From: Matthijs Kooijman Date: Mon, 3 Oct 2011 16:13:57 +0000 (+0200) Subject: nslcd: Add working configuration files. X-Git-Url: https://git.stderr.nl/gitweb?a=commitdiff_plain;h=3268a4c3db16f4c587c204021d9e3dfb42372471;p=matthijs%2Fservers%2Ftika.git nslcd: Add working configuration files. This adds the configuration files neede to talk to the LDAP server running at "ldap.local", using the NSS schema. --- diff --git a/etc/nslcd.conf b/etc/nslcd.conf new file mode 100644 index 0000000..15e1bf4 --- /dev/null +++ b/etc/nslcd.conf @@ -0,0 +1,29 @@ +# /etc/nslcd.conf +# nslcd configuration file. See nslcd.conf(5) +# for details. + +# The user and group nslcd should run as. +uid nslcd +gid nslcd + +# The location at which the LDAP server(s) should be reachable. +uri ldap://ldap.local + +# The search base that will be used for all queries. +base passwd ou=Persons,dc=tika,dc=stderr,dc=nl +base shadow ou=Persons,dc=tika,dc=stderr,dc=nl +base group ou=Groups,dc=tika,dc=stderr,dc=nl + +filter passwd (objectClass=maroesjaSystemIdentity) +filter shadow (objectClass=maroesjaSystemIdentity) +filter group (objectClass=maroesjaSystemGroup) + +# Note that this uses maroesjaSystemLoginIdentity instead of +# maroesjaSystemIdentity above. This is important, since maroesjaSystemIdenties +# should show up in NSS, but should not be allowed to authenticate. They'll +# probably miss other attributes too, like host or uidNumber, but this makes +# sure they can never login. +pam_authz_search (&(objectClass=maroesjaSystemLoginIdentity)(uid=$username)(|(host=$hostname)(host=$fqdn)(host=\\*))) + +# This is needed with nss-pam-ldapd before 0.8.4 +#map group uniqueMember member