ldap { server = "localhost" identity = "cn=Administrator,cn=Users,dc=meditur

1. ldap {
2. server = "localhost"
3. identity = "cn=Administrator,cn=Users,dc=mediture,dc=dom"
4. password = "******"
5. basedn = "dc=mediture,dc=dom"
6. filter = "(sAMAccountName=%{%{Stripped-User-Name}:-%{User-Name}})"
7.  
8. ldap_connections_number = 5
9.  
10. timeout = 4
11.  
12. timelimit = 3
13.  
14. net_timeout = 1
15.  
16. tls {
17. # Set this to 'yes' to use TLS encrypted connections
18. # to the LDAP database by using the StartTLS extended
19. # operation.
20. #
21. # The StartTLS operation is supposed to be
22. # used with normal ldap connections instead of
23. # using ldaps (port 689) connections
24. start_tls = no
25.  
26. # cacertfile = /path/to/cacert.pem
27. # cacertdir = /path/to/ca/dir/
28. # certfile = /path/to/radius.crt
29. # keyfile = /path/to/radius.key
30. # randfile = /path/to/rnd
31.  
32. # Certificate Verification requirements. Can be:
33. # "never" (don't even bother trying)
34. # "allow" (try, but don't fail if the cerificate
35. # can't be verified)
36. # "demand" (fail if the certificate doesn't verify.)
37. #
38. # The default is "allow"
39. # require_cert = "demand"
40. }
41.  
42. # access_attr = "msNPAllowDialin"
43.  
44. dictionary_mapping = ${confdir}/ldap.attrmap
45.  
46. edir_account_policy_check = no
47.  
48. # Group membership checking. Disabled by default.
49. groupname_attribute = "cn"
50. groupmembership_filter = "(&(objectClass=group)(member=%{control:Ldap-UserDn}))"
51. groupmembership_attribute = "memberOf"
52.  
53. # compare_check_items = yes
54. # do_xlat = yes
55. # access_attr_used_for_allow = yes
56.  
57. #
58. # The following two configuration items are for Active Directory
59. # compatibility. If you see the helpful "operations error"
60. # being returned to the LDAP module, uncomment the next
61. # two lines.
62. #
63. chase_referrals = yes
64. rebind = yes
65.  
66. #
67. # By default, if the packet contains a User-Password,
68. # and no other module is configured to handle the
69. # authentication, the LDAP module sets itself to do
70. # LDAP bind for authentication.
71. #
72. # THIS WILL ONLY WORK FOR PAP AUTHENTICATION.
73. #
74. # THIS WILL NOT WORK FOR CHAP, MS-CHAP, or 802.1x (EAP).
75. #
76. # You can disable this behavior by setting the following
77. # configuration entry to "no".
78. #
79. # allowed values: {no, yes}
80. # set_auth_type = yes
81.  
82. #
83. # Keepalive configuration. This MAY NOT be supported by your
84. # LDAP library. If these configuration entries appear in the
85. # output of "radiusd -X", then they are supported. Otherwise,
86. # they are unsupported, and changing them will do nothing.
87. #
88. keepalive {
89. # LDAP_OPT_X_KEEPALIVE_IDLE
90. idle = 60
91.  
92. # LDAP_OPT_X_KEEPALIVE_PROBES
93. probes = 3
94.  
95. # LDAP_OPT_X_KEEPALIVE_INTERVAL
96. interval = 3
97. }
98. }