42 lines
1.1 KiB
YAML
42 lines
1.1 KiB
YAML
---
|
|
# .. vim: foldmarker=[[[,]]]:foldmethod=marker
|
|
|
|
# vars file for all hosts to configure nslcd role
|
|
|
|
# binddn to use to contact LDAP server
|
|
nslcd__ldap_binddn: 'cn=BIND_USER,dc=univ-rennes1,dc=fr'
|
|
|
|
# bind password
|
|
nslcd__ldap_bindpw: 'CHANGE_ME'
|
|
|
|
# Use People base to search users
|
|
nslcd__ldap_base_dn: [
|
|
"ou=People",
|
|
"dc=univ-rennes1",
|
|
"dc=fr"
|
|
]
|
|
|
|
# Filter to allow only admins
|
|
nslcd__ldap_host_filter: '(memberof=cn=mygroup,ou=Grouper,dc=univ-rennes1,dc=fr)'
|
|
|
|
# Set nslcd configuration
|
|
nslcd__configuration:
|
|
- name: 'uri'
|
|
comment: 'Use LDAP UR1 server'
|
|
value: 'ldap://ldap.univ-rennes1.fr'
|
|
- name: 'nss_min_uid'
|
|
comment: |
|
|
First valid UID/GID number expected to be in the LDAP directory.
|
|
UIDs/GIDs lower than this value will be ignored.
|
|
value: '1000'
|
|
- name: 'nss_initgroups_ignoreusers'
|
|
value: 'postfix,root,sshd,www-data'
|
|
comment: |
|
|
prevents group membership lookups through LDAP for those users.
|
|
- name: 'map_homeDirectory'
|
|
comment: |
|
|
Use the standard /home base for user's home directory.
|
|
option: 'map'
|
|
map: 'passwd'
|
|
value: 'homeDirectory "${homeDirectory:+/home/$uid}"'
|