dataset/seed/ldap-client/templates/ldap.conf

#
# LDAP Defaults
#

# See ldap.conf(5) for details
# This file should be world readable but not world writable.

#BASE	dc=example,dc=com
#URI	ldap://ldap.example.com ldap://ldap-master.example.com:666
#>GNUNUX
BASE %%ldapclient_search_dn
URI ldaps://%%ldap_server_address:%%ldap_port
#<GNUNUX

#SIZELIMIT	12
#TIMELIMIT	15
#DEREF		never

# When no CA certificates are specified the Shared System Certificates
# are in use. In order to have these available along with the ones specified
# by TLS_CACERTDIR one has to include them explicitly:
#TLS_CACERT	/etc/pki/tls/cert.pem
#>GNUNUX
TLS_CERT %%tls_cert_directory/ldap_client.crt
TLS_KEY %%tls_key_directory/ldap_client.key
TLS_CACERT %%tls_ca_directory/LDAP.crt
#<GNUNUX

# System-wide Crypto Policies provide up to date cipher suite which should
# be used unless one needs a finer grinded selection of ciphers. Hence, the
# PROFILE=SYSTEM value represents the default behavior which is in place
# when no explicit setting is used. (see openssl-ciphers(1) for more info)
#TLS_CIPHER_SUITE PROFILE=SYSTEM

# Turning this off breaks GSSAPI used with krb5 when rdns = false
SASL_NOCANON	on

#>GNUNUX
BINDDN %%ldapclient_user
TIMELIMIT 10
NETWORK_TIMEOUT 10
TIMEOUT 10
BINDPW %%ldapclient_user_password
#<GNUNUX
fork from cadoles' risotto-dataset 2022-03-08 19:42:28 +01:00			`#`
			`# LDAP Defaults`
			`#`

			`# See ldap.conf(5) for details`
			`# This file should be world readable but not world writable.`

			`#BASE dc=example,dc=com`
			`#URI ldap://ldap.example.com ldap://ldap-master.example.com:666`
update documentations 2023-01-17 21:43:32 +01:00			`#>GNUNUX`
			`BASE %%ldapclient_search_dn`
fork from cadoles' risotto-dataset 2022-03-08 19:42:28 +01:00			`URI ldaps://%%ldap_server_address:%%ldap_port`
update documentations 2023-01-17 21:43:32 +01:00			`#<GNUNUX`
fork from cadoles' risotto-dataset 2022-03-08 19:42:28 +01:00
			`#SIZELIMIT 12`
			`#TIMELIMIT 15`
			`#DEREF never`

			`# When no CA certificates are specified the Shared System Certificates`
			`# are in use. In order to have these available along with the ones specified`
			`# by TLS_CACERTDIR one has to include them explicitly:`
			`#TLS_CACERT /etc/pki/tls/cert.pem`
update documentations 2023-01-17 21:43:32 +01:00			`#>GNUNUX`
TLS 2023-02-14 14:24:16 +01:00			`TLS_CERT %%tls_cert_directory/ldap_client.crt`
			`TLS_KEY %%tls_key_directory/ldap_client.key`
			`TLS_CACERT %%tls_ca_directory/LDAP.crt`
update documentations 2023-01-17 21:43:32 +01:00			`#<GNUNUX`
fork from cadoles' risotto-dataset 2022-03-08 19:42:28 +01:00
			`# System-wide Crypto Policies provide up to date cipher suite which should`
			`# be used unless one needs a finer grinded selection of ciphers. Hence, the`
			`# PROFILE=SYSTEM value represents the default behavior which is in place`
			`# when no explicit setting is used. (see openssl-ciphers(1) for more info)`
			`#TLS_CIPHER_SUITE PROFILE=SYSTEM`

			`# Turning this off breaks GSSAPI used with krb5 when rdns = false`
			`SASL_NOCANON on`

update documentations 2023-01-17 21:43:32 +01:00			`#>GNUNUX`
update 2022-06-24 19:00:16 +02:00			`BINDDN %%ldapclient_user`
fork from cadoles' risotto-dataset 2022-03-08 19:42:28 +01:00			`TIMELIMIT 10`
			`NETWORK_TIMEOUT 10`
			`TIMEOUT 10`
update 2022-06-24 19:00:16 +02:00			`BINDPW %%ldapclient_user_password`
update documentations 2023-01-17 21:43:32 +01:00			`#<GNUNUX`