dataset/seed/ldap-client/templates/ldap.conf

45 lines
1.3 KiB
Text
Raw Permalink Normal View History

2022-03-08 19:42:28 +01:00
#
# LDAP Defaults
#
# See ldap.conf(5) for details
# This file should be world readable but not world writable.
#BASE dc=example,dc=com
#URI ldap://ldap.example.com ldap://ldap-master.example.com:666
2023-01-17 21:43:32 +01:00
#>GNUNUX
2023-06-23 08:12:05 +02:00
BASE {{ ldapclient_search_dn }}
URI ldaps://{{ ldap_server_address }}:{{ ldap_port }}
2023-01-17 21:43:32 +01:00
#<GNUNUX
2022-03-08 19:42:28 +01:00
#SIZELIMIT 12
#TIMELIMIT 15
#DEREF never
# When no CA certificates are specified the Shared System Certificates
# are in use. In order to have these available along with the ones specified
# by TLS_CACERTDIR one has to include them explicitly:
#TLS_CACERT /etc/pki/tls/cert.pem
2023-01-17 21:43:32 +01:00
#>GNUNUX
2023-06-23 08:12:05 +02:00
TLS_CERT {{ tls_cert_directory }}/ldap_client.crt
TLS_KEY {{ tls_key_directory }}/ldap_client.key
TLS_CACERT {{ tls_ca_directory }}/LDAP.crt
2023-01-17 21:43:32 +01:00
#<GNUNUX
2022-03-08 19:42:28 +01:00
# System-wide Crypto Policies provide up to date cipher suite which should
# be used unless one needs a finer grinded selection of ciphers. Hence, the
# PROFILE=SYSTEM value represents the default behavior which is in place
# when no explicit setting is used. (see openssl-ciphers(1) for more info)
#TLS_CIPHER_SUITE PROFILE=SYSTEM
# Turning this off breaks GSSAPI used with krb5 when rdns = false
SASL_NOCANON on
2023-01-17 21:43:32 +01:00
#>GNUNUX
2023-06-23 08:12:05 +02:00
BINDDN {{ ldapclient_user }}
2022-03-08 19:42:28 +01:00
TIMELIMIT 10
NETWORK_TIMEOUT 10
TIMEOUT 10
2023-06-23 08:12:05 +02:00
BINDPW {{ ldapclient_user_password }}
2023-01-17 21:43:32 +01:00
#<GNUNUX