# # /etc/ldap.conf # #configtype OpenLDAP # # This is the configuration file for the LDAP nameservice # switch library, the LDAP PAM module and the shadow package. # # See ldap.conf(5) for details # # Contents of this file are auto generated # # Your LDAP server. Must be resolvable without using LDAP.{DUMMY IP ADDRESS, acutal one is pingable} host 192.168.1.1 # The distinguished name of the search tree. base dc=xxxxxxxx,dc=yyy,dc=zzz,dc=com # Your LDAP server name. Must be resolved using /etc/hosts uri ldaps://somldapserver # The LDAP version to use (defaults to 3 # if supported by client library) ldap_version 3 # Don't try forever if the LDAP server is not reacheable bind_policy soft # The distinguished name to bind to the server with. # Optional: default is to bind anonymously. binddn cn=Administrator,dc=xxxxxxxx,dc=yyy,dc=zzz,dc=com # The credentials to bind with. # Optional: default is no credential. bindpw somepaswd # The distinguished name to bind to the server with # if the effective user ID is root. Password is # stored in /etc/ldap.secret (mode 600) #rootbinddn cn=Manager,dc=example,dc=com # The port. # Optional: default is 389. port 636 # Search the root DSE for the password policy (works # with Netscape Directory Server). And make use of # Password Policy LDAP Control (as in OpenLDAP) pam_lookup_policy yes # Hash password locally; required for University of # Michigan LDAP server, and works with Netscape # Directory Server if you're using the UNIX-Crypt # hash mechanism and not using the NT Synchronization # service. pam_password crypt # returns NOTFOUND if nss_ldap's initgroups() is called # for users specified in nss_initgroups_ignoreusers # (comma separated) nss_initgroups_ignoreusers root,ldap # Enable support for RFC2307bis (distinguished names in group # members) nss_schema rfc2307bis # Enable search time limit to 15 seconds timelimit 15 # Enable bind timelimit to 15 seconds bind_timelimit 15 #AD specific attribute set # scope sub #nss_map_objectclass posixAccount User #nss_map_objectclass shadowAccount User #nss_map_attribute uid msSFU30Name #nss_map_attribute uidNumber msSFU30UidNumber #nss_map_attribute uidNumber msSFU30UidNumber #nss_map_attribute gidNumber msSFU30GidNumber #nss_map_attribute loginShell msSFU30LoginShell #nss_map_attribute gecos name #nss_map_attribute userPassword msSFU30Password #nss_map_attribute homeDirectory msSFU30HomeDirectory #nss_map_objectclass posixGroup Group #nss_map_attribute cn cn #pam_login_attribute msSFU30Name #pam_member_attribute msSFU30PosixMember nss_override_attribute_value loginShell /bin/bash # OpenLDAP SSL mechanism # start_tls mechanism uses the normal LDAP port, LDAPS typically 636 ssl on nss_map_attribute uniqueMember member pam_filter objectclass=posixAccount tls_checkpeer no nss_base_passwd uid=test_sombod,dc=xxxxxxxx,dc=yyy,dc=zzz,dc=com nss_base_shadow uid=test_sombod,dc=xxxxxxxx,dc=yyy,dc=zzz,dc=com nss_base_group uid=test_sombod,dc=xxxxxxxx,dc=yyy,dc=zzz,dc=com nss_base_passwd