Skip to content

Instantly share code, notes, and snippets.

@grizmin

grizmin/accessRole.ldif

Last active August 12, 2016 10:12
Show Gist options
  • Save grizmin/a469fd1814cef0d35c836800be1404ae to your computer and use it in GitHub Desktop.
Save grizmin/a469fd1814cef0d35c836800be1404ae to your computer and use it in GitHub Desktop.
Download ZIP
LDAP server complete configuration
Raw
accessRole.ldif
dn: cn=accessRole,cn=schema,cn=config
objectClass: olcSchemaConfig
cn: accessRole
olcAttributeTypes: ( 1.3.6.1.4.1.30503.500.1.1.1.13 NAME 'accessRole'
DESC 'MANDATORY: Access Role'
EQUALITY caseIgnoreMatch
SYNTAX 1.3.6.1.4.1.1466.115.121.1.15
)
olcObjectClasses: ( 1.3.6.1.4.1.30503.500.1.1.2.0 NAME 'userAccessRole' SUP top AUXILIARY
DESC 'MANDATORY: User Access Role objectclass'
MAY ( accessRole $ uid )
)
Raw
autofs.ldif
dn: cn=autofs,cn=schema,cn=config
objectClass: olcSchemaConfig
cn: autofs
olcAttributeTypes: {0}( 1.3.6.1.1.1.1.25 NAME 'automountInformation' DESC 'I
nformation used by the autofs automounter' EQUALITY caseExactIA5Match SYNTA
X 1.3.6.1.4.1.1466.115.121.1.26 SINGLE-VALUE )
olcObjectClasses: {0}( 1.3.6.1.1.1.1.13 NAME 'automount' DESC 'An entry in a
n automounter map' SUP top STRUCTURAL MUST ( cn $ automountInformation $ ob
jectclass ) MAY description )
olcObjectClasses: {1}( 1.3.6.1.4.1.2312.4.2.2 NAME 'automountMap' DESC 'An g
roup of related automount objects' SUP top STRUCTURAL MUST ou )
Raw
autofs_schema_convert.conf
include /etc/ldap/schema/core.schema
include /etc/ldap/schema/cosine.schema
include /etc/ldap/schema/autofs.schema
Raw
config.php
<?php
/** NOTE **
** Make sure that <?php is the FIRST line of this file!
** IE: There should NOT be any blank lines or spaces BEFORE <?php
**/
/**
* The phpLDAPadmin config file
* See: http://phpldapadmin.sourceforge.net/wiki/index.php/Config.php
*
* This is where you can customise some of the phpLDAPadmin defaults
* that are defined in config_default.php.
*
* To override a default, use the $config->custom variable to do so.
* For example, the default for defining the language in config_default.php
*
* $this->default->appearance['language'] = array(
* 'desc'=>'Language',
* 'default'=>'auto');
*
* to override this, use $config->custom->appearance['language'] = 'en_EN';
*
* This file is also used to configure your LDAP server connections.
*
* You must specify at least one LDAP server there. You may add
* as many as you like. You can also specify your language, and
* many other options.
*
* NOTE: Commented out values in this file prefixed by //, represent the
* defaults that have been defined in config_default.php.
* Commented out values prefixed by #, dont reflect their default value, you can
* check config_default.php if you want to see what the default is.
*
* DONT change config_default.php, you changes will be lost by the next release
* of PLA. Instead change this file - as it will NOT be replaced by a new
* version of phpLDAPadmin.
*/
/*********************************************
* Useful important configuration overrides *
*********************************************/
/* If you are asked to put PLA in debug mode, this is how you do it: */
# $config->custom->debug['level'] = 255;
# $config->custom->debug['syslog'] = true;
# $config->custom->debug['file'] = '/tmp/pla_debug.log';
/* phpLDAPadmin can encrypt the content of sensitive cookies if you set this
to a big random string. */
// $config->custom->session['blowfish'] = null;
/* If your auth_type is http, you can override your HTTP Authentication Realm. */
// $config->custom->session['http_realm'] = sprintf('%s %s',app_name(),'login');
/* The language setting. If you set this to 'auto', phpLDAPadmin will attempt
to determine your language automatically.
If PLA doesnt show (all) strings in your language, then you can do some
translation at http://translations.launchpad.net/phpldapadmin and download
the translation files, replacing those provided with PLA.
(We'll pick up the translations before making the next release too!) */
// $config->custom->appearance['language'] = 'auto';
/* The temporary storage directory where we will put jpegPhoto data
This directory must be readable and writable by your web server. */
// $config->custom->jpeg['tmpdir'] = '/tmp'; // Example for Unix systems
# $config->custom->jpeg['tmpdir'] = 'c:\\temp'; // Example for Windows systems
/* Set this to (bool)true if you do NOT want a random salt used when
calling crypt(). Instead, use the first two letters of the user's
password. This is insecure but unfortunately needed for some older
environments. */
# $config->custom->password['no_random_crypt_salt'] = true;
/* PHP script timeout control. If php runs longer than this many seconds then
PHP will stop with an Maximum Execution time error. Increase this value from
the default if queries to your LDAP server are slow. The default is either
30 seconds or the setting of max_exection_time if this is null. */
// $config->custom->session['timelimit'] = 30;
/* Our local timezone
This is to make sure that when we ask the system for the current time, we
get the right local time. If this is not set, all time() calculations will
assume UTC if you have not set PHP date.timezone. */
// $config->custom->appearance['timezone'] = null;
# $config->custom->appearance['timezone'] = 'Australia/Melbourne';
/*********************************************
* Commands *
*********************************************/
/* Command availability ; if you don't authorize a command the command
links will not be shown and the command action will not be permitted.
