25 lines
620 B
Django/Jinja
25 lines
620 B
Django/Jinja
uid nslcd
|
|
gid ldap
|
|
|
|
uri {% for server in ldap_server %}ldaps://{{ server }} {% endfor %}
|
|
base {{ ldap_basedn }}
|
|
|
|
# time out searches after 30 seconds
|
|
timelimit 30
|
|
# close idle connections after 10 minutes
|
|
idle_timelimit 600
|
|
# do not search group memberships for local users
|
|
nss_initgroups_ignoreusers ALLLOCAL
|
|
|
|
pagesize 500
|
|
map group member uniqueMember
|
|
|
|
# use ssl and verify server cert
|
|
ssl on
|
|
tls_reqcert demand
|
|
tls_cacertfile {{ tls_bundle }}
|
|
|
|
# use local host cert/key for authentication
|
|
tls_key {{ tls_private }}/{{ inventory_hostname }}.key
|
|
tls_cert {{ tls_certs }}/{{ inventory_hostname }}.crt
|
|
sasl_mech EXTERNAL
|