source: server/fedora/config/etc/nss-ldapd.conf @ 974

Last change on this file since 974 was 910, checked in by quentin, 17 years ago
configuration for nss-ldapd
File size: 4.4 KB
Line 
1# This is the configuration file for the LDAP nameservice
2# switch library's nslcd daemon. It configures the mapping
3# between NSS names (see /etc/nsswitch.conf) and LDAP
4# information in the directory.
5# See the manual page nss-ldapd.conf(5) for more information.
6
7# The uri pointing to the LDAP server to use for name lookups.
8# Mulitple entries may be specified. The address that is used
9# here should be resolvable without using LDAP (obviously).
10#uri ldap://127.0.0.1/
11#uri ldaps://127.0.0.1/
12#uri ldapi://%2fvar%2frun%2fldapi_sock/
13# Note: %2f encodes the '/' used as directory separator
14uri ldapi://%2fvar%2frun%2fdirsrv%2fslapd-scripts.socket/
15
16# The LDAP version to use (defaults to 3
17# if supported by client library)
18#ldap_version 3
19
20# The distinguished name of the search base.
21base dc=scripts,dc=mit,dc=edu
22
23# The distinguished name to bind to the server with.
24# Optional: default is to bind anonymously.
25#binddn cn=proxyuser,dc=padl,dc=com
26
27# The credentials to bind with.
28# Optional: default is no credentials.
29#bindpw secret
30
31# The default search scope.
32#scope sub
33#scope one
34#scope base
35
36# Customize certain database lookups.
37base   group  ou=Groups,dc=scripts,dc=mit,dc=edu
38base   passwd ou=People,dc=scripts,dc=mit,dc=edu
39#base   shadow ou=People,dc=example,dc=net
40#scope  group  onelevel
41#scope  hosts  sub
42
43# Bind/connect timelimit.
44bind_timelimit 120
45
46# Search timelimit.
47timelimit 120
48
49# Idle timelimit. nslcd will close connections if the
50# server has not been contacted for the number of seconds.
51idle_timelimit 3600
52
53# Netscape SDK LDAPS
54#ssl on
55
56# Netscape SDK SSL options
57#sslpath /etc/ssl/certs
58
59# OpenLDAP SSL mechanism
60# start_tls mechanism uses the normal LDAP port, LDAPS typically 636
61#ssl start_tls
62#ssl on
63
64# OpenLDAP SSL options
65# Require and verify server certificate (yes/no)
66# Default is to use libldap's default behavior, which can be configured in
67# /etc/openldap/ldap.conf using the TLS_REQCERT setting.  The default for
68# OpenLDAP 2.0 and earlier is "no", for 2.1 and later is "yes".
69#tls_checkpeer yes
70
71# CA certificates for server certificate verification
72# At least one of these are required if tls_checkpeer is "yes"
73#tls_cacertdir /etc/ssl/certs
74#tls_cacertfile /etc/ssl/ca.cert
75
76# Seed the PRNG if /dev/urandom is not provided
77#tls_randfile /var/run/egd-pool
78
79# SSL cipher suite
80# See man ciphers for syntax
81#tls_ciphers TLSv1
82
83# Client certificate and key
84# Use these, if your server requires client authentication.
85#tls_cert
86#tls_key
87
88# NDS mappings
89#map group uniqueMember member
90
91# Mappings for Services for UNIX 3.5
92#filter passwd (objectClass=User)
93#map    passwd uid              msSFU30Name
94#map    passwd userPassword     msSFU30Password
95#map    passwd homeDirectory    msSFU30HomeDirectory
96#map    passwd homeDirectory    msSFUHomeDirectory
97#filter shadow (objectClass=User)
98#map    shadow uid              msSFU30Name
99#map    shadow userPassword     msSFU30Password
100#filter group  (objectClass=Group)
101#map    group  uniqueMember     msSFU30PosixMember
102
103# Mappings for Services for UNIX 2.0
104#filter passwd (objectClass=User)
105#map    passwd uid              msSFUName
106#map    passwd userPassword     msSFUPassword
107#map    passwd homeDirectory    msSFUHomeDirectory
108#map    passwd cn               msSFUName
109#filter shadow (objectClass=User)
110#map    shadow uid              msSFUName
111#map    shadow userPassword     msSFUPassword
112#map    shadow shadowLastChange pwdLastSet
113#filter group  (objectClass=Group)
114#map    group  uniqueMember     posixMember
115
116# Mappings for Active Directory
117#pagesize 1000
118#referrals off
119#filter passwd (&(objectClass=user)(!(objectClass=computer))(uidNumber=*)(unixHomeDirectory=*))
120#map    passwd uid              sAMAccountName
121#map    passwd homeDirectory    unixHomeDirectory
122#map    passwd gecos            displayName
123#filter shadow (&(objectClass=user)(!(objectClass=computer))(uidNumber=*)(unixHomeDirectory=*))
124#map    shadow uid              sAMAccountName
125#map    shadow shadowLastChange pwdLastSet
126#filter group  (objectClass=group)
127#map    group  uniqueMember     member
128
129# Mappings for AIX SecureWay
130#filter passwd (objectClass=aixAccount)
131#map    passwd uid              userName
132#map    passwd userPassword     passwordChar
133#map    passwd uidNumber        uid
134#map    passwd gidNumber        gid
135#filter group  (objectClass=aixAccessGroup)
136#map    group  cn               groupName
137#map    group  uniqueMember     member
138#map    group  gidNumber        gid
Note: See TracBrowser for help on using the repository browser.