uid=test_people1,ou=people,dc=xxxxxxxx,dc=yyy,dc=zzz,dc=com nss_base_shadow uid=test_people1,ou=people,dc=xxxxxxxx,dc=yyy,dc=zzz,dc=com nss_base_group uid=test_people1,ou=people,dc=xxxxxxxx,dc=yyy,dc=zzz,dc=com nss_base_passwd uid=test_sombod2,dc=xxxxxxxx,dc=yyy,dc=zzz,dc=com nss_base_shadow uid=test_sombod2,dc=xxxxxxxx,dc=yyy,dc=zzz,dc=com nss_base_group uid=test_sombod2,dc=xxxxxxxx,dc=yyy,dc=zzz,dc=com nss_base_passwd uid=test_sombod3,dc=xxxxxxxx,dc=yyy,dc=zzz,dc=com nss_base_shadow uid=test_sombod3,dc=xxxxxxxx,dc=yyy,dc=zzz,dc=com nss_base_group uid=test_sombod3,dc=xxxxxxxx,dc=yyy,dc=zzz,dc=com nss_base_passwd uid=test_sombod4,dc=xxxxxxxx,dc=yyy,dc=zzz,dc=com nss_base_shadow uid=test_sombod4,dc=xxxxxxxx,dc=yyy,dc=zzz,dc=com nss_base_group uid=test_sombod4,dc=xxxxxxxx,dc=yyy,dc=zzz,dc=com nss_base_passwd uid=test_sombod5,dc=xxxxxxxx,dc=yyy,dc=zzz,dc=com nss_base_shadow uid=test_sombod5,dc=xxxxxxxx,dc=yyy,dc=zzz,dc=com nss_base_group uid=test_sombod5,dc=xxxxxxxx,dc=yyy,dc=zzz,dc=com nss_base_passwd uid=test_sombod6,dc=xxxxxxxx,dc=yyy,dc=zzz,dc=com nss_base_shadow uid=test_sombod6,dc=xxxxxxxx,dc=yyy,dc=zzz,dc=com nss_base_group uid=test_sombod6,dc=xxxxxxxx,dc=yyy,dc=zzz,dc=com nss_base_passwd ou=ldapconfig,dc=xxxxxxxx,dc=yyy,dc=zzz,dc=com nss_base_shadow ou=ldapconfig,dc=xxxxxxxx,dc=yyy,dc=zzz,dc=com nss_base_group ou=ldapconfig,dc=xxxxxxxx,dc=yyy,dc=zzz,dc=com nss_base_passwd uid=testUser4,ou=qe,ou=engg,ou=deff,dc=xxxxxxxx,dc=yyy,dc=zzz,dc=com nss_base_shadow uid=testUser4,ou=qe,ou=engg,ou=deff,dc=xxxxxxxx,dc=yyy,dc=zzz,dc=com nss_base_group uid=testUser4,ou=qe,ou=engg,ou=deff,dc=xxxxxxxx,dc=yyy,dc=zzz,dc=com nss_base_passwd uid=testUser5,ou=qe,ou=engg,ou=deff,dc=xxxxxxxx,dc=yyy,dc=zzz,dc=com nss_base_shadow uid=testUser5,ou=qe,ou=engg,ou=deff,dc=xxxxxxxx,dc=yyy,dc=zzz,dc=com nss_base_group uid=testUser5,ou=qe,ou=engg,ou=deff,dc=xxxxxxxx,dc=yyy,dc=zzz,dc=com nss_base_passwd uid=test_user,ou=people,dc=xxxxxxxx,dc=yyy,dc=zzz,dc=com nss_base_shadow uid=test_user,ou=people,dc=xxxxxxxx,dc=yyy,dc=zzz,dc=com nss_base_group uid=test_user,ou=people,dc=xxxxxxxx,dc=yyy,dc=zzz,dc=com nss_base_passwd uid=test_people,ou=people,dc=xxxxxxxx,dc=yyy,dc=zzz,dc=com nss_base_shadow uid=test_people,ou=people,dc=xxxxxxxx,dc=yyy,dc=zzz,dc=com nss_base_group uid=test_people,ou=people,dc=xxxxxxxx,dc=yyy,dc=zzz,dc=com nss_base_passwd uid=test_people2,ou=people,dc=xxxxxxxx,dc=yyy,dc=zzz,dc=com nss_base_shadow uid=test_people2,ou=people,dc=xxxxxxxx,dc=yyy,dc=zzz,dc=com nss_base_group uid=test_people2,ou=people,dc=xxxxxxxx,dc=yyy,dc=zzz,dc=com nss_base_passwd uid=fadbox:IT,ou=qe,ou=engg,ou=deff,dc=xxxxxxxx,dc=yyy,dc=zzz,dc=com nss_base_shadow uid=fadbox:IT,ou=qe,ou=engg,ou=deff,dc=xxxxxxxx,dc=yyy,dc=zzz,dc=com nss_base_group uid=fadbox:IT,ou=qe,ou=engg,ou=deff,dc=xxxxxxxx,dc=yyy,dc=zzz,dc=com nss_base_passwd uid=fadboxtIT1,ou=people,dc=xxxxxxxx,dc=yyy,dc=zzz,dc=com # nss_base_shadow uid=fadboxtIT1,ou=people,dc=xxxxxxxx,dc=yyy,dc=zzz,dc=com # nss_base_group uid=fadboxtIT1,ou=people,dc=xxxxxxxx,dc=yyy,dc=zzz,dc=com