1,5 → 1,6 |
# -*- text -*- |
# Lightweight Directory Access Protocol (LDAP) module for ALCASAR |
|
ldap { |
server = "localhost" |
port = 389 |
6,28 → 7,38 |
identity = "cn=alcasaradmin;cn=Users;dc=serverad;dc=com" |
password = "mypass" |
base_dn = "cn=Users;dc=serverad;dc=com" |
user { |
base_dn = "${..base_dn}" |
# "samaccountname=" for AD; "uid=" for LDAP |
filter = (samaccountname=%{%{Stripped-User-Name}:-%{User-Name}}) |
} |
options { |
chase_referrals = yes |
rebind = yes |
res_timeout = 10 |
srv_timelimit = 3 |
net_timeout = 1 |
idle = 60 |
probes = 3 |
interval = 3 |
} |
pool { |
start = 5 |
min = 3 |
max = 10 |
uses = 0 |
retry_delay = 30 |
lifetime = 0 |
idle_timeout = 60 |
} |
user { |
base_dn = "${..base_dn}" |
# "samaccountname=" for AD; "uid=" for LDAP |
filter = (samaccountname=%{%{Stripped-User-Name}:-%{User-Name}}) |
} |
options { |
chase_referrals = yes |
rebind = yes |
res_timeout = 10 |
srv_timelimit = 3 |
net_timeout = 1 |
idle = 60 |
probes = 3 |
interval = 3 |
# ldap_debug = 0x0129 |
} |
tls { |
# start_tls = yes |
# ca_file = /etc/raddb/certs/alcasar-ldaps.crt |
# ca_path = ${certdir} |
# certificate_file = /path/to/radius.crt |
# private_key_file = /path/to/radius.key |
# random_file = /dev/urandom |
# require_cert = 'demand' |
} |
pool { |
start = 5 |
min = 3 |
max = 10 |
uses = 0 |
retry_delay = 30 |
lifetime = 0 |
idle_timeout = 60 |
} |
} |