2022-03-08 19:42:28 +01:00
|
|
|
#
|
|
|
|
# LDAP Defaults
|
|
|
|
#
|
|
|
|
|
|
|
|
# See ldap.conf(5) for details
|
|
|
|
# This file should be world readable but not world writable.
|
|
|
|
|
|
|
|
#BASE dc=example,dc=com
|
|
|
|
#URI ldap://ldap.example.com ldap://ldap-master.example.com:666
|
2023-01-17 21:43:32 +01:00
|
|
|
#>GNUNUX
|
|
|
|
BASE %%ldapclient_search_dn
|
2022-03-08 19:42:28 +01:00
|
|
|
URI ldaps://%%ldap_server_address:%%ldap_port
|
2023-01-17 21:43:32 +01:00
|
|
|
#<GNUNUX
|
2022-03-08 19:42:28 +01:00
|
|
|
|
|
|
|
#SIZELIMIT 12
|
|
|
|
#TIMELIMIT 15
|
|
|
|
#DEREF never
|
|
|
|
|
|
|
|
# When no CA certificates are specified the Shared System Certificates
|
|
|
|
# are in use. In order to have these available along with the ones specified
|
|
|
|
# by TLS_CACERTDIR one has to include them explicitly:
|
|
|
|
#TLS_CACERT /etc/pki/tls/cert.pem
|
2023-01-17 21:43:32 +01:00
|
|
|
#>GNUNUX
|
2023-02-14 14:24:16 +01:00
|
|
|
TLS_CERT %%tls_cert_directory/ldap_client.crt
|
|
|
|
TLS_KEY %%tls_key_directory/ldap_client.key
|
|
|
|
TLS_CACERT %%tls_ca_directory/LDAP.crt
|
2023-01-17 21:43:32 +01:00
|
|
|
#<GNUNUX
|
2022-03-08 19:42:28 +01:00
|
|
|
|
|
|
|
# System-wide Crypto Policies provide up to date cipher suite which should
|
|
|
|
# be used unless one needs a finer grinded selection of ciphers. Hence, the
|
|
|
|
# PROFILE=SYSTEM value represents the default behavior which is in place
|
|
|
|
# when no explicit setting is used. (see openssl-ciphers(1) for more info)
|
|
|
|
#TLS_CIPHER_SUITE PROFILE=SYSTEM
|
|
|
|
|
|
|
|
# Turning this off breaks GSSAPI used with krb5 when rdns = false
|
|
|
|
SASL_NOCANON on
|
|
|
|
|
2023-01-17 21:43:32 +01:00
|
|
|
#>GNUNUX
|
2022-06-24 19:00:16 +02:00
|
|
|
BINDDN %%ldapclient_user
|
2022-03-08 19:42:28 +01:00
|
|
|
TIMELIMIT 10
|
|
|
|
NETWORK_TIMEOUT 10
|
|
|
|
TIMEOUT 10
|
2022-06-24 19:00:16 +02:00
|
|
|
BINDPW %%ldapclient_user_password
|
2023-01-17 21:43:32 +01:00
|
|
|
#<GNUNUX
|