mirror of
https://git.openldap.org/openldap/openldap.git
synced 2024-12-21 03:10:25 +08:00
139 lines
4.2 KiB
Plaintext
139 lines
4.2 KiB
Plaintext
|
# This is the configuration file for the LDAP nameservice
|
||
|
|
# switch library's nslcd daemon. It configures the mapping
|
||
|
|
# between NSS names (see /etc/nsswitch.conf) and LDAP
|
||
|
|
# information in the directory.
|
||
|
|
# See the manual page nss-ldapd.conf(5) for more information.
|
||
|
|
|
||
|
|
# The uri pointing to the LDAP server to use for name lookups.
|
||
|
|
# Mulitple entries may be specified. The address that is used
|
||
|
|
# here should be resolvable without using LDAP (obviously).
|
||
|
|
#uri ldap://127.0.0.1/
|
||
|
|
#uri ldaps://127.0.0.1/
|
||
|
|
#uri ldapi://%2fvar%2frun%2fldapi_sock/
|
||
|
|
# Note: %2f encodes the '/' used as directory separator
|
||
|
|
uri ldap://127.0.0.1/
|
||
|
|
|
||
|
|
# The LDAP version to use (defaults to 3
|
||
|
|
# if supported by client library)
|
||
|
|
#ldap_version 3
|
||
|
|
|
||
|
|
# The distinguished name of the search base.
|
||
|
|
base dc=example,dc=net
|
||
|
|
|
||
|
|
# The distinguished name to bind to the server with.
|
||
|
|
# Optional: default is to bind anonymously.
|
||
|
|
#binddn cn=proxyuser,dc=padl,dc=com
|
||
|
|
|
||
|
|
# The credentials to bind with.
|
||
|
|
# Optional: default is no credentials.
|
||
|
|
#bindpw secret
|
||
|
|
|
||
|
|
# The default search scope.
|
||
|
|
#scope sub
|
||
|
|
#scope one
|
||
|
|
#scope base
|
||
|
|
|
||
|
|
# Customize certain database lookups.
|
||
|
|
#base group ou=Groups,dc=example,dc=net
|
||
|
|
#base passwd ou=People,dc=example,dc=net
|
||
|
|
#base shadow ou=People,dc=example,dc=net
|
||
|
|
#scope group onelevel
|
||
|
|
#scope hosts sub
|
||
|
|
|
||
|
|
# Bind/connect timelimit.
|
||
|
|
#bind_timelimit 30
|
||
|
|
|
||
|
|
# Search timelimit.
|
||
|
|
#timelimit 30
|
||
|
|
|
||
|
|
# Idle timelimit. nslcd will close connections if the
|
||
|
|
# server has not been contacted for the number of seconds.
|
||
|
|
#idle_timelimit 3600
|
||
|
|
|
||
|
|
# Netscape SDK LDAPS
|
||
|
|
#ssl on
|
||
|
|
|
||
|
|
# Netscape SDK SSL options
|
||
|
|
#sslpath /etc/ssl/certs
|
||
|
|
|
||
|
|
# OpenLDAP SSL mechanism
|
||
|
|
# start_tls mechanism uses the normal LDAP port, LDAPS typically 636
|
||
|
|
#ssl start_tls
|
||
|
|
#ssl on
|
||
|
|
|
||
|
|
# OpenLDAP SSL options
|
||
|
|
# Require and verify server certificate (yes/no)
|
||
|
|
# Default is to use libldap's default behavior, which can be configured in
|
||
|
|
# /etc/openldap/ldap.conf using the TLS_REQCERT setting. The default for
|
||
|
|
# OpenLDAP 2.0 and earlier is "no", for 2.1 and later is "yes".
|
||
|
|
#tls_checkpeer yes
|
||
|
|
|
||
|
|
# CA certificates for server certificate verification
|
||
|
|
# At least one of these are required if tls_checkpeer is "yes"
|
||
|
|
#tls_cacertdir /etc/ssl/certs
|
||
|
|
#tls_cacertfile /etc/ssl/ca.cert
|
||
|
|
|
||
|
|
# Seed the PRNG if /dev/urandom is not provided
|
||
|
|
#tls_randfile /var/run/egd-pool
|
||
|
|
|
||
|
|
# SSL cipher suite
|
||
|
|
# See man ciphers for syntax
|
||
|
|
#tls_ciphers TLSv1
|
||
|
|
|
||
|
|
# Client certificate and key
|
||
|
|
# Use these, if your server requires client authentication.
|
||
|
|
#tls_cert
|
||
|
|
#tls_key
|
||
|
|
|
||
|
|
# NDS mappings
|
||
|
|
#map group uniqueMember member
|
||
|
|
|
||
|
|
# Mappings for Services for UNIX 3.5
|
||
|
|
#filter passwd (objectClass=User)
|
||
|
|
#map passwd uid msSFU30Name
|
||
|
|
#map passwd userPassword msSFU30Password
|
||
|
|
#map passwd homeDirectory msSFU30HomeDirectory
|
||
|
|
#map passwd homeDirectory msSFUHomeDirectory
|
||
|
|
#filter shadow (objectClass=User)
|
||
|
|
#map shadow uid msSFU30Name
|
||
|
|
#map shadow userPassword msSFU30Password
|
||
|
|
#filter group (objectClass=Group)
|
||
|
|
#map group uniqueMember msSFU30PosixMember
|
||
|
|
|
||
|
|
# Mappings for Services for UNIX 2.0
|
||
|
|
#filter passwd (objectClass=User)
|
||
|
|
#map passwd uid msSFUName
|
||
|
|
#map passwd userPassword msSFUPassword
|
||
|
|
#map passwd homeDirectory msSFUHomeDirectory
|
||
|
|
#map passwd cn msSFUName
|
||
|
|
#filter shadow (objectClass=User)
|
||
|
|
#map shadow uid msSFUName
|
||
|
|
#map shadow userPassword msSFUPassword
|
||
|
|
#map shadow shadowLastChange pwdLastSet
|
||
|
|
#filter group (objectClass=Group)
|
||
|
|
#map group uniqueMember posixMember
|
||
|
|
|
||
|
|
# Mappings for Active Directory
|
||
|
|
#pagesize 1000
|
||
|
|
#referrals off
|
||
|
|
#filter passwd (objectClass=user)
|
||
|
|
#map passwd uid sAMAccountName
|
||
|
|
#map passwd homeDirectory unixHomeDirectory
|
||
|
|
#map passwd gecos name
|
||
|
|
#filter shadow (objectClass=user)
|
||
|
|
#map shadow uid sAMAccountName
|
||
|
|
#map shadow shadowLastChange pwdLastSet
|
||
|
|
#filter group (objectClass=group)
|
||
|
|
#map group uniqueMember member
|
||
|
|
|
||
|
|
# Mappings for AIX SecureWay
|
||
|
|
#filter passwd (objectClass=aixAccount)
|
||
|
|
#map passwd uid userName
|
||
|
|
#map passwd userPassword passwordChar
|
||
|
|
#map passwd uidNumber uid
|
||
|
|
#map passwd gidNumber gid
|
||
|
|
#filter group (objectClass=aixAccessGroup)
|
||
|
|
#map group cn groupName
|
||
|
|
#map group uniqueMember member
|
||
|
|
#map group gidNumber gid
|