Conf de ldap.
* Acces a la base * Conf de pam pour ldap * Conf de nss pour ldap darcs-hash:20080209021350-af139-0dd9ab0a07fd64c38d18efc94d7c82b130d6df17.gz
This commit is contained in:
Jeremie Dimino
parent
5d6f9722bb
commit
1bb9fac1e4
20 changed files with 363 additions and 49 deletions
74
Python/etc/libnss-ldap.conf
Normal file
74
Python/etc/libnss-ldap.conf
Normal file
|
|
@ -0,0 +1,74 @@
|
|||
# -*- mode: python; coding: utf-8 -*-
|
||||
|
||||
include("mode/space")
|
||||
include("secrets")
|
||||
include("ip")
|
||||
|
||||
header("""
|
||||
Fichier de configuration pour libnss-ldap.
|
||||
|
||||
Pour des informations détaillées voir libnss-ldap.conf(5)
|
||||
ainsi que /usr/share/libnss-ldap/ldap.conf
|
||||
""")
|
||||
|
||||
@# +----------------------------------------------------+
|
||||
@# | Configuration de la communiquation avec le serveur |
|
||||
@# +----------------------------------------------------+
|
||||
|
||||
if has("db-server"):
|
||||
@# Socket unix du serveur
|
||||
%uri "ldapi://%2fvar%2frun%2fslapd%2fldapi/"
|
||||
else:
|
||||
@# Addresse du serveur
|
||||
%uri "ldap://%s/" % admipof("ldap")
|
||||
|
||||
@# The distinguished name of the search base.
|
||||
%base "dc=crans,dc=org"
|
||||
|
||||
@# The distinguished name to bind to the server with.
|
||||
@# Optional: default is to bind anonymously.
|
||||
@# Please do not put double quotes around it as they
|
||||
@# would be included literally.
|
||||
%binddn secrets.ldap_readonly_auth_dn
|
||||
|
||||
@# The credentials to bind with.
|
||||
@# Optional: default is no credential.
|
||||
%bindpw secrets.ldap_readonly_password
|
||||
|
||||
@# The distinguished name to bind to the server with
|
||||
@# if the effective user ID is root. Password is
|
||||
@# stored in /etc/libnss-ldap.secret (mode 600)
|
||||
@# Use 'echo -n "mypassword" > /etc/libnss-ldap.secret' instead
|
||||
@# of an editor to create the file.
|
||||
%rootbinddn secrets.ldap_readonly_auth_dn
|
||||
|
||||
@# The LDAP version to use (defaults to 3
|
||||
@# if supported by client library)
|
||||
%ldap_version 3
|
||||
|
||||
@# Search timelimit
|
||||
%timelimit 5
|
||||
|
||||
@# Bind/connect timelimit
|
||||
%bind_timelimit 5
|
||||
|
||||
@# +------------------+
|
||||
@# | Bases de données |
|
||||
@# +------------------+
|
||||
|
||||
# On n'utilise ldap pour résoudre les bases de données
|
||||
# passwd, group et shadow
|
||||
if has("users"):
|
||||
# Sur le serveur des adhérents, on veut que tout
|
||||
# les adhérents soit reconnus comme utilisateurs locaux
|
||||
%nss_base_passwd "ou=data,dc=crans,dc=org?one"
|
||||
else:
|
||||
# Sur les autres serveurs on filtre pour que seuls
|
||||
# les nounous et les apprentis le soit.
|
||||
# Il est important de mettre ce filtrage au niveau de
|
||||
# libnss-ldap et pam-ldap car ssh utilise pam pour les
|
||||
# mots de passe mais pour l'authentification par clés
|
||||
# il n'utilise que nss
|
||||
%nss_base_passwd "ou=data,dc=crans,dc=org?one?|(droits=Nounou)(droits=Apprenti)"
|
||||
%nss_base_shadow "ou=data,dc=crans,dc=org?one"
|
||||
%nss_base_group "ou=Group,dc=crans,dc=org?one"
|
||||
Loading…
Add table
Add a link
Reference in a new issue