For better security, set also ACL in your ldap directory. */
/*
$config->custom->commands['cmd'] = array(
'entry_internal_attributes_show' => true,
'entry_refresh' => true,
'oslinks' => true,
'switch_template' => true
);
$config->custom->commands['script'] = array(
'add_attr_form' => true,
'add_oclass_form' => true,
'add_value_form' => true,
'collapse' => true,
'compare' => true,
'compare_form' => true,
'copy' => true,
'copy_form' => true,
'create' => true,
'create_confirm' => true,
'delete' => true,
'delete_attr' => true,
'delete_form' => true,
'draw_tree_node' => true,
'expand' => true,
'export' => true,
'export_form' => true,
'import' => true,
'import_form' => true,
'login' => true,
'logout' => true,
'login_form' => true,
'mass_delete' => true,
'mass_edit' => true,
'mass_update' => true,
'modify_member_form' => true,
'monitor' => true,
'purge_cache' => true,
'query_engine' => true,
'rename' => true,
'rename_form' => true,
'rdelete' => true,
'refresh' => true,
'schema' => true,
'server_info' => true,
'show_cache' => true,
'template_engine' => true,
'update_confirm' => true,
'update' => true
);
*/
/*********************************************
* Appearance *
*********************************************/
/* If you want to choose the appearance of the tree, specify a class name which
inherits from the Tree class. */
// $config->custom->appearance['tree'] = 'AJAXTree';
# $config->custom->appearance['tree'] = 'HTMLTree';
/* Just show your custom templates. */
// $config->custom->appearance['custom_templates_only'] = false;
/* Disable the default template. */
// $config->custom->appearance['disable_default_template'] = false;
/* Hide the warnings for invalid objectClasses/attributes in templates. */
// $config->custom->appearance['hide_template_warning'] = false;
/* Set to true if you would like to hide header and footer parts. */
// $config->custom->appearance['minimalMode'] = false;
/* Configure what objects are shown in left hand tree */
// $config->custom->appearance['tree_filter'] = '(objectclass=*)';
/* The height and width of the tree. If these values are not set, then
no tree scroll bars are provided. */
// $config->custom->appearance['tree_height'] = null;
# $config->custom->appearance['tree_height'] = 600;
// $config->custom->appearance['tree_width'] = null;
# $config->custom->appearance['tree_width'] = 250;
/* Confirm create and update operations, allowing you to review the changes
and optionally skip attributes during the create/update operation. */
// $config->custom->confirm['create'] = true;
// $config->custom->confirm['update'] = true;
/* Confirm copy operations, and treat them like create operations. This allows
you to edit the attributes (thus changing any that might conflict with
uniqueness) before creating the new entry. */
// $config->custom->confirm['copy'] = true;
/*********************************************
* User-friendly attribute translation *
*********************************************/
/* Use this array to map attribute names to user friendly names. For example, if
you don't want to see "facsimileTelephoneNumber" but rather "Fax". */
// $config->custom->appearance['friendly_attrs'] = array();
$config->custom->appearance['friendly_attrs'] = array(
'facsimileTelephoneNumber' => 'Fax',
'gid' => 'Group',
'mail' => 'Email',
'telephoneNumber' => 'Telephone',
'uid' => 'User Name',
'userPassword' => 'Password'
);
/*********************************************
* Hidden attributes *
*********************************************/
/* You may want to hide certain attributes from being edited. If you want to
hide attributes from the user, you should use your LDAP servers ACLs.
NOTE: The user must be able to read the hide_attrs_exempt entry to be
excluded. */
// $config->custom->appearance['hide_attrs'] = array();
# $config->custom->appearance['hide_attrs'] = array('objectClass');
/* Members of this list will be exempt from the hidden attributes. */
// $config->custom->appearance['hide_attrs_exempt'] = null;
# $config->custom->appearance['hide_attrs_exempt'] = 'cn=PLA UnHide,ou=Groups,c=AU';
/*********************************************
* Read-only attributes *
*********************************************/
/* You may want to phpLDAPadmin to display certain attributes as read only,
meaning that users will not be presented a form for modifying those
attributes, and they will not be allowed to be modified on the "back-end"
either. You may configure this list here:
NOTE: The user must be able to read the readonly_attrs_exempt entry to be
excluded. */
// $config->custom->appearance['readonly_attrs'] = array();
/* Members of this list will be exempt from the readonly attributes. */
// $config->custom->appearance['readonly_attrs_exempt'] = null;
# $config->custom->appearance['readonly_attrs_exempt'] = 'cn=PLA ReadWrite,ou=Groups,c=AU';
/*********************************************
* Group attributes *
*********************************************/
/* Add "modify group members" link to the attribute. */
// $config->custom->modify_member['groupattr'] = array('member','uniqueMember','memberUid');
/* Configure filter for member search. This only applies to "modify group members" feature */
// $config->custom->modify_member['filter'] = '(objectclass=Person)';
/* Attribute that is added to the group member attribute. */
// $config->custom->modify_member['attr'] = 'dn';
/* For Posix attributes */
// $config->custom->modify_member['posixattr'] = 'uid';
// $config->custom->modify_member['posixfilter'] = '(uid=*)';
// $config->custom->modify_member['posixgroupattr'] = 'memberUid';
/*********************************************
* Support for attrs display order *
*********************************************/
/* Use this array if you want to have your attributes displayed in a specific
order. You can use default attribute names or their fridenly names.
For example, "sn" will be displayed right after "givenName". All the other
attributes that are not specified in this array will be displayed after in
alphabetical order. */
// $config->custom->appearance['attr_display_order'] = array();
# $config->custom->appearance['attr_display_order'] = array(
# 'givenName',
# 'sn',
# 'cn',
# 'displayName',
# 'uid',
# 'uidNumber',
# 'gidNumber',
# 'homeDirectory',
# 'mail',
# 'userPassword'
# );
/*********************************************
* Define your LDAP servers in this section *
*********************************************/
$servers = new Datastore();
/* $servers->NewServer('ldap_pla') must be called before each new LDAP server
declaration. */
$servers->newServer('ldap_pla');
/* A convenient name that will appear in the tree viewer and throughout
phpLDAPadmin to identify this LDAP server to users. */
$servers->setValue('server','name','LAB Grizmin.org LDAP Server');
/* Examples:
'ldap.example.com',
'ldaps://ldap.example.com/',
'ldapi://%2fusr%local%2fvar%2frun%2fldapi'
(Unix socket at /usr/local/var/run/ldap) */
$servers->setValue('server','host','ldapi:///var/run/ldapi');
/* The port your LDAP server listens on (no quotes). 389 is standard. */
// $servers->setValue('server','port',389);
/* Array of base DNs of your LDAP server. Leave this blank to have phpLDAPadmin
auto-detect it for you. */
$servers->setValue('server','base',array('dc=lab,dc=grizmin,dc=org'));
/* Five options for auth_type:
1. 'cookie': you will login via a web form, and a client-side cookie will
store your login dn and password.
2. 'session': same as cookie but your login dn and password are stored on the
web server in a persistent session variable.
3. 'http': same as session but your login dn and password are retrieved via
HTTP authentication.
4. 'config': specify your login dn and password here in this config file. No
login will be required to use phpLDAPadmin for this server.
5. 'sasl': login will be taken from the webserver's kerberos authentication.
Currently only GSSAPI has been tested (using mod_auth_kerb).
