Franck Royer

1. ###DEBCONF###
2. ##
3. ## Configuration of this file will be managed by debconf as long as the
4. ## first line of the file says '###DEBCONF###'
5. ##
6. ## You should use dpkg-reconfigure to configure this file via debconf
7. ##
8.  
9. #
10. # @(#)$Id: ldap.conf,v 1.38 2006/05/15 08:13:31 lukeh Exp $
11. #
12. # This is the configuration file for the LDAP nameservice
13. # switch library and the LDAP PAM module.
14. #
15. # PADL Software
16. # http://www.padl.com
17. #
18.  
19. # Your LDAP server. Must be resolvable without using LDAP.
20. # Multiple hosts may be specified, each separated by a
21. # space. How long nss_ldap takes to failover depends on
22. # whether your LDAP client library supports configurable
23. # network or connect timeouts (see bind_timelimit).
24. host 127.0.0.1
25.  
26. # The distinguished name of the search base.
27. base dc=kollok,dc=org
28.  
29. # Another way to specify your LDAP server is to provide an
30. #uri ldapi:///127.0.0.1
31. # Unix Domain Sockets to connect to a local LDAP Server.
32. #uri ldap://127.0.0.1/
33. #uri ldaps://127.0.0.1/
34. #uri ldapi://%2fvar%2frun%2fldapi_sock/
35. # Note: %2f encodes the '/' used as directory separator
36.  
37. # The LDAP version to use (defaults to 3
38. # if supported by client library)
39. ldap_version 3
40.  
41. # The distinguished name to bind to the server with.
42. # Optional: default is to bind anonymously.
43. binddn cn=proxy,dc=kollok,dc=org
44.  
45. # The credentials to bind with.
46. # Optional: default is no credential.
47. bindpw petitebite43!
48.  
49. # The distinguished name to bind to the server with
50. # if the effective user ID is root. Password is
51. # stored in /etc/ldap.secret (mode 600)
52. rootbinddn cn=admin,dc=kollok,dc=org
53.  
54. # The port.
55. # Optional: default is 389.
56. #port 389
57.  
58. # The search scope.
59. #scope sub
60. #scope one
61. #scope base
62.  
63. # Search timelimit
64. #timelimit 30
65.  
66. # Bind/connect timelimit
67. #bind_timelimit 30
68.  
69. # Reconnect policy: hard (default) will retry connecting to
70. # the software with exponential backoff, soft will fail
71. # immediately.
72. bind_policy hard
73. #bind_policy soft
74.  
75. # Idle timelimit; client will close connections
76. # (nss_ldap only) if the server has not been contacted
77. # for the number of seconds specified below.
78. #idle_timelimit 3600
79.  
80. # Filter to AND with uid=%s
81. #pam_filter objectclass=account
82.  
83. # The user ID attribute (defaults to uid)
84. #pam_login_attribute uid
85.  
86. # Search the root DSE for the password policy (works
87. # with Netscape Directory Server)
88. #pam_lookup_policy yes
89.  
90. # Check the 'host' attribute for access control
91. # Default is no; if set to yes, and user has no
92. # value for the host attribute, and pam_ldap is
93. # configured for account management (authorization)
94. # then the user will not be allowed to login.
95. #pam_check_host_attr yes
96.  
97. # Check the 'authorizedService' attribute for access
98. # control
99. # Default is no; if set to yes, and the user has no
100. # value for the authorizedService attribute, and
101. # pam_ldap is configured for account management
102. # (authorization) then the user will not be allowed
103. # to login.
104. #pam_check_service_attr yes
105.  
106. # Group to enforce membership of
107. #pam_groupdn cn=PAM,ou=Groups,dc=padl,dc=com
108.  
109. # Group member attribute
110. #pam_member_attribute uniquemember
111.  
112. # Specify a minium or maximum UID number allowed
113. #pam_min_uid 0
114. #pam_max_uid 0
115.  
116. # Template login attribute, default template user
117. # (can be overriden by value of former attribute
118. # in user's entry)
119. #pam_login_attribute userPrincipalName
120. #pam_template_login_attribute uid
121. #pam_template_login nobody
122.  
123. # HEADS UP: the pam_crypt, pam_nds_passwd,
124. # and pam_ad_passwd options are no
125. # longer supported.
126. #
127. # Do not hash the password at all; presume
128. # the directory server will do it, if
129. # necessary. This is the default.
130. #pam_password md5
131.  
132. # Hash password locally; required for University of
133. # Michigan LDAP server, and works with Netscape
134. # Directory Server if you're using the UNIX-Crypt
135. # hash mechanism and not using the NT Synchronization
136. # service.
137. #pam_password crypt
138.  
139. # Remove old password first, then update in
140. # cleartext. Necessary for use with Novell
141. # Directory Services (NDS)
142. #pam_password clear_remove_old
143. #pam_password nds
144.  
145. # RACF is an alias for the above. For use with
146. # IBM RACF
147. #pam_password racf
148.  
149. # Update Active Directory password, by
150. # creating Unicode password and updating
151. # unicodePwd attribute.
152. #pam_password ad
153.  
154. # Use the OpenLDAP password change
155. # extended operation to update the password.
156. pam_password exop
157.  
158. # Redirect users to a URL or somesuch on password
159. # changes.
160. #pam_password_prohibit_message Please visit http://internal to change your password.
161.  
162. # RFC2307bis naming contexts
163. # Syntax:
164. # nss_base_XXX base?scope?filter
165. # where scope is {base,one,sub}
166. # and filter is a filter to be &'d with the
167. # default filter.
168. # You can omit the suffix eg:
169. # nss_base_passwd ou=People,
170. # to append the default base DN but this
171. # may incur a small performance impact.
