LDAP und Radius Authentifizierung

10.1.1.10    <secret token>    5
10.1.1.11    <secret token>    5

# Your LDAP server. Must be resolvable without using LDAP.
# Multiple hosts may be specified, each separated by a
# space. How long nss_ldap takes to failover depends on
# whether your LDAP client library supports configurable
# network or connect timeouts (see bind_timelimit).
host ldap1.eisscholle.net ldap2.eisscholle.net

# SSL Settings
ssl yes
port 636
tls_checkpeer no

# of non SSL
# ssl no
# port 389

# The LDAP version to use (defaults to 3
# if supported by client library)
ldap_version 3

# The distinguished name of the search base.
base dc=ad,dc=eisscholle,dc=net

# The distinguished name to bind to the server with.
# Optional: default is to bind anonymously.
binddn CN=RSA Service User,OU=Serviceuser,OU=Users,DC=ad,DC=eisscholle,DC=net

# The credentials to bind with.
# Optional: default is no credential.
bindpw <pw von rsaserviceuser>

# Search timelimit
timelimit 15

# Bind/connect timelimit
bind_timelimit 10

# Filtert deaktivierte Accounts: &(!(userAccountControl:1.2.840.113556.1.4.803:=2))
nss_base_passwd        dc=ad,dc=eisscholle,dc=net?sub?&(!(userAccountControl:1.2.840.113556.1.4.803:=2))
nss_base_shadow        dc=ad,dc=eisscholle,dc=net?sub?&(!(userAccountControl:1.2.840.113556.1.4.803:=2))
nss_base_group         dc=ad,dc=eisscholle,dc=net?sub?&(!(userAccountControl:1.2.840.113556.1.4.803:=2))

# Mappings
nss_map_objectclass posixAccount user
nss_map_objectclass shadowAccount user
nss_map_objectclass posixGroup group

nss_map_attribute uid sAMAccountName
nss_map_attribute uidNumber uidNumber
nss_map_attribute gidNumber gidNumber
nss_map_attribute loginShell loginShell
nss_map_attribute gecos name
nss_map_attribute userPassword unixUserPassword
nss_map_attribute homeDirectory unixHomeDirectory
nss_map_attribute shadowLastChange pwdLastSet
nss_map_attribute uniqueMember primaryGroupID
nss_map_attribute cn cn