# # /etc/ldap.conf # #configtype AD # # This is the configuration file for the LDAP nameservice # switch library, the LDAP PAM module and the shadow package. # # See ldap.conf(5) for details # # Contents of this file are auto generated # # Your LDAP server. Must be resolvable without using LDAP. {DUMMY IP ADDRESS, acutal one is pingable} host 192.168.1.1 # The distinguished name of the search tree. base dc=INTRANET,dc=prodname,dc=COM # Your LDAP server name. Must be resolved using /etc/hosts #uri LDAP_URI_CONFIG_VALUE # The LDAP version to use (defaults to 3 # if supported by client library) ldap_version 3 # Don't try forever if the LDAP server is not reacheable bind_policy soft # The distinguished name to bind to the server with. # Optional: default is to bind anonymously. binddn cn=Administrator,cn=Users,dc=INTRANET,dc=prodname,dc=COM # The credentials to bind with. # Optional: default is no credential. bindpw somepassword # The distinguished name to bind to the server with # if the effective user ID is root. Password is # stored in /etc/ldap.secret (mode 600) #rootbinddn cn=Manager,dc=example,dc=com # The port. # Optional: default is 389. port 389 # Search the root DSE for the password policy (works # with Netscape Directory Server). And make use of # Password Policy LDAP Control (as in OpenLDAP) pam_lookup_policy yes # Hash password locally; required for University of # Michigan LDAP server, and works with Netscape # Directory Server if you're using the UNIX-Crypt # hash mechanism and not using the NT Synchronization # service. pam_password crypt # returns NOTFOUND if nss_ldap's initgroups() is called # for users specified in nss_initgroups_ignoreusers # (comma separated) nss_initgroups_ignoreusers root,ldap # Enable support for RFC2307bis (distinguished names in group # members) nss_schema rfc2307bis # Enable search time limit to 15 seconds timelimit 15 # Enable bind timelimit to 15 seconds bind_timelimit 15 #AD specific attribute set scope sub nss_map_objectclass posixAccount user nss_map_objectclass shadowAccount user nss_map_attribute uid samaccountname nss_map_attribute uidNumber uidNumber nss_map_attribute gidNumber gidNumber nss_map_attribute loginShell loginShell nss_map_attribute gecos uidNumber # nss_map_attribute userPassword msSFU30Password nss_map_attribute homeDirectory unixhomedirectory nss_map_objectclass posixGroup group nss_map_attribute cn samaccountname pam_login_attribute samaccountname # pam_member_attribute msSFU30PosixMember nss_override_attribute_value loginShell /bin/bash # OpenLDAP SSL mechanism # start_tls mechanism uses the normal LDAP port, LDAPS typically 636 ssl start_tls # nss_map_attribute uniqueMember msSFU30PosixMember pam_filter objectclass=user tls_checkpeer no nss_base_passwd CN=LDN_user1,OU=Users,OU=LDN,OU=EMEA,OU=GLB,DC=INTRANET,DC=VPLEX,DC=COM nss_base_shadow CN=LDN_user1,OU=Users,OU=LDN,OU=EMEA,OU=GLB,DC=INTRANET,DC=VPLEX,DC=COM