# Your LDAP server. Must be resolvable without using LDAP. # Multiple hosts may be specified, each separated by a # space. How long nss_ldap takes to failover depends on # whether your LDAP client library supports configurable # network or connect timeouts (see bind_timelimit). host ldap1.eisscholle.net ldap2.eisscholle.net # SSL Settings ssl yes port 636 tls_checkpeer no # of non SSL # ssl no # port 389 # The LDAP version to use (defaults to 3 # if supported by client library) ldap_version 3 # The distinguished name of the search base. base dc=ad,dc=eisscholle,dc=net # The distinguished name to bind to the server with. # Optional: default is to bind anonymously. binddn CN=RSA Service User,OU=Serviceuser,OU=Users,DC=ad,DC=eisscholle,DC=net # The credentials to bind with. # Optional: default is no credential. bindpw # Search timelimit timelimit 15 # Bind/connect timelimit bind_timelimit 10 # Filtert deaktivierte Accounts: &(!(userAccountControl:1.2.840.113556.1.4.803:=2)) nss_base_passwd dc=ad,dc=eisscholle,dc=net?sub?&(!(userAccountControl:1.2.840.113556.1.4.803:=2)) nss_base_shadow dc=ad,dc=eisscholle,dc=net?sub?&(!(userAccountControl:1.2.840.113556.1.4.803:=2)) nss_base_group dc=ad,dc=eisscholle,dc=net?sub?&(!(userAccountControl:1.2.840.113556.1.4.803:=2)) # Mappings nss_map_objectclass posixAccount user nss_map_objectclass shadowAccount user nss_map_objectclass posixGroup group nss_map_attribute uid sAMAccountName nss_map_attribute uidNumber uidNumber nss_map_attribute gidNumber gidNumber nss_map_attribute loginShell loginShell nss_map_attribute gecos name nss_map_attribute userPassword unixUserPassword nss_map_attribute homeDirectory unixHomeDirectory nss_map_attribute shadowLastChange pwdLastSet nss_map_attribute uniqueMember primaryGroupID nss_map_attribute cn cn