[pam_ldap.conf] Fichiers d'un autre temps
This commit is contained in:
parent
63b8f25d49
commit
dd8faae8f6
1 changed files with 0 additions and 83 deletions
|
@ -1,83 +0,0 @@
|
||||||
# -*- mode: python; coding: utf-8 -*-
|
|
||||||
|
|
||||||
include("mode/space")
|
|
||||||
include("secrets")
|
|
||||||
include("ldap")
|
|
||||||
|
|
||||||
header("""
|
|
||||||
Fichier de configuration de libpam-ldap.
|
|
||||||
|
|
||||||
Pour des informations détaillées voir pam_ldap.conf(5)
|
|
||||||
""")
|
|
||||||
|
|
||||||
if has("2B"):
|
|
||||||
# Lisible par adm sur vert pour que les nounous puissent locker
|
|
||||||
# leur écran
|
|
||||||
info['group'] = 'adm'
|
|
||||||
info['perms'] |= 0060
|
|
||||||
|
|
||||||
@# +----------------------------------------------------+
|
|
||||||
@# | Configuration de la communiquation avec le serveur |
|
|
||||||
@# +----------------------------------------------------+
|
|
||||||
|
|
||||||
@# The distinguished name of the search base.
|
|
||||||
%base "dc=crans,dc=org"
|
|
||||||
|
|
||||||
@# Base LDAP
|
|
||||||
%uri "%s" % ldap_socket
|
|
||||||
|
|
||||||
@# The LDAP version to use (defaults to 3
|
|
||||||
@# if supported by client library)
|
|
||||||
%ldap_version 3
|
|
||||||
|
|
||||||
if has("db-main"):
|
|
||||||
@# The distinguished name to bind to the server with
|
|
||||||
@# if the effective user ID is root. Password is
|
|
||||||
@# stored in /etc/ldap.secret (mode 600)
|
|
||||||
%rootbinddn secrets.ldap_auth_dn
|
|
||||||
|
|
||||||
else:
|
|
||||||
@# The distinguished name to bind to the server with.
|
|
||||||
@# Optional: default is to bind anonymously.
|
|
||||||
%binddn secrets.ldap_readonly_auth_dn
|
|
||||||
|
|
||||||
@# The credentials to bind with.
|
|
||||||
@# Optional: default is no credential.
|
|
||||||
%bindpw secrets.ldap_readonly_password
|
|
||||||
|
|
||||||
@# The port.
|
|
||||||
@# Optional: default is 389.
|
|
||||||
@#port 389
|
|
||||||
|
|
||||||
@# The search scope.
|
|
||||||
@#scope sub
|
|
||||||
%scope "one"
|
|
||||||
@#scope base
|
|
||||||
|
|
||||||
if not has("db-main"):
|
|
||||||
@# Search timelimit
|
|
||||||
%timelimit 5
|
|
||||||
|
|
||||||
@# Bind timelimit
|
|
||||||
%bind_timelimit 5
|
|
||||||
|
|
||||||
@# Do not hash the password at all; presume
|
|
||||||
@# the directory server will do it, if
|
|
||||||
@# necessary. This is the default.
|
|
||||||
%pam_password "exop"
|
|
||||||
|
|
||||||
@# +------------------+
|
|
||||||
@# | Bases de données |
|
|
||||||
@# +------------------+
|
|
||||||
|
|
||||||
# On n'utilise ldap pour résoudre les bases de données
|
|
||||||
# passwd, group et shadow
|
|
||||||
|
|
||||||
if ldap_filter:
|
|
||||||
passwd_filter = "?%s" % ldap_filter
|
|
||||||
else:
|
|
||||||
passwd_filter = ""
|
|
||||||
|
|
||||||
%nss_base_passwd "ou=data,dc=crans,dc=org?one%s" % passwd_filter
|
|
||||||
%nss_base_shadow "ou=data,dc=crans,dc=org?one"
|
|
||||||
%nss_base_group "ou=Group,dc=crans,dc=org?one"
|
|
Loading…
Add table
Add a link
Reference in a new issue