Choose wisely to protect your authentication information appropriately for
your situation. If you choose 'cookie', your cookie contents will be
encrypted using blowfish and the secret your specify above as
session['blowfish']. */
$servers->setValue('login','auth_type','session');
/* The DN of the user for phpLDAPadmin to bind with. For anonymous binds or
'cookie','session' or 'sasl' auth_types, LEAVE THE LOGIN_DN AND LOGIN_PASS
BLANK. If you specify a login_attr in conjunction with a cookie or session
auth_type, then you can also specify the bind_id/bind_pass here for searching
the directory for users (ie, if your LDAP server does not allow anonymous
binds. */
$servers->setValue('login','bind_id','cn=admin,dc=lab,dc=grizmin,dc=org');
# $servers->setValue('login','bind_id','cn=Manager,dc=example,dc=com');
/* Your LDAP password. If you specified an empty bind_id above, this MUST also
be blank. */
// $servers->setValue('login','bind_pass','');
# $servers->setValue('login','bind_pass','secret');
/* Use TLS (Transport Layer Security) to connect to the LDAP server. */
// $servers->setValue('server','tls',false);
/************************************
* SASL Authentication *
************************************/
/* Enable SASL authentication LDAP SASL authentication requires PHP 5.x
configured with --with-ldap-sasl=DIR. If this option is disabled (ie, set to
false), then all other sasl options are ignored. */
// $servers->setValue('login','auth_type','sasl');
/* SASL auth mechanism */
// $servers->setValue('sasl','mech','GSSAPI');
/* SASL authentication realm name */
// $servers->setValue('sasl','realm','');
# $servers->setValue('sasl','realm','EXAMPLE.COM');
/* SASL authorization ID name
If this option is undefined, authorization id will be computed from bind DN,
using authz_id_regex and authz_id_replacement. */
// $servers->setValue('sasl','authz_id', null);
/* SASL authorization id regex and replacement
When authz_id property is not set (default), phpLDAPAdmin will try to
figure out authorization id by itself from bind distinguished name (DN).
This procedure is done by calling preg_replace() php function in the
following way:
$authz_id = preg_replace($sasl_authz_id_regex,$sasl_authz_id_replacement,
$bind_dn);
For info about pcre regexes, see:
- pcre(3), perlre(3)
- http://www.php.net/preg_replace */
// $servers->setValue('sasl','authz_id_regex',null);
// $servers->setValue('sasl','authz_id_replacement',null);
# $servers->setValue('sasl','authz_id_regex','/^uid=([^,]+)(.+)/i');
# $servers->setValue('sasl','authz_id_replacement','$1');
/* SASL auth security props.
See http://beepcore-tcl.sourceforge.net/tclsasl.html#anchor5 for explanation. */
// $servers->setValue('sasl','props',null);
/* Default password hashing algorithm. One of md5, ssha, sha, md5crpyt, smd5,
blowfish, crypt or leave blank for now default algorithm. */
// $servers->setValue('appearance','password_hash_custom','md5');
/* If you specified 'cookie' or 'session' as the auth_type above, you can
optionally specify here an attribute to use when logging in. If you enter
'uid' and login as 'dsmith', phpLDAPadmin will search for (uid=dsmith)
and log in as that user.
Leave blank or specify 'dn' to use full DN for logging in. Note also that if
your LDAP server requires you to login to perform searches, you can enter the
DN to use when searching in 'bind_id' and 'bind_pass' above. */
// $servers->setValue('login','attr','dn');
/* Base DNs to used for logins. If this value is not set, then the LDAP server
Base DNs are used. */
// $servers->setValue('login','base',array());
/* If 'login,attr' is used above such that phpLDAPadmin will search for your DN
at login, you may restrict the search to a specific objectClasses. EG, set this
to array('posixAccount') or array('inetOrgPerson',..), depending upon your
setup. */
// $servers->setValue('login','class',array());
/* If you specified something different from 'dn', for example 'uid', as the
login_attr above, you can optionally specify here to fall back to
authentication with dn.
This is useful, when users should be able to log in with their uid, but
the ldap administrator wants to log in with his root-dn, that does not
necessarily have the uid attribute.
When using this feature, login_class is ignored. */
// $servers->setValue('login','fallback_dn',false);
/* Specify true If you want phpLDAPadmin to not display or permit any
modification to the LDAP server. */
// $servers->setValue('server','read_only',false);
/* Specify false if you do not want phpLDAPadmin to draw the 'Create new' links
in the tree viewer. */
// $servers->setValue('appearance','show_create',true);
/* Set to true if you would like to initially open the first level of each tree. */
// $servers->setValue('appearance','open_tree',false);
/* This feature allows phpLDAPadmin to automatically determine the next
available uidNumber for a new entry. */
// $servers->setValue('auto_number','enable',true);
/* The mechanism to use when finding the next available uidNumber. Two possible
values: 'uidpool' or 'search'.
The 'uidpool' mechanism uses an existing uidPool entry in your LDAP server to
blindly lookup the next available uidNumber. The 'search' mechanism searches
for entries with a uidNumber value and finds the first available uidNumber
(slower). */
// $servers->setValue('auto_number','mechanism','search');
/* The DN of the search base when the 'search' mechanism is used above. */
# $servers->setValue('auto_number','search_base','ou=People,dc=example,dc=com');
/* The minimum number to use when searching for the next available number
(only when 'search' is used for auto_number. */
$servers->setValue('auto_number','min',array('uidNumber'=>5000,'gidNumber'=>500));
/* If you set this, then phpldapadmin will bind to LDAP with this user ID when
searching for the uidnumber. The idea is, this user id would have full
(readonly) access to uidnumber in your ldap directory (the logged in user
may not), so that you can be guaranteed to get a unique uidnumber for your
directory. */
// $servers->setValue('auto_number','dn',null);
/* The password for the dn above. */
// $servers->setValue('auto_number','pass',null);
/* Enable anonymous bind login. */
// $servers->setValue('login','anon_bind',true);
/* Use customized page with prefix when available. */
# $servers->setValue('custom','pages_prefix','custom_');
/* If you set this, then only these DNs are allowed to log in. This array can
contain individual users, groups or ldap search filter(s). Keep in mind that
the user has not authenticated yet, so this will be an anonymous search to
the LDAP server, so make your ACLs allow these searches to return results! */
# $servers->setValue('login','allowed_dns',array(
# 'uid=stran,ou=People,dc=example,dc=com',
# '(&(gidNumber=811)(objectClass=groupOfNames))',
# '(|(uidNumber=200)(uidNumber=201))',
# 'cn=callcenter,ou=Group,dc=example,dc=com'));
/* Set this if you dont want this LDAP server to show in the tree */
// $servers->setValue('server','visible',true);
/* Set this if you want to hide the base DNs that dont exist instead of
displaying the message "The base entry doesnt exist, create it?"