nss_base_group CN=LDN_user1,OU=Users,OU=LDN,OU=EMEA,OU=GLB,DC=INTRANET,DC=VPLEX,DC=COM nss_base_passwd CN=LDN_user2,OU=Users,OU=LDN,OU=EMEA,OU=GLB,DC=INTRANET,DC=VPLEX,DC=COM nss_base_shadow CN=LDN_user2,OU=Users,OU=LDN,OU=EMEA,OU=GLB,DC=INTRANET,DC=VPLEX,DC=COM nss_base_group CN=LDN_user2,OU=Users,OU=LDN,OU=EMEA,OU=GLB,DC=INTRANET,DC=VPLEX,DC=COM nss_base_passwd CN=LDN_user10,OU=Users,OU=LDN,OU=EMEA,OU=GLB,DC=INTRANET,DC=VPLEX,DC=COM nss_base_shadow CN=LDN_user10,OU=Users,OU=LDN,OU=EMEA,OU=GLB,DC=INTRANET,DC=VPLEX,DC=COM nss_base_group CN=LDN_user10,OU=Users,OU=LDN,OU=EMEA,OU=GLB,DC=INTRANET,DC=VPLEX,DC=COM nss_base_passwd CN=LDN_user12,OU=Users,OU=LDN,OU=EMEA,OU=GLB,DC=INTRANET,DC=VPLEX,DC=COM nss_base_shadow CN=LDN_user12,OU=Users,OU=LDN,OU=EMEA,OU=GLB,DC=INTRANET,DC=VPLEX,DC=COM nss_base_group CN=LDN_user12,OU=Users,OU=LDN,OU=EMEA,OU=GLB,DC=INTRANET,DC=VPLEX,DC=COM nss_base_passwd CN=LDN_user13,OU=Users,OU=LDN,OU=EMEA,OU=GLB,DC=INTRANET,DC=VPLEX,DC=COM nss_base_shadow CN=LDN_user13,OU=Users,OU=LDN,OU=EMEA,OU=GLB,DC=INTRANET,DC=VPLEX,DC=COM nss_base_group CN=LDN_user13,OU=Users,OU=LDN,OU=EMEA,OU=GLB,DC=INTRANET,DC=VPLEX,DC=COM nss_base_passwd CN=LDN_user14,OU=Users,OU=LDN,OU=EMEA,OU=GLB,DC=INTRANET,DC=VPLEX,DC=COM?sub?!(userAccountControl:1.2.840.113556.1.4.803:=800012) nss_base_shadow CN=LDN_user14,OU=Users,OU=LDN,OU=EMEA,OU=GLB,DC=INTRANET,DC=VPLEX,DC=COM?sub?!(userAccountControl:1.2.840.113556.1.4.803:=800012) nss_base_group CN=LDN_user14,OU=Users,OU=LDN,OU=EMEA,OU=GLB,DC=INTRANET,DC=VPLEX,DC=COM?sub?!(userAccountControl:1.2.840.113556.1.4.803:=80 nss_base_passwd CN=LDN_user15,OU=Users,OU=LDN,OU=EMEA,OU=GLB,DC=INTRANET,DC=VPLEX,DC=COM nss_base_shadow CN=LDN_user15,OU=Users,OU=LDN,OU=EMEA,OU=GLB,DC=INTRANET,DC=VPLEX,DC=COM nss_base_group CN=LDN_user15,OU=Users,OU=LDN,OU=EMEA,OU=GLB,DC=INTRANET,DC=VPLEX,DC=COM nss_base_passwd CN=LDN_user16,OU=Users,OU=LDN,OU=EMEA,OU=GLB,DC=INTRANET,DC=VPLEX,DC=COM nss_base_shadow CN=LDN_user16,OU=Users,OU=LDN,OU=EMEA,OU=GLB,DC=INTRANET,DC=VPLEX,DC=COM nss_base_group CN=LDN_user16,OU=Users,OU=LDN,OU=EMEA,OU=GLB,DC=INTRANET,DC=VPLEX,DC=COM nss_base_passwd CN=LDN_user17,OU=Users,OU=LDN,OU=EMEA,OU=GLB,DC=INTRANET,DC=VPLEX,DC=COM nss_base_shadow CN=LDN_user17,OU=Users,OU=LDN,OU=EMEA,OU=GLB,DC=INTRANET,DC=VPLEX,DC=COM nss_base_group CN=LDN_user17,OU=Users,OU=LDN,OU=EMEA,OU=GLB,DC=INTRANET,DC=VPLEX,DC=COM nss_base_passwd CN=LDN_user18,OU=Users,OU=LDN,OU=EMEA,OU=GLB,DC=INTRANET,DC=VPLEX,DC=COM nss_base_shadow CN=LDN_user18,OU=Users,OU=LDN,OU=EMEA,OU=GLB,DC=INTRANET,DC=VPLEX,DC=COM nss_base_group CN=LDN_user18,OU=Users,OU=LDN,OU=EMEA,OU=GLB,DC=INTRANET,DC=VPLEX,DC=COM nss_base_passwd CN=LDN_user19,OU=Users,OU=LDN,OU=EMEA,OU=GLB,DC=INTRANET,DC=VPLEX,DC=COM nss_base_shadow CN=LDN_user19,OU=Users,OU=LDN,OU=EMEA,OU=GLB,DC=INTRANET,DC=VPLEX,DC=COM nss_base_group CN=LDN_user19,OU=Users,OU=LDN,OU=EMEA,OU=GLB,DC=INTRANET,DC=VPLEX,DC=COM