61 lines
1.6 KiB
Plaintext
61 lines
1.6 KiB
Plaintext
[authentication]
|
|
backends = pam
|
|
#backends = kerberos
|
|
#backends = ldap
|
|
#backends = kerberos ldap
|
|
#backends = kerberos pam
|
|
|
|
[accounts]
|
|
backend = posix
|
|
#backend = ldap
|
|
|
|
[authorization]
|
|
backend = posix
|
|
#backend = ldap
|
|
whitelist admin users = root administrator
|
|
ldap gssapi credential cache = /run/certidude/krb5cc
|
|
|
|
ldap computer filter = (&(objectclass=user)(objectclass=computer)(samaccountname=%s))
|
|
ldap user filter = (&(objectclass=user)(objectclass=person)(samaccountname=%s))
|
|
ldap admins filter = (&(objectclass=user)(objectclass=person)(memberOf=cn=Domain Admins,cn=Users,dc=koodur,dc=com)(samaccountname=%s))
|
|
ldap member of filter = (&(objectclass=user)(objectclass=person)(samaccountname=%s)(memberOf=%s))
|
|
ldap members filter = (&(objectclass=group)(cn=%s)(member=%s))
|
|
|
|
ldap group filter = (&(objectClass=group)(cn=%s)(member=%s))
|
|
ldap user group =
|
|
ldap admin group = domain admins
|
|
posix user group =
|
|
posix admin group = certidude
|
|
user subnets = 0.0.0.0/0
|
|
admin subnets = 0.0.0.0/0
|
|
request subnets = 0.0.0.0/0
|
|
autosign subnets = 10.0.0.0/8 172.16.0.0/12 192.168.0.0/16
|
|
|
|
[logging]
|
|
backend = sql
|
|
database = sqlite://{{ directory }}/db.sqlite
|
|
|
|
[tagging]
|
|
backend = sql
|
|
database = sqlite://{{ directory }}/db.sqlite
|
|
|
|
[leases]
|
|
backend = sql
|
|
schema = strongswan
|
|
database = sqlite://{{ directory }}/db.sqlite
|
|
|
|
[signature]
|
|
certificate lifetime = 1825
|
|
revocation list lifetime = 1
|
|
|
|
[push]
|
|
server =
|
|
|
|
[authority]
|
|
private key path = {{ ca_key }}
|
|
certificate path = {{ ca_crt }}
|
|
requests dir = {{ directory }}/requests/
|
|
signed dir = {{ directory }}/signed/
|
|
revoked dir = {{ directory }}/revoked/
|
|
outbox = smtp://localhost
|