// $servers->setValue('server','hide_noaccess_base',false);
# $servers->setValue('server','hide_noaccess_base',true);
/* This is the time out value in minutes for the server. After as many minutes
of inactivity you will be automatically logged out. If not set, the default
value will be ( session_cache_expire()-1 ) */
# $servers->setValue('login','timeout',30);
/* Set this if you want phpldapadmin to perform rename operation on entry which
has children. Certain servers are known to allow it, certain are not. */
// $servers->setValue('server','branch_rename',false);
/* If you set this, then phpldapadmin will show these attributes as
internal attributes, even if they are not defined in your schema. */
// $servers->setValue('server','custom_sys_attrs',array(''));
# $servers->setValue('server','custom_sys_attrs',array('passwordExpirationTime','passwordAllowChangeTime'));
/* If you set this, then phpldapadmin will show these attributes on
objects, even if they are not defined in your schema. */
// $servers->setValue('server','custom_attrs',array(''));
# $servers->setValue('server','custom_attrs',array('nsRoleDN','nsRole','nsAccountLock'));
/* These attributes will be forced to MAY attributes and become option in the
templates. If they are not defined in the templates, then they wont appear
as per normal template processing. You may want to do this because your LDAP
server may automatically calculate a default value.
In Fedora Directory Server using the DNA Plugin one could ignore uidNumber,
gidNumber and sambaSID. */
// $servers->setValue('server','force_may',array(''));
# $servers->setValue('server','force_may',array('uidNumber','gidNumber','sambaSID'));
/*********************************************
* Unique attributes *
*********************************************/
/* You may want phpLDAPadmin to enforce some attributes to have unique values
(ie: not belong to other entries in your tree. This (together with
'unique','dn' and 'unique','pass' option will not let updates to
occur with other attributes have the same value. */
# $servers->setValue('unique','attrs',array('mail','uid','uidNumber'));
/* If you set this, then phpldapadmin will bind to LDAP with this user ID when
searching for attribute uniqueness. The idea is, this user id would have full
(readonly) access to your ldap directory (the logged in user may not), so
that you can be guaranteed to get a unique uidnumber for your directory. */
// $servers->setValue('unique','dn',null);
/* The password for the dn above. */
// $servers->setValue('unique','pass',null);
/**************************************************************************
* If you want to configure additional LDAP servers, do so below. *
* Remove the commented lines and use this section as a template for all *
* your other LDAP servers. *
**************************************************************************/
/*
$servers->newServer('ldap_pla');
$servers->setValue('server','name','LDAP Server');
$servers->setValue('server','host','127.0.0.1');
$servers->setValue('server','port',389);
$servers->setValue('server','base',array(''));
$servers->setValue('login','auth_type','cookie');
$servers->setValue('login','bind_id','');
$servers->setValue('login','bind_pass','');
$servers->setValue('server','tls',false);
# SASL auth
$servers->setValue('login','auth_type','sasl');
$servers->setValue('sasl','mech','GSSAPI');
$servers->setValue('sasl','realm','EXAMPLE.COM');
$servers->setValue('sasl','authz_id',null);
$servers->setValue('sasl','authz_id_regex','/^uid=([^,]+)(.+)/i');
$servers->setValue('sasl','authz_id_replacement','$1');
$servers->setValue('sasl','props',null);
$servers->setValue('appearance','password_hash_custom','md5');
$servers->setValue('login','attr','dn');
$servers->setValue('login','fallback_dn',false);
$servers->setValue('login','class',null);
$servers->setValue('server','read_only',false);
$servers->setValue('appearance','show_create',true);
$servers->setValue('auto_number','enable',true);
$servers->setValue('auto_number','mechanism','search');
$servers->setValue('auto_number','search_base',null);
$servers->setValue('auto_number','min',array('uidNumber'=>5000,'gidNumber'=>5000));
$servers->setValue('auto_number','dn',null);
$servers->setValue('auto_number','pass',null);
$servers->setValue('login','anon_bind',true);
$servers->setValue('custom','pages_prefix','custom_');
$servers->setValue('unique','attrs',array('mail','uid','uidNumber'));
$servers->setValue('unique','dn',null);
$servers->setValue('unique','pass',null);
$servers->setValue('server','visible',true);
$servers->setValue('login','timeout',30);
$servers->setValue('server','branch_rename',false);
$servers->setValue('server','custom_sys_attrs',array('passwordExpirationTime','passwordAllowChangeTime'));
$servers->setValue('server','custom_attrs',array('nsRoleDN','nsRole','nsAccountLock'));
$servers->setValue('server','force_may',array('uidNumber','gidNumber','sambaSID'));
*/
?>
Raw
get_ssh_key.sh
#!/bin/sh
ldapsearch -x '(&(objectClass=ldapPublicKey)(uid='"$1"'))' 'sshPublicKey' | \
sed -n '/^ /{H;d};/sshPublicKey:/x;$g;s/\n *//g;s/sshPublicKey: //gp'
