-
Notifications
You must be signed in to change notification settings - Fork 2
/
Copy pathREADME.ldap
88 lines (86 loc) · 2.67 KB
/
README.ldap
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
#
# enable automatic ldap server determination
#
ldap.auto.off: no
#
# keytab used to authenticate to ldap server (can be the same as for gssapi)
#
ldap.keytab: FILE:/opt/dante-1.2-ldap/etc/sockd.keytab
#
# ldap connection timeout
#
ldap.timeout: 2
#
# Is ssl required for "automagic" ldap connections
#
ldap.ssl: yes
#
# Is ssl certificate check required for ldap connections
#
ldap.certcheck: no
#
# Openldap ca certificate file
#
ldap.certfile: /etc/ssl/certs/cert.pem
#
# Sun/Mozilla LDAP SDK certificate database location
#
ldap.certpath: /etc/certs
#
# openldap debug option
#
ldap.debug: 0
#
# When comparing usernames with ldap users should the Kerberos realm be compared too ?
#
ldap.keeprealm: no
#
# LDAP urls to use if "automagic" ldap determination fails or username does not contain domain/realm name
# ldap(s)://<username>:<password>@<Host:Port>/<basedn>
#
ldap.url: ldap://cn=M M,OU=People,DC=SUSE,DC=HOME:[email protected]/dc=SUSE dc=home
ldap.url: ldaps://cn=m,CN=Users,DC=Win2003R2,DC=HOME:[email protected]:636/dc=Win2003R2 dc=home
#
# Set bindpath for either "automagic" ldap connections or urls above
#
ldap.basedn: dc=WIN2003R2, dc=HOME
#
# ldap filter for Openldap server (assumes rfc2307bis schema) or active directory
#
# Openldap: With a rfc2307bis schema the group membership is based on
# primary or secondary group membership (e.g. like normal unix accounts)
#
# Active Directory: The group membership is determined by the memberof attribute. Any group
# membership is recursively followed to the top.
#
# %s = username
#
ldap.filter: (memberuid=%s)
ldap.filter.ad: (samaccountname=%s)
#
# ldap attribute for Openldap server or active directory
#
ldap.attribute: cn
ldap.attribute.ad: memberof
#
# List of groups per domain/realm
# <group> means use group for usernames with any domain name and usernames which do not have a domain/realm
# <group@> means use group for usernames with any domain name but not for usernames without a domain/realm
# <group@REALM> means use group for usernames with domain REALM
#
# ldap.group: test1@REALM row2@DOMAIN2 test2@REALM test1@REALM2 test3@ [email protected] test4 [email protected]
ldap.group: SQUID_ALLOW
#
# Time (in sec) to cache successful/failed ldap searches
#
ldap.cache: 3600
ldap.cache.neg: 3600
ldap.cache.pos: 3600
#
# Time (in sec) to cache failed ldap server connects
#
ldap.deadtime: 30
#
# Time (in sec) an ldap search can take
#
ldap.searchtime: 30