# The user and group nslcd should run as. #uid nslcd #gid nslcd # The uri pointing to the LDAP server to use for name lookups. uri ldap://127.0.0.1/ #uri ldap://192.168.0.10/ # The LDAP version to use (defaults to 3 # if supported by client library) #ldap_version 3 # The distinguished name of the search base. base dc=dark,dc=net # The distinguished name to bind to the server with. # Optional: default is to bind anonymously. # binddn cn=admin,dc=dark,dc=net # The credentials to bind with. # Optional: default is no credentials. # Note that if you set a bindpw you should check the permissions of this file. # bindpw jackie # The distinguished name to perform password modifications by root by. #rootpwmoddn cn=admin,dc=example,dc=com # Use StartTLS without verifying the server certificate. ssl start_tls tls_reqcert allow # CA certificates for server certificate verification #tls_cacertdir /etc/ssl/certs tls_cacertfile /var/lib/ldap/cacert.pem # Seed the PRNG if /dev/urandom is not provided #tls_randfile /var/run/egd-pool # Client certificate and key # Use these, if your server requires client authentication. tls_cert /var/lib/ldap/server.crt tls_key /var/lib/ldap/server.key # map passwd uid msSFUName # map passwd userPassword msSFUPassword # map passwd homeDirectory msSFUHomeDirectory # map passwd gecos msSFUName # filter shadow (objectClass=User) # map shadow uid msSFUName # map shadow userPassword msSFUPassword # map shadow shadowLastChange pwdLastSet # filter group (objectClass=Group) # map group uniqueMember posixMember