Raw
ldap.conf
#
# LDAP Defaults
#
# See ldap.conf(5) for details
# This file should be world readable but not world writable.
BASE dc=lab,dc=grizmin,dc=org
URI ldaps:///ldap.lab.grizmin.org
#SIZELIMIT 12
#TIMELIMIT 15
#DEREF never
NORMAL:-VERS-TLS1.2:-VERS-SSL3.0
# TLS certificates (needed for GnuTLS)
TLS_CACERT /etc/ssl/certs/ca-certificates.crt
TLS_REQCERT never
Raw
ldap.gnutls.crt
-----BEGIN CERTIFICATE-----
MIIDzjCCAragAwIBAgIMV6pLBS2RZ/si6hiTMA0GCSqGSIb3DQEBCwUAMBkxFzAV
BgNVBAMTDkxEQVAgU2VydmVyIENBMCIYDzIwMTYwODA5MjEyODM3WhgPMjAyNjA4
MDkyMTI4MzdaMDUxHTAbBgNVBAMTFGxkYXAubGFiLmdyaXptaW4ub3JnMRQwEgYD
VQQKEwtHcml6bWluLm9yZzCCAaIwDQYJKoZIhvcNAQEBBQADggGPADCCAYoCggGB
AK+iF6mysCXG+RJj9zYSPS+lWaRbVz2bayR5lVWzHUjhoB9CIiamuVNJFe7bj/EJ
H82f/SUf6UxVja2bqbzd5kKePnqDW/dzazWe702KZlF6xmYBj0OSkPhxU+g36WLp
mJQ82I1FW+LRhDge8wAjyXOCQwyhDeycGOM1DMoqJcNleEj7Kkgs8J7AqHNW91Iy
hI7faq5lHoeKCkcj/wU6XurQPjBnClJsbujlCjXi0fe7iwPPbULwObMvIBvsbxKZ
DaQm3D4eAya94WSzUHSGUw7RQ137Nt4+DJ6J+O6yocB7rf+YJunA5SV2EGeFM5yf
hBxW8TUIxOljKj2dWp0rEhWTqlez0GMLSc2NfAQMyMzvmllq+MYbWjeKMrqNn6CD
Q5t6fdq5VIbHhrVDeFxSGMIFYwHS7CwrP9ulO57+p/O5TqBtWlV1w+1AhjfGSUe+
T1P68Bovvs4242ZFaevYXBAzZ1LQA74hfID3qoLeo6hCp56Ow83lekX5zoAN81x1
twIDAQABo3YwdDAMBgNVHRMBAf8EAjAAMBMGA1UdJQQMMAoGCCsGAQUFBwMBMA8G
A1UdDwEB/wQFAwMHoAAwHQYDVR0OBBYEFJO6GGR7yZ6KnbP2JOirqOqdiv1FMB8G
A1UdIwQYMBaAFG05VgUb+TT6+Lyn2V2mjJowEx56MA0GCSqGSIb3DQEBCwUAA4IB
AQC9kG5uwITcHSwfi1bmquqeitlEQhi+xqNtjc+9zLmviBiosyA9oAP8RZ3ef6en
jah56zOLAYHyeluFaCzvgXpH4jdEyA0tv5lX0vm1kJcB1E2WU+kVGU8FF/PkS/YP
HuAPNTkPMUPkqzwsc1oanqhll9saYRoBBaz0cUILb1w61H0elPyk4nRspOLrbgZj
j4ljFBbiC9L/5kBvKzo8VyfUaOpWNxoo9awrkKOxRI8HFjzvN3uDb0KAXg0zh3u3
AlA2wq9z2e/1zZcKwKuDnJfWpJjgdhs8fvsev6HMNlcXmf/rWPliX75eKRRu6l8n
aZy5o+FmGPeFssiLL4wRZjfR
-----END CERTIFICATE-----
Raw
ldap.gnutls.key
Public Key Info:
Public Key Algorithm: RSA
Key Security Level: High (3072 bits)
modulus:
00:af:a2:17:a9:b2:b0:25:c6:f9:12:63:f7:36:12:
3d:2f:a5:59:a4:5b:57:3d:9b:6b:24:79:95:55:b3:
1d:48:e1:a0:1f:42:22:26:a6:b9:53:49:15:ee:db:
8f:f1:09:1f:cd:9f:fd:25:1f:e9:4c:55:8d:ad:9b:
a9:bc:dd:e6:42:9e:3e:7a:83:5b:f7:73:6b:35:9e:
ef:4d:8a:66:51:7a:c6:66:01:8f:43:92:90:f8:71:
53:e8:37:e9:62:e9:98:94:3c:d8:8d:45:5b:e2:d1:
84:38:1e:f3:00:23:c9:73:82:43:0c:a1:0d:ec:9c:
18:e3:35:0c:ca:2a:25:c3:65:78:48:fb:2a:48:2c:
f0:9e:c0:a8:73:56:f7:52:32:84:8e:df:6a:ae:65:
1e:87:8a:0a:47:23:ff:05:3a:5e:ea:d0:3e:30:67:
0a:52:6c:6e:e8:e5:0a:35:e2:d1:f7:bb:8b:03:cf:
6d:42:f0:39:b3:2f:20:1b:ec:6f:12:99:0d:a4:26:
dc:3e:1e:03:26:bd:e1:64:b3:50:74:86:53:0e:d1:
43:5d:fb:36:de:3e:0c:9e:89:f8:ee:b2:a1:c0:7b:
ad:ff:98:26:e9:c0:e5:25:76:10:67:85:33:9c:9f:
84:1c:56:f1:35:08:c4:e9:63:2a:3d:9d:5a:9d:2b:
12:15:93:aa:57:b3:d0:63:0b:49:cd:8d:7c:04:0c:
c8:cc:ef:9a:59:6a:f8:c6:1b:5a:37:8a:32:ba:8d:
9f:a0:83:43:9b:7a:7d:da:b9:54:86:c7:86:b5:43:
78:5c:52:18:c2:05:63:01:d2:ec:2c:2b:3f:db:a5:
3b:9e:fe:a7:f3:b9:4e:a0:6d:5a:55:75:c3:ed:40:
86:37:c6:49:47:be:4f:53:fa:f0:1a:2f:be:ce:36:
e3:66:45:69:eb:d8:5c:10:33:67:52:d0:03:be:21:
7c:80:f7:aa:82:de:a3:a8:42:a7:9e:8e:c3:cd:e5:
7a:45:f9:ce:80:0d:f3:5c:75:b7:
public exponent:
01:00:01:
private exponent:
00:93:00:f3:19:60:ac:bb:11:ed:8b:8d:0c:6f:bf:
98:62:f6:dd:2f:0a:1c:dd:3d:e6:d1:e2:ca:31:ae:
f7:c5:f6:c3:95:26:3f:7b:66:75:1b:d6:c2:7a:e8:
5f:74:7a:14:9a:81:5c:da:e3:f8:db:a1:88:32:55:
66:1e:e5:04:43:a2:3b:dd:43:71:88:8e:9c:9f:86:
e5:f9:5a:ec:05:2a:e4:40:a0:f1:8e:b7:70:8b:e2:
1f:3e:f0:fd:71:82:df:e8:c3:7c:e5:d1:b5:f5:05:
34:cb:dc:6b:bc:24:38:0b:6c:6e:3e:75:d7:37:c1:
f7:ba:c4:be:6d:c0:15:57:94:e8:b6:fd:33:08:b2:
44:bc:3b:b9:42:c0:f9:c5:5c:ef:42:be:91:86:62:
b0:c8:f5:ab:60:9c:2a:69:ef:cf:5e:6e:ea:7e:8c:
e0:40:d8:ed:84:15:a1:14:35:43:55:3d:2e:40:04:
30:09:a5:14:46:7c:1d:3e:02:09:7d:e1:87:fb:1f:
29:ef:e5:2d:5a:97:82:16:05:dc:af:f9:d1:e8:90:
