mirror of https://github.com/nitnelave/lldap.git
60 lines
1.7 KiB
Plaintext
60 lines
1.7 KiB
Plaintext
# /etc/nslcd.conf
|
|
# nslcd configuration file. See nslcd.conf(5)
|
|
# for details.
|
|
|
|
# The user and group nslcd should run as.
|
|
uid nslcd
|
|
gid nslcd
|
|
|
|
# The location at which the LDAP server(s) should be reachable.
|
|
uri ldaps://lldap.example.net:6360/
|
|
|
|
# The search base that will be used for all queries.
|
|
base dc=example,dc=net
|
|
|
|
# The LDAP protocol version to use.
|
|
#ldap_version 3
|
|
|
|
# The DN to bind with for normal lookups.
|
|
binddn cn=...,ou=people,dc=example,dc=com
|
|
bindpw ...
|
|
|
|
# The DN used for password modifications by root.
|
|
#rootpwmoddn cn=admin,dc=example,dc=com
|
|
|
|
# SSL options
|
|
#ssl off
|
|
tls_reqcert demand
|
|
tls_cacertfile /etc/cert-lldap.example.com.pem
|
|
|
|
# The search scope.
|
|
#scope sub
|
|
|
|
reconnect_invalidate passwd group
|
|
nss_initgroups_ignoreusers ALLLOCAL
|
|
|
|
# Do you have users/groups that aren't for linux? These filters determine which user/group objects are used.
|
|
filter passwd (&(objectClass=posixAccount)(unix-uid=*))
|
|
filter group (&(objectClass=groupOfUniqueNames)(unix-gid=*))
|
|
|
|
# This check is done AFTER authentication, in the pam "account" stage.
|
|
# Regardless of if they used a LDAP password, or an SSH key, if they're an LDAP user, they have to pass this check.
|
|
pam_authz_search (&(objectClass=posixAccount)(unix-uid=*)(unix-username=$username)(memberOf=cn=YOUR_LOGIN_GROUP_FOR_THIS_MACHINE,ou=groups,dc=example,dc=com))
|
|
|
|
|
|
map passwd uid unix-username
|
|
map passwd uidNumber unix-uid
|
|
map passwd gidNumber unix-gid
|
|
map passwd gecos unix-username
|
|
map passwd homeDirectory "/home/${unix-username}"
|
|
map passwd loginShell unix-shell
|
|
|
|
map group gidNumber unix-gid
|
|
map group memberUid member
|
|
|
|
nss_min_uid 1000
|
|
|
|
pam_password_prohibit_message "Please use the forgot password link on https://lldap.example.com/ to change your password."
|
|
|
|
|