Benutzer-Werkzeuge

Webseiten-Werkzeuge


konfigurationsbeispiele:ldapauth.conf

/etc/benno-web/ldapauth.conf

#
# LDAP Authentication configuration file
#
# This file must be readable by the user of the web server
#

# LDAP host
#
# <hostname>:<port>
#
# secondary ldap servers: <server1[:port]>,<server2[:port]>, ...
# Univention UCS + Samba4: <hostname>:7389
#
host = localhost

# LDAP base dn
#
# Base dn of the ldap directory, the bind dn will be determined by a search
#
# request the user uid
#
basedn = dc=lw-systems,dc=net

# User id attribute
#
# The attribute which holds the user id for authentication
#
# Windows AD: userattr = sAMAccountName
#userattr = uid

# user rdn
#
# Authentication will be performed as: $userattr=USERLOGIN,$usersuffix
#
# If disabled, a LDAP search operation will be performed to detect the user dn
#usersuffix = 

# User objectclas
#
# Objectclass of user object
#
# Windows AD: objectclass = user
#objectclass = posixAccount

# User filter
#
# LDAP search filter for user object
# Overwrites "userattr" and "objectclass" settings.
# 
# The authentication module need to search in LDAP, thus "binddn" and
# "password" settings could be necessary.
# The "usersuffix" parameter will be disabled internally.
#
# %s - match login name
# %u - match userpart of login name
# %d - match domainpart of login name
# 
#userfilter = (&(objectClass=posixAccount)(uid=%s))

# Encrypt LDAP connection
# STARTLS port 389: tls = true
# LDAPS port 636: tls = ldaps
#tls = false

# DN to bind for search requests
#
# Dn of an user with permissions to search at the ldap tree.
# Enable if anonymous search is not permitted!
#
# Windows AD: binddn = <username>@<windows-domain>
#binddn =

# Password of the admin user
#
#password = 

## User is allowed to access his own email adresses and
## addtional adresses

# Email address attribute
# Univention UCS: mailPrimaryAddress
#email = mail

# Email alias attribute
# Windows AD: proxyAddress | proxyAddresses
# Univention UCS: mailAlternativeAddress
#alias = emailAlias

# Allow access to additional email addresses
#addemail = info@lw-systems.net, mailing@lw-systems.net

# Benno role attribute
#role = bennoRole

# Benno container name attribute
#container = bennoContainer

# Default container (if containerattr not set in LDAP)
#default_container = BennoContainer

# List of username who will always assigned the admin role
#adminuser = bennoadmin, superadmin

# List of addressfilters for admin user (default *@*)
#adminaddress = *@*

# List of username who will always assigned the revisor role
#revisoruser = revisor

# remove domain from username during authentication if set to "true"
#remove_domainsuffix = false

# set debug level
# 0: log only warnings (default)
# 1: log authprotocol responses
# 2: log ldap attribute data
# 3: log ldap requests
#loglevel = 0


### Settings for benno_ldapgroup

# Group objectclas
#
# Objectclass of group objects
#
# Windows AD: objectclass = group
#groupobjectclass = posixGroup

# Group user id attribute
#
# The attribute which holds the userids in group
#
#groupuserattr = memberUid

# Email group address attribute
#
# Univention UCS: mailPrimaryAddress, univentionFreeAttributeXX
#groupmailattr = 
konfigurationsbeispiele/ldapauth.conf.txt · Zuletzt geändert: 2019/04/12 15:29 von lwsystems