d2:8e:bb:ef:70:7b:dc:d8:ff:a8:69:b4:58:03:e1:
df:4e:19:8a:cc:07:13:cc:20:09:48:f2:90:3c:80:
4d:cf:55:c9:b6:0d:d7:04:a0:11:d3:23:1d:34:68:
9f:7e:55:64:7f:c4:32:95:08:63:e2:28:44:0e:4c:
51:3e:21:68:26:3f:7c:cb:a6:bf:82:95:13:da:65:
27:21:79:79:90:44:9b:23:db:9c:74:51:b5:b3:e9:
2a:45:57:43:04:83:6b:d9:59:9a:85:1a:af:db:b6:
da:f0:cb:44:01:d3:4c:be:46:b5:b6:26:55:7f:fe:
1a:b9:5d:ca:80:bc:e2:b9:dc:f3:db:de:3d:2f:7f:
84:1a:f5:81:8d:e9:85:ce:0b:e0:0f:6d:15:ce:91:
16:32:78:06:2e:db:92:5e:a9:ad:76:b4:ec:c5:02:
f8:fd:db:b4:6a:1d:0a:6c:5e:a1:
prime1:
00:c2:6d:36:26:cc:fa:35:f2:57:62:96:2e:0c:80:
98:60:94:96:c3:d5:2a:cc:d9:1d:06:7a:61:fc:5d:
7a:2e:48:94:c2:88:fd:ea:5f:a0:d0:ac:73:fb:f8:
ca:3b:dd:a5:84:e0:9f:e1:11:5d:78:ac:ce:b1:82:
82:9e:f1:a8:00:55:ca:46:00:a1:2b:66:98:f4:ef:
43:2f:83:cc:d2:e1:b6:36:32:ad:db:89:7f:36:38:
4c:2b:c6:b2:50:2a:11:66:ac:54:5c:42:e3:43:a3:
76:77:36:f8:9f:1c:a0:74:dc:d4:0b:bf:19:82:31:
89:20:0e:ac:59:dc:66:c5:58:56:99:84:ab:54:59:
dc:20:0e:03:e1:4b:3c:2b:b5:88:3c:7c:24:68:51:
9e:ff:a3:74:fb:26:38:54:08:22:c7:d4:a6:7a:b5:
c6:3a:4d:ee:1b:12:0b:af:c9:00:2f:75:e3:6c:a7:
15:c9:44:06:4f:1f:85:9e:ea:4e:fe:55:c9:
prime2:
00:e7:41:3c:a8:fc:2a:62:8a:fb:9f:4e:43:ba:9f:
ef:41:a9:7b:b4:3e:6a:c4:75:5d:dc:3b:ad:1e:16:
16:41:76:50:c8:d4:76:ef:f8:66:d7:9c:9f:e0:dd:
d8:17:61:99:39:59:c5:13:f9:bb:86:e4:d4:2e:90:
d7:44:6a:6f:b2:8f:56:5e:d9:b6:88:b6:77:b1:3c:
de:66:ac:79:4a:8b:e8:0a:6e:4b:24:f2:25:c8:2a:
78:ea:4c:de:c7:31:98:d5:56:75:3e:d9:4e:28:6d:
34:1a:d8:c5:13:fa:8b:25:c4:78:3d:2f:76:0a:6a:
aa:f3:98:eb:06:0b:94:33:69:b8:ab:b1:0b:63:0e:
f3:a2:a7:c6:c9:19:21:55:62:69:d0:9f:ee:a5:74:
03:0c:ee:a4:cb:9b:9c:9e:2c:8e:42:9f:38:c9:a1:
31:64:52:06:ce:98:0b:28:9c:a5:b1:36:aa:f9:18:
e6:51:fd:b0:b4:88:44:47:58:fd:f0:2f:7f:
coefficient:
49:ad:9e:1d:9b:45:cb:ce:09:da:4b:39:57:44:45:
5f:35:c7:23:a8:26:d2:d5:24:8b:76:ea:8f:65:fc:
7c:2c:9d:ff:e6:ef:3a:0a:f0:9d:dc:53:6d:51:3d:
5d:39:a4:87:2d:b3:a2:62:27:73:cd:1b:d8:e4:c1:
0c:20:ff:63:ce:c8:94:a2:76:7b:b8:ef:67:11:4d:
a4:6a:7f:58:1f:ea:db:83:4c:e5:38:bc:5a:61:5e:
5d:76:12:cf:e2:fd:56:b4:f6:76:86:d3:b5:1b:9d:
60:bf:94:c5:ab:89:0a:bf:b9:bf:71:e3:23:60:73:
b2:d9:d2:6f:bf:5b:23:a0:a5:18:97:99:c5:71:84:
7f:bd:49:18:cc:27:97:43:2e:e9:5a:36:95:c1:f7:
8d:1c:33:ab:a3:3a:4e:7b:54:76:00:34:66:90:3d:
a4:be:e6:b5:f7:a2:94:4b:26:97:0e:17:5a:70:26:
57:81:31:6d:3b:66:34:df:42:f6:21:39:
exp1:
00:95:a3:88:72:04:80:ee:d4:3d:fd:5a:a8:c6:66:
92:e0:82:7c:26:ed:01:ab:f7:ce:27:16:3a:24:09:
ad:e7:c1:64:fc:f4:82:b8:c8:30:f5:6a:45:3a:41:
19:25:4a:4a:02:22:ff:ea:31:7b:47:4d:79:27:95:
d3:02:91:eb:43:96:c3:bf:6c:ec:9e:82:b0:66:93:
5f:9a:4a:4e:72:5f:d5:e5:90:cb:ce:93:dc:9c:d6:
67:89:a9:bb:c3:87:1d:2d:70:a4:dc:fd:7d:fc:a8:
ea:9c:86:6a:83:cb:7c:93:75:02:9e:a7:cd:f2:2e:
3d:e3:b6:67:60:22:09:d7:09:4e:5d:89:86:73:bd:
55:76:36:53:36:2a:b9:7c:ca:92:b8:3a:b3:aa:b6:
67:31:49:94:d7:57:6b:33:01:b0:03:2c:df:94:c2:
22:76:ed:53:bc:f1:fe:9c:a4:8e:c7:f8:6b:b9:4c:
3f:b0:4f:f2:ab:23:0f:ac:67:99:b4:96:41:
exp2:
17:34:44:91:f0:3b:90:87:c1:97:ca:92:a1:37:4b:
1a:9b:96:fe:0f:05:47:91:3f:49:c9:f3:25:01:b2:
59:ff:35:3b:f1:95:bd:9e:7f:33:43:54:07:8c:3b:
12:9d:88:72:68:bf:8d:b1:91:4f:87:c6:82:a5:a5:
f4:07:7a:0d:c0:b4:39:f0:3e:90:99:3e:89:5a:42:
36:ab:37:c0:73:29:65:62:8b:c7:b9:44:71:41:51:
c0:b0:d5:e9:c6:e0:3f:07:dd:db:e0:92:27:1c:4e:
0e:23:92:22:df:10:f7:49:2f:87:74:2b:b3:ff:e0:
07:71:60:a3:ca:a5:a4:43:07:74:b2:df:21:a1:6e:
70:f3:c4:ce:88:e6:ff:5a:50:a3:ce:68:73:d1:a0:
3c:bb:f5:6d:38:c0:0e:5f:0a:27:45:32:bd:88:9f:
1c:21:de:ec:fb:f4:a2:ae:95:31:a2:fa:a4:e4:0a:
b8:4f:6c:5b:b1:10:a8:d8:15:22:f4:a1:
Public Key ID: 93:BA:18:64:7B:C9:9E:8A:9D:B3:F6:24:E8:AB:A8:EA:9D:8A:FD:45
Public key's random art:
+--[ RSA 3072]----+
| |
| |
| |
| . |
| o E S |
| + + o . |
| . + B |
|oo.o+X o |
|X+**B== |
