Pastebin launched a little side project called VERYVIRAL.com, check it out ;-) Want more features on Pastebin? Sign Up, it's FREE!
Guest

Franck Royer

By: a guest on Apr 13th, 2009  |  syntax: None  |  size: 9.09 KB  |  views: 171  |  expires: Never
download  |  raw  |  embed  |  report abuse  |  print
Text below is selected. Please press Ctrl+C to copy to your clipboard. (⌘+C on Mac)
  1. ###DEBCONF###
  2. ##
  3. ## Configuration of this file will be managed by debconf as long as the
  4. ## first line of the file says '###DEBCONF###'
  5. ##
  6. ## You should use dpkg-reconfigure to configure this file via debconf
  7. ##
  8.  
  9. #
  10. # @(#)$Id: ldap.conf,v 1.38 2006/05/15 08:13:31 lukeh Exp $
  11. #
  12. # This is the configuration file for the LDAP nameservice
  13. # switch library and the LDAP PAM module.
  14. #
  15. # PADL Software
  16. # http://www.padl.com
  17. #
  18.  
  19. # Your LDAP server. Must be resolvable without using LDAP.
  20. # Multiple hosts may be specified, each separated by a
  21. # space. How long nss_ldap takes to failover depends on
  22. # whether your LDAP client library supports configurable
  23. # network or connect timeouts (see bind_timelimit).
  24. host 127.0.0.1
  25.  
  26. # The distinguished name of the search base.
  27. base dc=kollok,dc=org
  28.  
  29. # Another way to specify your LDAP server is to provide an
  30. #uri ldapi:///127.0.0.1
  31. # Unix Domain Sockets to connect to a local LDAP Server.
  32. #uri ldap://127.0.0.1/
  33. #uri ldaps://127.0.0.1/  
  34. #uri ldapi://%2fvar%2frun%2fldapi_sock/
  35. # Note: %2f encodes the '/' used as directory separator
  36.  
  37. # The LDAP version to use (defaults to 3
  38. # if supported by client library)
  39. ldap_version 3
  40.  
  41. # The distinguished name to bind to the server with.
  42. # Optional: default is to bind anonymously.
  43. binddn cn=proxy,dc=kollok,dc=org
  44.  
  45. # The credentials to bind with.
  46. # Optional: default is no credential.
  47. bindpw petitebite43!
  48.  
  49. # The distinguished name to bind to the server with
  50. # if the effective user ID is root. Password is
  51. # stored in /etc/ldap.secret (mode 600)
  52. rootbinddn cn=admin,dc=kollok,dc=org
  53.  
  54. # The port.
  55. # Optional: default is 389.
  56. #port 389
  57.  
  58. # The search scope.
  59. #scope sub
  60. #scope one
  61. #scope base
  62.  
  63. # Search timelimit
  64. #timelimit 30
  65.  
  66. # Bind/connect timelimit
  67. #bind_timelimit 30
  68.  
  69. # Reconnect policy: hard (default) will retry connecting to
  70. # the software with exponential backoff, soft will fail
  71. # immediately.
  72. bind_policy hard
  73. #bind_policy soft
  74.  
  75. # Idle timelimit; client will close connections
  76. # (nss_ldap only) if the server has not been contacted
  77. # for the number of seconds specified below.
  78. #idle_timelimit 3600
  79.  
  80. # Filter to AND with uid=%s
  81. #pam_filter objectclass=account
  82.  
  83. # The user ID attribute (defaults to uid)
  84. #pam_login_attribute uid
  85.  
  86. # Search the root DSE for the password policy (works
  87. # with Netscape Directory Server)
  88. #pam_lookup_policy yes
  89.  
  90. # Check the 'host' attribute for access control
  91. # Default is no; if set to yes, and user has no
  92. # value for the host attribute, and pam_ldap is
  93. # configured for account management (authorization)
  94. # then the user will not be allowed to login.
  95. #pam_check_host_attr yes
  96.  
  97. # Check the 'authorizedService' attribute for access
  98. # control
  99. # Default is no; if set to yes, and the user has no
  100. # value for the authorizedService attribute, and
  101. # pam_ldap is configured for account management
  102. # (authorization) then the user will not be allowed
  103. # to login.
  104. #pam_check_service_attr yes
  105.  
