From 3268a4c3db16f4c587c204021d9e3dfb42372471 Mon Sep 17 00:00:00 2001
From: Matthijs Kooijman <matthijs@stdin.nl>
Date: Mon, 3 Oct 2011 18:13:57 +0200
Subject: [PATCH] nslcd: Add working configuration files.

This adds the configuration files neede to talk to the LDAP server running at
"ldap.local", using the NSS schema.
---
 etc/nslcd.conf | 29 +++++++++++++++++++++++++++++
 1 file changed, 29 insertions(+)
 create mode 100644 etc/nslcd.conf

diff --git a/etc/nslcd.conf b/etc/nslcd.conf
new file mode 100644
index 0000000..15e1bf4
--- /dev/null
+++ b/etc/nslcd.conf
@@ -0,0 +1,29 @@
+# /etc/nslcd.conf
+# nslcd configuration file. See nslcd.conf(5)
+# for details.
+
+# The user and group nslcd should run as.
+uid nslcd
+gid nslcd
+
+# The location at which the LDAP server(s) should be reachable.
+uri ldap://ldap.local
+
+# The search base that will be used for all queries.
+base passwd ou=Persons,dc=tika,dc=stderr,dc=nl
+base shadow ou=Persons,dc=tika,dc=stderr,dc=nl
+base group ou=Groups,dc=tika,dc=stderr,dc=nl
+
+filter passwd (objectClass=maroesjaSystemIdentity)
+filter shadow (objectClass=maroesjaSystemIdentity)
+filter group (objectClass=maroesjaSystemGroup)
+
+# Note that this uses maroesjaSystemLoginIdentity instead of
+# maroesjaSystemIdentity above. This is important, since maroesjaSystemIdenties
+# should show up in NSS, but should not be allowed to authenticate. They'll
+# probably miss other attributes too, like host or uidNumber, but this makes
+# sure they can never login.
+pam_authz_search (&(objectClass=maroesjaSystemLoginIdentity)(uid=$username)(|(host=$hostname)(host=$fqdn)(host=\\*)))
+
+# This is needed with nss-pam-ldapd before 0.8.4
+#map group uniqueMember member
-- 
2.30.2