+-----------------+
-----BEGIN RSA PRIVATE KEY-----
MIIG5AIBAAKCAYEAr6IXqbKwJcb5EmP3NhI9L6VZpFtXPZtrJHmVVbMdSOGgH0Ii
Jqa5U0kV7tuP8QkfzZ/9JR/pTFWNrZupvN3mQp4+eoNb93NrNZ7vTYpmUXrGZgGP
Q5KQ+HFT6DfpYumYlDzYjUVb4tGEOB7zACPJc4JDDKEN7JwY4zUMyiolw2V4SPsq
SCzwnsCoc1b3UjKEjt9qrmUeh4oKRyP/BTpe6tA+MGcKUmxu6OUKNeLR97uLA89t
QvA5sy8gG+xvEpkNpCbcPh4DJr3hZLNQdIZTDtFDXfs23j4Mnon47rKhwHut/5gm
6cDlJXYQZ4UznJ+EHFbxNQjE6WMqPZ1anSsSFZOqV7PQYwtJzY18BAzIzO+aWWr4
xhtaN4oyuo2foINDm3p92rlUhseGtUN4XFIYwgVjAdLsLCs/26U7nv6n87lOoG1a
VXXD7UCGN8ZJR75PU/rwGi++zjbjZkVp69hcEDNnUtADviF8gPeqgt6jqEKnno7D
zeV6RfnOgA3zXHW3AgMBAAECggGBAJMA8xlgrLsR7YuNDG+/mGL23S8KHN095tHi
yjGu98X2w5UmP3tmdRvWwnroX3R6FJqBXNrj+NuhiDJVZh7lBEOiO91DcYiOnJ+G
5fla7AUq5ECg8Y63cIviHz7w/XGC3+jDfOXRtfUFNMvca7wkOAtsbj511zfB97rE
vm3AFVeU6Lb9MwiyRLw7uULA+cVc70K+kYZisMj1q2CcKmnvz15u6n6M4EDY7YQV
oRQ1Q1U9LkAEMAmlFEZ8HT4CCX3hh/sfKe/lLVqXghYF3K/50eiQ0o6773B73Nj/
qGm0WAPh304ZiswHE8wgCUjykDyATc9VybYN1wSgEdMjHTRon35VZH/EMpUIY+Io
RA5MUT4haCY/fMumv4KVE9plJyF5eZBEmyPbnHRRtbPpKkVXQwSDa9lZmoUar9u2
2vDLRAHTTL5GtbYmVX/+GrldyoC84rnc89vePS9/hBr1gY3phc4L4A9tFc6RFjJ4
Bi7bkl6prXa07MUC+P3btGodCmxeoQKBwQDCbTYmzPo18ldili4MgJhglJbD1SrM
2R0GemH8XXouSJTCiP3qX6DQrHP7+Mo73aWE4J/hEV14rM6xgoKe8agAVcpGAKEr
Zpj070Mvg8zS4bY2Mq3biX82OEwrxrJQKhFmrFRcQuNDo3Z3NvifHKB03NQLvxmC
MYkgDqxZ3GbFWFaZhKtUWdwgDgPhSzwrtYg8fCRoUZ7/o3T7JjhUCCLH1KZ6tcY6
Te4bEguvyQAvdeNspxXJRAZPH4We6k7+VckCgcEA50E8qPwqYor7n05Dup/vQal7
tD5qxHVd3DutHhYWQXZQyNR27/hm15yf4N3YF2GZOVnFE/m7huTULpDXRGpvso9W
Xtm2iLZ3sTzeZqx5SovoCm5LJPIlyCp46kzexzGY1VZ1PtlOKG00GtjFE/qLJcR4
PS92Cmqq85jrBguUM2m4q7ELYw7zoqfGyRkhVWJp0J/upXQDDO6ky5ucniyOQp84
yaExZFIGzpgLKJylsTaq+RjmUf2wtIhER1j98C9/AoHBAJWjiHIEgO7UPf1aqMZm
kuCCfCbtAav3zicWOiQJrefBZPz0grjIMPVqRTpBGSVKSgIi/+oxe0dNeSeV0wKR
60OWw79s7J6CsGaTX5pKTnJf1eWQy86T3JzWZ4mpu8OHHS1wpNz9ffyo6pyGaoPL
fJN1Ap6nzfIuPeO2Z2AiCdcJTl2JhnO9VXY2UzYquXzKkrg6s6q2ZzFJlNdXazMB
sAMs35TCInbtU7zx/pykjsf4a7lMP7BP8qsjD6xnmbSWQQKBwBc0RJHwO5CHwZfK
kqE3Sxqblv4PBUeRP0nJ8yUBsln/NTvxlb2efzNDVAeMOxKdiHJov42xkU+HxoKl
pfQHeg3AtDnwPpCZPolaQjarN8BzKWVii8e5RHFBUcCw1enG4D8H3dvgkiccTg4j
kiLfEPdJL4d0K7P/4AdxYKPKpaRDB3Sy3yGhbnDzxM6I5v9aUKPOaHPRoDy79W04
wA5fCidFMr2Inxwh3uz79KKulTGi+qTkCrhPbFuxEKjYFSL0oQKBwEmtnh2bRcvO
CdpLOVdERV81xyOoJtLVJIt26o9l/Hwsnf/m7zoK8J3cU21RPV05pIcts6JiJ3PN
G9jkwQwg/2POyJSidnu472cRTaRqf1gf6tuDTOU4vFphXl12Es/i/Va09naG07Ub
nWC/lMWriQq/ub9x4yNgc7LZ0m+/WyOgpRiXmcVxhH+9SRjMJ5dDLulaNpXB940c
M6ujOk57VHYANGaQPaS+5rX3opRLJpcOF1pwJleBMW07ZjTfQvYhOQ==
-----END RSA PRIVATE KEY-----
Raw
memberof.ldif
dn: cn=module,cn=config
cn: module
objectclass: olcModuleList
objectclass: top
olcmoduleload: memberof.la
olcmodulepath: /usr/lib/ldap
dn: olcOverlay={0}memberof,olcDatabase={1}mdb,cn=config
objectClass: olcConfig
objectClass: olcMemberOf
objectClass: olcOverlayConfig
objectClass: top
olcOverlay: memberof
Raw
openssh-lpk.ldif
dn: cn=openssh-lpk,cn=schema,cn=config
objectClass: olcSchemaConfig
cn: openssh-lpk
olcAttributeTypes: ( 1.3.6.1.4.1.24552.500.1.1.1.13 NAME 'sshPublicKey'
DESC 'MANDATORY: OpenSSH Public key'
EQUALITY octetStringMatch
SYNTAX 1.3.6.1.4.1.1466.115.121.1.40 )
olcObjectClasses: ( 1.3.6.1.4.1.24552.500.1.1.2.0 NAME 'ldapPublicKey' SUP top AUXILIARY
DESC 'MANDATORY: OpenSSH LPK objectclass'
MAY ( sshPublicKey $ uid )
)
Raw
posixAccount.xml
<?xml version="1.0" encoding="UTF-8" standalone="no"?>
<!DOCTYPE template SYSTEM "template.dtd">
<template>
<askcontainer>1</askcontainer>
<description>New User Account</description>
<icon>ldap-user.png</icon>
<invalid>0</invalid>
<rdn>cn</rdn>
<!--<regexp>^ou=People,o=.*,</regexp>-->
<title>Generic: User Account</title>
<visible>1</visible>
<objectClasses>
<objectClass id="inetOrgPerson"></objectClass>
<objectClass id="posixAccount"></objectClass>
<objectClass id="ldapPublicKey"></objectClass>
