicode password and updating
># unicodePwd attribute.
>#pam_password ad
>
># Use the OpenLDAP password change
># extended operation to update the password.
>pam_password	exop
>
># Redirect users to a URL or somesuch on password
># changes.
>#pam_password_prohibit_message Please visit http://internal to change your password.
>
># Use backlinks for answering initgroups()
>#nss_initgroups backlink
>
># returns NOTFOUND if nss_ldap's initgroups() is called
># for users specified in nss_initgroups_ignoreusers 
># (comma separated)
>nss_initgroups_ignoreusers	root,ldap
>
># Enable support for RFC2307bis (distinguished names in group
># members)
>nss_schema	rfc2307bis
>
># RFC2307bis naming contexts
># Syntax:
># nss_base_XXX		base?scope?filter
># where scope is {base,one,sub}
># and filter is a filter to be &'d with the
># default filter.
># You can omit the suffix eg:
># nss_base_passwd	ou=People,
># to append the default base DN but this
># may incur a small performance impact.
>#nss_base_passwd	ou=People,dc=example,dc=com?one
>#nss_base_shadow	ou=People,dc=example,dc=com?one
>#nss_base_group		ou=Group,dc=example,dc=com?one
>#nss_base_hosts		ou=Hosts,dc=example,dc=com?one
>#nss_base_services	ou=Services,dc=example,dc=com?one
>#nss_base_networks	ou=Networks,dc=example,dc=com?one
>#nss_base_protocols	ou=Protocols,dc=example,dc=com?one
>#nss_base_rpc		ou=Rpc,dc=example,dc=com?one
>#nss_base_ethers	ou=Ethers,dc=example,dc=com?one
>#nss_base_netmasks	ou=Networks,dc=example,dc=com?ne
>#nss_base_bootparams	ou=Ethers,dc=example,dc=com?one
>#nss_base_aliases	ou=Aliases,dc=example,dc=com?one
>#nss_base_netgroup	ou=Netgroup,dc=example,dc=com?one
>
># attribute/objectclass mapping
># Syntax:
>#nss_map_attribute	rfc2307attribute	mapped_attribute
>#nss_map_objectclass	rfc2307objectclass	mapped_objectclass
>
># configure --enable-nds is no longer supported.
># NDS mappings
>nss_map_attribute	uniqueMember member
>
># Services for UNIX 3.5 mappings
>#nss_map_objectclass posixAccount User
>#nss_map_objectclass shadowAccount User
>#nss_map_attribute uid msSFU30Name
>#nss_map_attribute uniqueMember msSFU30PosixMember
>#nss_map_attribute userPassword msSFU30Password
>#nss_map_attribute homeDirectory msSFU30HomeDirectory
>#nss_map_attribute homeDirectory msSFUHomeDirectory
>#nss_map_objectclass posixGroup Group
>#pam_login_attribute msSFU30Name
>#pam_filter objectclass=User
>#pam_password ad
>
># configure --enable-mssfu-schema is no longer supported.
># Services for UNIX 2.0 mappings
>#nss_map_objectclass posixAccount User
>#nss_map_objectclass shadowAccount user
>#nss_map_attribute uid msSFUName
>#nss_map_attribute uniqueMember posixMember
>#nss_map_attribute userPassword msSFUPassword
>#nss_map_attribute homeDirectory msSFUHomeDirectory
>#nss_map_attribute shadowLastChange pwdLastSet
>#nss_map_objectclass posixGroup Group
>#nss_map_attribute cn msSFUName
>#pam_login_attribute msSFUName
>#pam_filter objectclass=User
>#pam_password ad
>
># RFC 2307 (AD) mappings
>#nss_map_objectclass posixAccount user
>#nss_map_objectclass shadowAccount user
>#nss_map_attribute uid sAMAccountName
>#nss_map_attribute homeDirectory unixHomeDirectory
>#nss_map_attribute shadowLastChange pwdLastSet
>#nss_map_objectclass posixGroup group
>#nss_map_attribute uniqueMember member
>#pam_login_attribute sAMAccountName
>#pam_filter objectclass=User
>#pam_password ad
>
># configure --enable-authpassword is no longer supported
># AuthPassword mappings
>#nss_map_attribute userPassword authPassword
>
># AIX SecureWay mappings
>#nss_map_objectclass posixAccount aixAccount
>#nss_base_passwd ou=aixaccount,?one
>#nss_map_attribute uid userName
>#nss_map_attribute gidNumber gid
>#nss_map_attribute uidNumber uid
>#nss_map_attribute userPassword passwordChar
>#nss_map_objectclass posixGroup aixAccessGroup
>#nss_base_group ou=aixgroup,?one
>#nss_map_attribute cn groupName
>#nss_map_attribute uniqueMember member
>#pam_login_attribute userName
>#pam_filter objectclass=aixAccount
>#pam_password clear
>
># For pre-RFC2307bis automount schema
>#nss_map_objectclass automountMap nisMap
>#nss_map_attribute automountMapName nisMapName
>#nss_map_objectclass automount nisObject
>#nss_map_attribute automountKey cn
>#nss_map_attribute automountInformation nisMapEntry
>
># Netscape SDK LDAPS
>#ssl on
>
># Netscape SDK SSL options
>#sslpath /etc/ssl/certs
>
># OpenLDAP SSL mechanism
># start_tls mechanism uses the normal LDAP port, LDAPS typically 636
>ssl	start_tls
>uri	ldap://hh1.hh1.site
>ldap_version	3
>pam_filter	objectClass=posixAccount
>#ssl on
>
># OpenLDAP SSL options
># Require and verify server certificate (yes/no)
># Default is to use libldap's default behavior, which can be configured in
># /etc/openldap/ldap.conf using the TLS_REQCERT setting.  The default for
># OpenLDAP 2.0 and earlier is "no", for 2.1 and later is "yes".
>#tls_checkpeer yes
>
># CA certificates for server certificate verification
># At least one of these are required if tls_checkpeer is "yes"
>tls_cacertfile	/etc/openldap/cacert.pem
>tls_cacertdir	/etc/openldap/cacerts/
>#tls_cacertdir /etc/ssl/certs
>
># Seed the PRNG if /dev/urandom is not provided
>#tls_randfile /var/run/egd-pool
>
># SSL cipher suite
># See man ciphers for syntax
>#tls_ciphers TLSv1
>
># Client certificate and key
># Use these, if your server requires client authentication.
>#tls_cert
>#tls_key
>
># Disable SASL security layers. This is needed for AD.
>#sasl_secprops maxssf=0
>
># Override the default Kerberos ticket cache location.
>#krb5_ccname FILE:/etc/.ldapcache

Actions: View

Attachments on bug 730046: 461810 | 463990 | 464047 | 470679 | 470680 | 470684 | 470686 | 470692