172. nss_base_passwd ou=people,dc=kollok,dc=org?one
173. nss_base_shadow ou=people,dc=kollok,dc=org?one
174. nss_base_group ou=groups,dc=kollok,dc=org?one
175. #nss_base_hosts ou=Hosts,dc=padl,dc=com?one
176. #nss_base_services ou=Services,dc=padl,dc=com?one
177. #nss_base_networks ou=Networks,dc=padl,dc=com?one
178. #nss_base_protocols ou=Protocols,dc=padl,dc=com?one
179. #nss_base_rpc ou=Rpc,dc=padl,dc=com?one
180. #nss_base_ethers ou=Ethers,dc=padl,dc=com?one
181. #nss_base_netmasks ou=Networks,dc=padl,dc=com?ne
182. #nss_base_bootparams ou=Ethers,dc=padl,dc=com?one
183. #nss_base_aliases ou=Aliases,dc=padl,dc=com?one
184. #nss_base_netgroup ou=Netgroup,dc=padl,dc=com?one
185.  
186. # attribute/objectclass mapping
187. # Syntax:
188. #nss_map_attribute rfc2307attribute mapped_attribute
189. #nss_map_objectclass rfc2307objectclass mapped_objectclass
190.  
191. # configure --enable-nds is no longer supported.
192. # NDS mappings
193. #nss_map_attribute uniqueMember member
194.  
195. # Services for UNIX 3.5 mappings
196. #nss_map_objectclass posixAccount User
197. #nss_map_objectclass shadowAccount User
198. #nss_map_attribute uid msSFU30Name
199. #nss_map_attribute uniqueMember msSFU30PosixMember
200. #nss_map_attribute userPassword msSFU30Password
201. #nss_map_attribute homeDirectory msSFU30HomeDirectory
202. #nss_map_attribute homeDirectory msSFUHomeDirectory
203. #nss_map_objectclass posixGroup Group
204. #pam_login_attribute msSFU30Name
205. #pam_filter objectclass=User
206. #pam_password ad
207.  
208. # configure --enable-mssfu-schema is no longer supported.
209. # Services for UNIX 2.0 mappings
210. #nss_map_objectclass posixAccount User
211. #nss_map_objectclass shadowAccount user
212. #nss_map_attribute uid msSFUName
213. #nss_map_attribute uniqueMember posixMember
214. #nss_map_attribute userPassword msSFUPassword
215. #nss_map_attribute homeDirectory msSFUHomeDirectory
216. #nss_map_attribute shadowLastChange pwdLastSet
217. #nss_map_objectclass posixGroup Group
218. #nss_map_attribute cn msSFUName
219. #pam_login_attribute msSFUName
220. #pam_filter objectclass=User
221. #pam_password ad
222.  
223. # RFC 2307 (AD) mappings
224. #nss_map_objectclass posixAccount user
225. #nss_map_objectclass shadowAccount user
226. #nss_map_attribute uid sAMAccountName
227. #nss_map_attribute homeDirectory unixHomeDirectory
228. #nss_map_attribute shadowLastChange pwdLastSet
229. #nss_map_objectclass posixGroup group
230. #nss_map_attribute uniqueMember member
231. #pam_login_attribute sAMAccountName
232. #pam_filter objectclass=User
233. #pam_password ad
234.  
235. # configure --enable-authpassword is no longer supported
236. # AuthPassword mappings
237. #nss_map_attribute userPassword authPassword
238.  
239. # AIX SecureWay mappings
240. #nss_map_objectclass posixAccount aixAccount
241. #nss_base_passwd ou=aixaccount,?one
242. #nss_map_attribute uid userName
243. #nss_map_attribute gidNumber gid
244. #nss_map_attribute uidNumber uid
245. #nss_map_attribute userPassword passwordChar
246. #nss_map_objectclass posixGroup aixAccessGroup
247. #nss_base_group ou=aixgroup,?one
248. #nss_map_attribute cn groupName
249. #nss_map_attribute uniqueMember member
250. #pam_login_attribute userName
251. #pam_filter objectclass=aixAccount
252. #pam_password clear
253.  
254. # Netscape SDK LDAPS
255. #ssl on
256.  
257. # Netscape SDK SSL options
258. #sslpath /etc/ssl/certs
259.  
260. # OpenLDAP SSL mechanism
261. # start_tls mechanism uses the normal LDAP port, LDAPS typically 636
262. #ssl start_tls
263. #ssl on
264.  
265. # OpenLDAP SSL options
266. # Require and verify server certificate (yes/no)
267. # Default is to use libldap's default behavior, which can be configured in
268. # /etc/openldap/ldap.conf using the TLS_REQCERT setting. The default for
269. # OpenLDAP 2.0 and earlier is "no", for 2.1 and later is "yes".
270. #tls_checkpeer yes
271.  
272. # CA certificates for server certificate verification
273. # At least one of these are required if tls_checkpeer is "yes"
274. #tls_cacertfile /etc/ssl/ca.cert
275. #tls_cacertdir /etc/ssl/certs
276.  
277. # Seed the PRNG if /dev/urandom is not provided
278. #tls_randfile /var/run/egd-pool
279.  
280. # SSL cipher suite
281. # See man ciphers for syntax
282. #tls_ciphers TLSv1
283.  
284. # Client certificate and key
285. # Use these, if your server requires client authentication.
286. #tls_cert
287. #tls_key
288.  
289. # Disable SASL security layers. This is needed for AD.
290. #sasl_secprops maxssf=0
291.  
292. # Override the default Kerberos ticket cache location.
293. #krb5_ccname FILE:/etc/.ldapcache
294.  
295.  
296. # SASL mechanism for PAM authentication - use is experimental
297. # at present and does not support password policy control
298. #pam_sasl_mech DIGEST-MD5
299.