Updates for AniNIX/Password
This commit is contained in:
80
roles/Password/templates/nslcd.conf.j2
Normal file
80
roles/Password/templates/nslcd.conf.j2
Normal file
@@ -0,0 +1,80 @@
|
||||
# This is the configuration file for the LDAP nameservice
|
||||
# switch library's nslcd daemon. It configures the mapping
|
||||
# between NSS names (see /etc/nsswitch.conf) and LDAP
|
||||
# information in the directory.
|
||||
# See the manual page nslcd.conf(5) for more information.
|
||||
|
||||
# The user and group nslcd should run as.
|
||||
uid nslcd
|
||||
gid nslcd
|
||||
|
||||
# The uri pointing to the LDAP server to use for name lookups.
|
||||
# Multiple entries may be specified. The address that is used
|
||||
# here should be resolvable without using LDAP (obviously).
|
||||
#uri ldap://127.0.0.1/
|
||||
#uri ldaps://127.0.0.1/
|
||||
#uri ldapi://%2fvar%2frun%2fldapi_sock/
|
||||
# Note: %2f encodes the '/' used as directory separator
|
||||
uri ldap://127.0.0.1/
|
||||
|
||||
# The LDAP version to use (defaults to 3
|
||||
# if supported by client library)
|
||||
#ldap_version 3
|
||||
|
||||
# The distinguished name of the search base.
|
||||
base {{ ldap['orgdn'] }}
|
||||
|
||||
# The distinguished name to bind to the server with.
|
||||
# Optional: default is to bind anonymously.
|
||||
binddn uid=binduser,{{ ldap['userou'] }},{{ ldap['orgdn'] }}
|
||||
|
||||
# The credentials to bind with.
|
||||
# Optional: default is no credentials.
|
||||
# Note that if you set a bindpw you should check the permissions of this file.
|
||||
bindpw {{ secrets['Password']['bindpassword'] }}
|
||||
|
||||
# The distinguished name to perform password modifications by root by.
|
||||
rootpwmoddn cn=root,{{ ldap['orgdn'] }}
|
||||
|
||||
# The default search scope.
|
||||
scope sub
|
||||
#filter (&(!(pwdReset=TRUE))(objectClass=person))
|
||||
#scope one
|
||||
#scope base
|
||||
|
||||
# Customize certain database lookups.
|
||||
base group ou=Group,{{ ldap['orgdn'] }}
|
||||
base passwd ou=People,{{ ldap['orgdn'] }}
|
||||
base shadow ou=People,{{ ldap['orgdn'] }}
|
||||
#scope group onelevel
|
||||
scope hosts sub
|
||||
|
||||
# Bind/connect timelimit.
|
||||
#bind_timelimit 30
|
||||
|
||||
# Search timelimit.
|
||||
#timelimit 30
|
||||
|
||||
# Idle timelimit. nslcd will close connections if the
|
||||
# server has not been contacted for the number of seconds.
|
||||
#idle_timelimit 3600
|
||||
|
||||
# Use StartTLS without verifying the server certificate.
|
||||
#ssl start_tls
|
||||
#tls_reqcert never
|
||||
|
||||
# CA certificates for server certificate verification
|
||||
#tls_cacertdir /etc/ssl/certs
|
||||
#tls_cacertfile /etc/ssl/ca.cert
|
||||
|
||||
# Seed the PRNG if /dev/urandom is not provided
|
||||
#tls_randfile /var/run/egd-pool
|
||||
|
||||
# SSL cipher suite
|
||||
# See man ciphers for syntax
|
||||
#tls_ciphers TLSv1
|
||||
|
||||
# Client certificate and key
|
||||
# Use these, if your server requires client authentication.
|
||||
#tls_cert
|
||||
#tls_key
|
||||
Reference in New Issue
Block a user