Advertisement
Not a member of Pastebin yet?
Sign Up,
it unlocks many cool features!
- ldap {
- server = "localhost"
- identity = "cn=Administrator,cn=Users,dc=mediture,dc=dom"
- password = "******"
- basedn = "dc=mediture,dc=dom"
- filter = "(sAMAccountName=%{%{Stripped-User-Name}:-%{User-Name}})"
- ldap_connections_number = 5
- timeout = 4
- timelimit = 3
- net_timeout = 1
- tls {
- # Set this to 'yes' to use TLS encrypted connections
- # to the LDAP database by using the StartTLS extended
- # operation.
- #
- # The StartTLS operation is supposed to be
- # used with normal ldap connections instead of
- # using ldaps (port 689) connections
- start_tls = no
- # cacertfile = /path/to/cacert.pem
- # cacertdir = /path/to/ca/dir/
- # certfile = /path/to/radius.crt
- # keyfile = /path/to/radius.key
- # randfile = /path/to/rnd
- # Certificate Verification requirements. Can be:
- # "never" (don't even bother trying)
- # "allow" (try, but don't fail if the cerificate
- # can't be verified)
- # "demand" (fail if the certificate doesn't verify.)
- #
- # The default is "allow"
- # require_cert = "demand"
- }
- # access_attr = "msNPAllowDialin"
- dictionary_mapping = ${confdir}/ldap.attrmap
- edir_account_policy_check = no
- # Group membership checking. Disabled by default.
- groupname_attribute = "cn"
- groupmembership_filter = "(&(objectClass=group)(member=%{control:Ldap-UserDn}))"
- groupmembership_attribute = "memberOf"
- # compare_check_items = yes
- # do_xlat = yes
- # access_attr_used_for_allow = yes
- #
- # The following two configuration items are for Active Directory
- # compatibility. If you see the helpful "operations error"
- # being returned to the LDAP module, uncomment the next
- # two lines.
- #
- chase_referrals = yes
- rebind = yes
- #
- # By default, if the packet contains a User-Password,
- # and no other module is configured to handle the
- # authentication, the LDAP module sets itself to do
- # LDAP bind for authentication.
- #
- # THIS WILL ONLY WORK FOR PAP AUTHENTICATION.
- #
- # THIS WILL NOT WORK FOR CHAP, MS-CHAP, or 802.1x (EAP).
- #
- # You can disable this behavior by setting the following
- # configuration entry to "no".
- #
- # allowed values: {no, yes}
- # set_auth_type = yes
- #
- # Keepalive configuration. This MAY NOT be supported by your
- # LDAP library. If these configuration entries appear in the
- # output of "radiusd -X", then they are supported. Otherwise,
- # they are unsupported, and changing them will do nothing.
- #
- keepalive {
- # LDAP_OPT_X_KEEPALIVE_IDLE
- idle = 60
- # LDAP_OPT_X_KEEPALIVE_PROBES
- probes = 3
- # LDAP_OPT_X_KEEPALIVE_INTERVAL
- interval = 3
- }
- }
Advertisement
Add Comment
Please, Sign In to add comment
Advertisement