  106. # Group to enforce membership of
  107. #pam_groupdn cn=PAM,ou=Groups,dc=padl,dc=com
  108.  
  109. # Group member attribute
  110. #pam_member_attribute uniquemember
  111.  
  112. # Specify a minium or maximum UID number allowed
  113. #pam_min_uid 0
  114. #pam_max_uid 0
  115.  
  116. # Template login attribute, default template user
  117. # (can be overriden by value of former attribute
  118. # in user's entry)
  119. #pam_login_attribute userPrincipalName
  120. #pam_template_login_attribute uid
  121. #pam_template_login nobody
  122.  
  123. # HEADS UP: the pam_crypt, pam_nds_passwd,
  124. # and pam_ad_passwd options are no
  125. # longer supported.
  126. #
  127. # Do not hash the password at all; presume
  128. # the directory server will do it, if
  129. # necessary. This is the default.
  130. #pam_password md5
  131.  
  132. # Hash password locally; required for University of
  133. # Michigan LDAP server, and works with Netscape
  134. # Directory Server if you're using the UNIX-Crypt
  135. # hash mechanism and not using the NT Synchronization
  136. # service.
  137. #pam_password crypt
  138.  
  139. # Remove old password first, then update in
  140. # cleartext. Necessary for use with Novell
  141. # Directory Services (NDS)
  142. #pam_password clear_remove_old
  143. #pam_password nds
  144.  
  145. # RACF is an alias for the above. For use with
  146. # IBM RACF
  147. #pam_password racf
  148.  
  149. # Update Active Directory password, by
  150. # creating Unicode password and updating
  151. # unicodePwd attribute.
  152. #pam_password ad
  153.  
  154. # Use the OpenLDAP password change
  155. # extended operation to update the password.
  156. pam_password exop
  157.  
  158. # Redirect users to a URL or somesuch on password
  159. # changes.
  160. #pam_password_prohibit_message Please visit http://internal to change your password.
  161.  
  162. # RFC2307bis naming contexts
  163. # Syntax:
  164. # nss_base_XXX          base?scope?filter
  165. # where scope is {base,one,sub}
  166. # and filter is a filter to be &'d with the
  167. # default filter.
  168. # You can omit the suffix eg:
  169. # nss_base_passwd       ou=People,
  170. # to append the default base DN but this
  171. # may incur a small performance impact.
  172. nss_base_passwd         ou=people,dc=kollok,dc=org?one
  173. nss_base_shadow         ou=people,dc=kollok,dc=org?one
  174. nss_base_group          ou=groups,dc=kollok,dc=org?one
  175. #nss_base_hosts         ou=Hosts,dc=padl,dc=com?one
  176. #nss_base_services      ou=Services,dc=padl,dc=com?one
  177. #nss_base_networks      ou=Networks,dc=padl,dc=com?one
  178. #nss_base_protocols     ou=Protocols,dc=padl,dc=com?one
  179. #nss_base_rpc           ou=Rpc,dc=padl,dc=com?one
  180. #nss_base_ethers        ou=Ethers,dc=padl,dc=com?one
  181. #nss_base_netmasks      ou=Networks,dc=padl,dc=com?ne
  182. #nss_base_bootparams    ou=Ethers,dc=padl,dc=com?one
  183. #nss_base_aliases       ou=Aliases,dc=padl,dc=com?one
  184. #nss_base_netgroup      ou=Netgroup,dc=padl,dc=com?one
  185.  
  186. # attribute/objectclass mapping
  187. # Syntax:
  188. #nss_map_attribute      rfc2307attribute        mapped_attribute
  189. #nss_map_objectclass    rfc2307objectclass      mapped_objectclass
  190.  
  191. # configure --enable-nds is no longer supported.
  192. # NDS mappings
  193. #nss_map_attribute uniqueMember member
  194.  
  195. # Services for UNIX 3.5 mappings
  196. #nss_map_objectclass posixAccount User
  197. #nss_map_objectclass shadowAccount User
  198. #nss_map_attribute uid msSFU30Name
  199. #nss_map_attribute uniqueMember msSFU30PosixMember
  200. #nss_map_attribute userPassword msSFU30Password
  201. #nss_map_attribute homeDirectory msSFU30HomeDirectory
  202. #nss_map_attribute homeDirectory msSFUHomeDirectory
  203. #nss_map_objectclass posixGroup Group
  204. #pam_login_attribute msSFU30Name
  205. #pam_filter objectclass=User
  206. #pam_password ad
  207.  
