# This is the configuration file for the LDAP nameservice # switch library's nslcd daemon. It configures the mapping # between NSS names (see /etc/nsswitch.conf) and LDAP # information in the directory. # See the manual page nslcd.conf(5) for more information. # The user and group nslcd should run as. uid nslcd gid nslcd # The uri pointing to the LDAP server to use for name lookups. # Multiple entries may be specified. The address that is used # here should be resolvable without using LDAP (obviously). #uri ldap://127.0.0.1/ #uri ldaps://127.0.0.1/ #uri ldapi://%2fvar%2frun%2fldapi_sock/ # Note: %2f encodes the '/' used as directory separator uri ldap://{{ ldap['server'] }}/ # The LDAP version to use (defaults to 3 # if supported by client library) #ldap_version 3 # The distinguished name of the search base. base {{ ldap['orgdn'] }} # The distinguished name to bind to the server with. # Optional: default is to bind anonymously. binddn {{ ldap['binduser'] }},{{ ldap['userou'] }},{{ ldap['orgdn'] }} # The credentials to bind with. # Optional: default is no credentials. # Note that if you set a bindpw you should check the permissions of this file. bindpw {{ secrets['Sora']['bindpassword'] }} # The distinguished name to perform password modifications by root by. rootpwmoddn cn=root,{{ ldap['orgdn'] }} # The default search scope. scope sub #filter (&(!(pwdReset=TRUE))(objectClass=person)) #scope one #scope base # Customize certain database lookups. base group {{ ldap['groupou'] }},{{ ldap['orgdn'] }} base passwd {{ ldap['userou'] }},{{ ldap['orgdn'] }} base shadow {{ ldap['userou'] }},{{ ldap['orgdn'] }} #scope group onelevel scope hosts sub # Bind/connect timelimit. #bind_timelimit 30 # Search timelimit. #timelimit 30 # Idle timelimit. nslcd will close connections if the # server has not been contacted for the number of seconds. #idle_timelimit 3600 # Use StartTLS without verifying the server certificate. #ssl start_tls #tls_reqcert never # CA certificates for server certificate verification #tls_cacertdir /etc/ssl/certs #tls_cacertfile /etc/ssl/ca.cert # Seed the PRNG if /dev/urandom is not provided #tls_randfile /var/run/egd-pool # SSL cipher suite # See man ciphers for syntax #tls_ciphers TLSv1 # Client certificate and key # Use these, if your server requires client authentication. #tls_cert #tls_key