vn-ansible/roles/config-freeradius-totp/templates/ldap.j2

63 lines
1.4 KiB
Django/Jinja

{% raw %}
ldap {
server = 'ldap.verdnatura.es'
identity = 'cn=admin,dc=verdnatura,dc=es'
password = {{ bindradiusldap_password }}
base_dn = 'dc=verdnatura,dc=es'
user_dn = "LDAP-UserDn"
update {
control:Password-With-Header += 'userPassword'
control:NT-Password := 'sambaNTPassword'
}
user {
base_dn = "ou=users,${..base_dn}"
filter = "(uid=%{%{Stripped-User-Name}:-%{User-Name}})"
}
group {
base_dn = "ou=groups,${..base_dn}"
name_attribute = 'cn'
membership_attribute = 'memberUid'
membership_filter = "(memberUid=%{%{Stripped-User-Name}:-%{User-Name}})"
filter = '(objectClass=posixGroup)'
cacheable_name = yes
}
accounting {
reference = "%{tolower:type.%{Acct-Status-Type}}"
type {
start {
update {description := "Online at %S"}
}
interim-update {
update {description := "Last seen at %S"}
}
stop {
update {description := "Offline at %S"}
}
}
}
post-auth {
update {description := "Authenticated at %S"}
}
options {
rebind = yes
res_timeout = 10
srv_timelimit = 3
net_timeout = 1
idle = 60
probes = 3
interval = 3
ldap_debug = 0x0028
}
pool {
start = ${thread[pool].start_servers}
min = ${thread[pool].min_spare_servers}
max = ${thread[pool].max_servers}
spare = ${thread[pool].max_spare_servers}
uses = 0
retry_delay = 30
lifetime = 0
idle_timeout = 60
}
}
{% endraw %}