  208. # configure --enable-mssfu-schema is no longer supported.
  209. # Services for UNIX 2.0 mappings
  210. #nss_map_objectclass posixAccount User
  211. #nss_map_objectclass shadowAccount user
  212. #nss_map_attribute uid msSFUName
  213. #nss_map_attribute uniqueMember posixMember
  214. #nss_map_attribute userPassword msSFUPassword
  215. #nss_map_attribute homeDirectory msSFUHomeDirectory
  216. #nss_map_attribute shadowLastChange pwdLastSet
  217. #nss_map_objectclass posixGroup Group
  218. #nss_map_attribute cn msSFUName
  219. #pam_login_attribute msSFUName
  220. #pam_filter objectclass=User
  221. #pam_password ad
  222.  
  223. # RFC 2307 (AD) mappings
  224. #nss_map_objectclass posixAccount user
  225. #nss_map_objectclass shadowAccount user
  226. #nss_map_attribute uid sAMAccountName
  227. #nss_map_attribute homeDirectory unixHomeDirectory
  228. #nss_map_attribute shadowLastChange pwdLastSet
  229. #nss_map_objectclass posixGroup group
  230. #nss_map_attribute uniqueMember member
  231. #pam_login_attribute sAMAccountName
  232. #pam_filter objectclass=User
  233. #pam_password ad
  234.  
  235. # configure --enable-authpassword is no longer supported
  236. # AuthPassword mappings
  237. #nss_map_attribute userPassword authPassword
  238.  
  239. # AIX SecureWay mappings
  240. #nss_map_objectclass posixAccount aixAccount
  241. #nss_base_passwd ou=aixaccount,?one
  242. #nss_map_attribute uid userName
  243. #nss_map_attribute gidNumber gid
  244. #nss_map_attribute uidNumber uid
  245. #nss_map_attribute userPassword passwordChar
  246. #nss_map_objectclass posixGroup aixAccessGroup
  247. #nss_base_group ou=aixgroup,?one
  248. #nss_map_attribute cn groupName
  249. #nss_map_attribute uniqueMember member
  250. #pam_login_attribute userName
  251. #pam_filter objectclass=aixAccount
  252. #pam_password clear
  253.  
  254. # Netscape SDK LDAPS
  255. #ssl on
  256.  
  257. # Netscape SDK SSL options
  258. #sslpath /etc/ssl/certs
  259.  
  260. # OpenLDAP SSL mechanism
  261. # start_tls mechanism uses the normal LDAP port, LDAPS typically 636
  262. #ssl start_tls
  263. #ssl on
  264.  
  265. # OpenLDAP SSL options
  266. # Require and verify server certificate (yes/no)
  267. # Default is to use libldap's default behavior, which can be configured in
  268. # /etc/openldap/ldap.conf using the TLS_REQCERT setting.  The default for
  269. # OpenLDAP 2.0 and earlier is "no", for 2.1 and later is "yes".
  270. #tls_checkpeer yes
  271.  
  272. # CA certificates for server certificate verification
  273. # At least one of these are required if tls_checkpeer is "yes"
  274. #tls_cacertfile /etc/ssl/ca.cert
  275. #tls_cacertdir /etc/ssl/certs
  276.  
  277. # Seed the PRNG if /dev/urandom is not provided
  278. #tls_randfile /var/run/egd-pool
  279.  
  280. # SSL cipher suite
  281. # See man ciphers for syntax
  282. #tls_ciphers TLSv1
  283.  
  284. # Client certificate and key
  285. # Use these, if your server requires client authentication.
  286. #tls_cert
  287. #tls_key
  288.  
  289. # Disable SASL security layers. This is needed for AD.
  290. #sasl_secprops maxssf=0
  291.  
  292. # Override the default Kerberos ticket cache location.
  293. #krb5_ccname FILE:/etc/.ldapcache
  294.  
  295.  
  296. # SASL mechanism for PAM authentication - use is experimental
  297. # at present and does not support password policy control
  298. #pam_sasl_mech DIGEST-MD5