</objectClasses>
<attributes>
<attribute id="givenName">
<display>First name</display>
<icon>ldap-uid.png</icon>
<onchange>=autoFill(cn;%givenName% %sn%)</onchange>
<onchange>=autoFill(uid;%givenName|0-1/l%%sn/l%)</onchange>
<order>1</order>
<page>1</page>
</attribute>
<attribute id="sn">
<display>Last name</display>
<onchange>=autoFill(cn;%givenName% %sn%)</onchange>
<onchange>=autoFill(uid;%givenName|0-1/l%%sn/l%)</onchange>
<!-- <onchange>=autoFill(homeDirectory;/home/%uid|0-1/l%/%uid%)</onchange> -->
<order>2</order>
<page>1</page>
</attribute>
<attribute id="sshPublicKey">
<display>OpenSSH Public key</display>
<order>3</order>
<page>1</page>
</attribute>
<attribute id="title">
<display>Access Title</display>
<size>3</size>
<page>1</page>
</attribute>
<attribute id="cn">
<display>Common Name</display>
<order>4</order>
<page>1</page>
</attribute>
<attribute id="uid">
<display>User ID</display>
<onchange>=autoFill(homeDirectory;/home/%uid%)</onchange>
<order>5</order>
<page>1</page>
<spacer>1</spacer>
</attribute>
<attribute id="homeDirectory">
<display>Home directory</display>
<!-- <onchange>=autoFill(homeDirectory;/home/%gidNumber|0-0/T%/%uid|3-%)</onchange> -->
<order>9</order>
<page>1</page>
</attribute>
<attribute id="uidNumber">
<display>UID Number</display>
<icon>terminal.png</icon>
<order>7</order>
<page>1</page>
<readonly>1</readonly>
<value>=php.GetNextNumber(/;uidNumber)</value>
</attribute>
<attribute id="gidNumber">
<display>GID Number</display>
<!-- <onchange>=autoFill(homeDirectory;/home/%gidNumber|0-0/T%/%uid|3-%)</onchange> -->
<order>8</order>
<page>1</page>
<value><![CDATA[=php.PickList(/;(&(objectClass=posixGroup));gidNumber;%cn%;;;;cn)]]></value>
</attribute>
<attribute id="loginShell">
<display>Login shell</display>
<order>10</order>
<page>1</page>
<!-- <value><![CDATA[=php.PickList(/;(&(objectClass=posixAccount));loginShell;%loginShell%;;;;loginShell)]]></value> -->
<type>select</type>
<value id="/bin/bash">/bin/bash</value>
<value id="/bin/sh">/bin/sh</value>
<value id="/bin/csh">/bin/csh</value>
<value id="/bin/tsh">/bin/tsh</value>
</attribute>
<attribute id="userPassword">
<display>Password</display>
<!-- <helper>
<display>Encryption</display>
<id>enc</id>
<value>=php.PasswordEncryptionTypes()</value>
</helper> -->
<icon>lock.png</icon>
<order>6</order>
<page>1</page>
<post>=php.PasswordEncrypt(%enc%;%userPassword%)</post>
<spacer>1</spacer>
<verify>1</verify>
</attribute>
</attributes>
</template>
Raw
refint.ldif
dn: cn=module,cn=config
cn: module
objectclass: olcModuleList
objectclass: top
olcmoduleload: refint.la
olcmodulepath: /usr/lib/ldap
dn: olcOverlay={1}refint,olcDatabase={1}mdb,cn=config
objectClass: olcConfig
objectClass: olcOverlayConfig
objectClass: olcRefintConfig
objectClass: top
olcOverlay: {1}refint
olcRefintAttribute: memberof member manager owner
Raw
ssl.ldif
dn: cn=accessRole,cn=schema,cn=config
objectClass: olcSchemaConfig
cn: accessRole
olcAttributeTypes: ( 1.3.6.1.4.1.30503.500.1.1.1.13 NAME 'accessRole'
DESC 'MANDATORY: Access Role'
EQUALITY caseIgnoreMatch
SYNTAX 1.3.6.1.4.1.1466.115.121.1.15
)
olcObjectClasses: ( 1.3.6.1.4.1.30503.500.1.1.2.0 NAME 'userAccessRole' SUP top AUXILIARY
DESC 'MANDATORY: User Access Role objectclass'
MAY ( accessRole $ uid )
)
root@ldap:/etc/ldap/schema# cat ssl.ldif
dn: cn=config
changetype: Modify
add: olcTLSCertificateKeyFile
olcTLSCertificateKeyFile: /etc/ldap/gnutls/ldap.gnutls.key
-
add: olcTLSCertificateFile
olcTLSCertificateFile: /etc/ldap/gnutls/ldap.gnutls.crt
-
add: olcTLSCipherSuite
olcTLSCipherSuite: NORMAL
-
add: olcTLSCRLCheck
olcTLSCRLCheck: none
-
add: olcTLSVerifyClient
olcTLSVerifyClient: never
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment