Skip to content
GitLab
Projects
Groups
Snippets
/
Help
Help
Support
Community forum
Keyboard shortcuts
?
Submit feedback
Sign in
Toggle navigation
Menu
Open sidebar
Projets publics
puppet-freeradius
Commits
8b97e7cb
Commit
8b97e7cb
authored
Mar 02, 2017
by
Jonathan Gazeley
Browse files
Restore proper indentation
parent
7dbbc346
Changes
1
Hide whitespace changes
Inline
Side-by-side
templates/ldap.erb
View file @
8b97e7cb
...
...
@@ -18,7 +18,7 @@ ldap <%= @name %> {
# - ldapi:// (LDAP over Unix socket)
# - ldapc:// (Connectionless LDAP)
#
<%
@serverconcatarray
.
each
do
|
srv
|
-%>
server = '
<%=
srv
%>
'
<%
@serverconcatarray
.
each
do
|
srv
|
-%>
server = '
<%=
srv
%>
'
<%
end
-%>
# Port to connect on, defaults to 389, will be ignored for LDAP URIs.
...
...
@@ -27,10 +27,10 @@ ldap <%= @name %> {
# Administrator account for searching and possibly modifying.
# If using SASL + KRB5 these should be commented out.
<%-
if
@identity
-%>
identity = '
<%=
@identity
%>
'
identity = '
<%=
@identity
%>
'
<%-
end
-%>
<%-
if
@password
-%>
password =
<%=
@password
%>
password =
<%=
@password
%>
<%-
end
-%>
# Unless overridden in another section, the dn from which all
...
...
@@ -61,19 +61,19 @@ ldap <%= @name %> {
# SASL mechanism
# mech = 'PLAIN'
<%-
if
@sasl
.
has_key?
(
'mech'
)
-%>
mech = '
<%=
@sasl
[
'mech'
]
%>
'
mech = '
<%=
@sasl
[
'mech'
]
%>
'
<%-
end
-%>
# SASL authorisation identity to proxy.
# proxy = 'autz_id'
<%-
if
@sasl
.
has_key?
(
'proxy'
)
-%>
proxy = '
<%=
@sasl
[
'proxy'
]
%>
'
proxy = '
<%=
@sasl
[
'proxy'
]
%>
'
<%-
end
-%>
# SASL realm. Used for kerberos.
# realm = 'example.org'
<%-
if
@sasl
.
has_key?
(
'realm'
)
-%>
realm = '
<%=
@sasl
[
'realm'
]
%>
'
realm = '
<%=
@sasl
[
'realm'
]
%>
'
<%-
end
-%>
}
...
...
@@ -96,7 +96,7 @@ ldap <%= @name %> {
# will be xlat expanded.
# valuepair_attribute = 'radiusAttribute'
<%-
if
@valuepair_attribute
-%>
valuepair_attribute =
<%=
@valuepair_attribute
%>
valuepair_attribute =
<%=
@valuepair_attribute
%>
<%-
end
-%>
#
...
...
@@ -127,9 +127,9 @@ ldap <%= @name %> {
# the name to be derived from an xlat expansion, or an attribute ref.
#
<%-
if
@update
-%>
update {
<%=
@update
.
join
(
"
\n
"
)
%>
}
update {
<%=
@update
.
join
(
"
\n
"
)
%>
}
<%-
else
-%>
update {
control:Password-With-Header += 'userPassword'
...
...
@@ -152,7 +152,7 @@ ldap <%= @name %> {
# password mechanism.
# edir = no
<%-
if
@edir
-%>
edir =
<%=
@edir
%>
edir =
<%=
@edir
%>
<%-
end
-%>
# Set to yes if you want to bind as the user after retrieving the
...
...
@@ -160,7 +160,7 @@ ldap <%= @name %> {
# verify user authorization.
# edir_autz = no
<%-
if
@edir_autz
-%>
edir_autz =
<%=
@edir_autz
%>
edir_autz =
<%=
@edir_autz
%>
<%-
end
-%>
# Note: set_auth_type was removed in v3.x.x
...
...
@@ -198,26 +198,26 @@ ldap <%= @name %> {
# SASL mechanism
# mech = 'PLAIN'
<%-
if
@user_sasl
.
has_key?
(
'mech'
)
-%>
mech = '
<%=
@user_sasl
[
'mech'
]
%>
'
mech = '
<%=
@user_sasl
[
'mech'
]
%>
'
<%-
end
-%>
# SASL authorisation identity to proxy.
# proxy =
&
User-Name
<%-
if
@user_sasl
.
has_key?
(
'proxy'
)
-%>
proxy = '
<%=
@user_sasl
[
'proxy'
]
%>
'
proxy = '
<%=
@user_sasl
[
'proxy'
]
%>
'
<%-
end
-%>
# SASL realm. Used for kerberos.
# realm = 'example.org'
<%-
if
@user_sasl
.
has_key?
(
'realm'
)
-%>
realm = '
<%=
@user_sasl
[
'realm'
]
%>
'
realm = '
<%=
@user_sasl
[
'realm'
]
%>
'
<%-
end
-%>
}
# Search scope, may be 'base', 'one', sub' or 'children'
# scope = 'sub'
<%-
if
@user_scope
-%>
scope = '
<%=
@user_scope
%>
'
scope = '
<%=
@user_scope
%>
'
<%-
end
-%>
# Server side result sorting
...
...
@@ -237,7 +237,7 @@ ldap <%= @name %> {
# set, the search will fail.
# sort_by = '-uid'
<%-
if
@user_sort_by
-%>
sort_by = '
<%=
@user_sort_by
%>
'
sort_by = '
<%=
@user_sort_by
%>
'
<%-
end
-%>
# If this is undefined, anyone is authorised.
...
...
@@ -245,7 +245,7 @@ ldap <%= @name %> {
# determine whether or not the user is authorised
# access_attribute = 'dialupAccess'
<%-
if
@user_access_attribute
-%>
access_attribute = '
<%=
@user_access_attribute
%>
'
access_attribute = '
<%=
@user_access_attribute
%>
'
<%-
end
-%>
# Control whether the presence of 'access_attribute'
...
...
@@ -272,7 +272,7 @@ ldap <%= @name %> {
# Will result in the user being locked out.
# access_positive = yes
<%-
if
@user_access_positive
-%>
access_positive =
<%=
@user_access_positive
%>
access_positive =
<%=
@user_access_positive
%>
<%-
end
-%>
}
...
...
@@ -281,16 +281,16 @@ ldap <%= @name %> {
#
group {
# Where to start searching in the tree for groups
base_dn = "
<%=
@group_base_dn
%>
"
base_dn = "
<%=
@group_base_dn
%>
"
# Filter for group objects, should match all available
# group objects a user might be a member of.
filter = "
<%=
@group_filter
%>
"
filter = "
<%=
@group_filter
%>
"
# Search scope, may be 'base', 'one', sub' or 'children'
# scope = 'sub'
<%-
if
@group_scope
-%>
scope = '
<%=
@group_scope
%>
'
scope = '
<%=
@group_scope
%>
'
<%-
end
-%>
# Attribute that uniquely identifies a group.
...
...
@@ -298,7 +298,7 @@ ldap <%= @name %> {
# names.
# name_attribute = cn
<%-
if
@group_name_attribute
-%>
name_attribute =
<%=
@group_name_attribute
%>
name_attribute =
<%=
@group_name_attribute
%>
<%-
end
-%>
# Filter to find group objects a user is a member of.
...
...
@@ -306,7 +306,7 @@ ldap <%= @name %> {
# identify members (the inverse of membership_attribute).
# membership_filter = "(|(member=%{control:Ldap-UserDn})(memberUid=%{%{Stripped-User-Name}:-%{User-Name}}))"
<%-
if
@group_membership_filter
-%>
membership_filter = "
<%=
@group_membership_filter
%>
"
membership_filter = "
<%=
@group_membership_filter
%>
"
<%-
end
-%>
# The attribute in user objects which contain the names
...
...
@@ -315,7 +315,7 @@ ldap <%= @name %> {
# Unless a conversion between group name and group DN is
# needed, there's no requirement for the group objects
# referenced to actually exist.
membership_attribute = '
<%=
@group_membership_attribute
%>
'
membership_attribute = '
<%=
@group_membership_attribute
%>
'
# If cacheable_name or cacheable_dn are enabled,
# all group information for the user will be
...
...
@@ -333,11 +333,11 @@ ldap <%= @name %> {
# cacheable_dn else enable cacheable_name.
# cacheable_name = 'no'
<%-
if
@group_cacheable_name
-%>
cacheable_name = '
<%=
@group_cacheable_name
%>
'
cacheable_name = '
<%=
@group_cacheable_name
%>
'
<%-
end
-%>
# cacheable_dn = 'no'
<%-
if
@group_cacheable_dn
-%>
cacheable_dn = '
<%=
@group_cacheable_dn
%>
'
cacheable_dn = '
<%=
@group_cacheable_dn
%>
'
<%-
end
-%>
# Override the normal cache attribute (
<inst>
-LDAP-Group or
...
...
@@ -346,14 +346,14 @@ ldap <%= @name %> {
# are used in fail-over.
# cache_attribute = 'LDAP-Cached-Membership'
<%-
if
@group_cache_attribute
-%>
cache_attribute = '
<%=
@group_cache_attribute
%>
'
cache_attribute = '
<%=
@group_cache_attribute
%>
'
<%-
end
-%>
# Override the normal group comparison attribute name
# (
<inst>
-LDAP-Group or LDAP-Group if using the default instance) .
# group_attribute = "${.:instance}-${.:name}-Group"
<%-
if
@group_attribute
-%>
group_attribute = '
<%=
@group_attribute
%>
'
group_attribute = '
<%=
@group_attribute
%>
'
<%-
end
-%>
}
...
...
@@ -366,7 +366,7 @@ ldap <%= @name %> {
# Filter for RADIUS profile objects
# filter = '(objectclass=radiusprofile)'
<%-
if
@profile_filter
-%>
filter = '
<%=
@profile_filter
%>
'
filter = '
<%=
@profile_filter
%>
'
<%-
end
-%>
# The default profile. This may be a DN or an attribute
...
...
@@ -376,7 +376,7 @@ ldap <%= @name %> {
# set this to
&
control:User-Profile.
# default = 'cn=radprofile,dc=example,dc=org'
<%-
if
@profile_default
-%>
default = '
<%=
@profile_default
%>
'
default = '
<%=
@profile_default
%>
'
<%-
end
-%>
# The LDAP attribute containing profile DNs to apply
...
...
@@ -386,7 +386,7 @@ ldap <%= @name %> {
# if authorization is successful.
# attribute = 'radiusProfileDn'
<%-
if
@profile_default
-%>
attribute = '
<%=
@profile_attribute
%>
'
attribute = '
<%=
@profile_attribute
%>
'
<%-
end
-%>
}
...
...
@@ -395,17 +395,17 @@ ldap <%= @name %> {
#
client {
# Where to start searching in the tree for clients
base_dn = "
<%=
@client_base_dn
%>
"
base_dn = "
<%=
@client_base_dn
%>
"
#
# Filter to match client objects
#
filter = '
<%=
@client_filter
%>
'
filter = '
<%=
@client_filter
%>
'
# Search scope, may be 'base', 'one', 'sub' or 'children'
# scope = 'sub'
<%-
if
@client_scope
-%>
scope = '
<%=
@client_scope
%>
'
scope = '
<%=
@client_scope
%>
'
<%-
end
-%>
#
...
...
@@ -450,7 +450,7 @@ ldap <%= @name %> {
# Load clients on startup
# read_clients = no
<%-
if
@read_clients
-%>
read_clients =
<%=
@read_clients
%>
read_clients =
<%=
@read_clients
%>
<%-
end
-%>
#
...
...
@@ -519,7 +519,7 @@ ldap <%= @name %> {
# LDAP_OPT_DEREF is set to this value.
# dereference = 'always'
<%-
if
@dereference
-%>
dereference = '
<%=
@dereference
%>
'
dereference = '
<%=
@dereference
%>
'
<%-
end
-%>
#
...
...
@@ -529,15 +529,15 @@ ldap <%= @name %> {
# If you set these to 'no', then searches will likely return
# 'operations error', instead of a useful result.
#
chase_referrals =
<%=
@chase_referrals
%>
rebind =
<%=
@rebind
%>
chase_referrals =
<%=
@chase_referrals
%>
rebind =
<%=
@rebind
%>
#
# On rebind, use the credentials from the rebind url instead
# of admin credentials used during the initial bind.
# Default 'no'
#
use_referral_credentials =
<%=
@use_referral_credentials
%>
use_referral_credentials =
<%=
@use_referral_credentials
%>
#
# If 'yes', then include draft-wahl-ldap-session tracking
...
...
@@ -550,7 +550,7 @@ ldap <%= @name %> {
#
# session_tracking = yes
<%-
if
@session_tracking
-%>
session_tracking =
<%=
@session_tracking
%>
session_tracking =
<%=
@session_tracking
%>
<%-
end
-%>
# Seconds to wait for LDAP query to finish. default: 20
...
...
@@ -560,7 +560,7 @@ ldap <%= @name %> {
# time limit). default: 20
#
# LDAP_OPT_TIMELIMIT is set to this value.
srv_timelimit =
<%=
@timelimit
%>
srv_timelimit =
<%=
@timelimit
%>
# LDAP_OPT_X_KEEPALIVE_IDLE
idle =
<%=
@idle
%>
...
...
@@ -578,7 +578,7 @@ ldap <%= @name %> {
#
# default: 0x0000 (no debugging messages)
# Example:(LDAP_DEBUG_FILTER+LDAP_DEBUG_CONNS)
ldap_debug =
<%=
@ldap_debug
%>
ldap_debug =
<%=
@ldap_debug
%>
}
#
...
...
@@ -611,7 +611,7 @@ ldap <%= @name %> {
<%
end
-%>
# random_file = /dev/urandom
<%-
if
@random_file
-%>
random_file =
<%=
@random_file
%>
random_file =
<%=
@random_file
%>
<%-
end
-%>
# Certificate Verification requirements. Can be:
...
...
@@ -675,19 +675,19 @@ ldap <%= @name %> {
# The number of seconds to wait after the server tries
# to open a connection, and fails. During this time,
# no new connections will be opened.
retry_delay =
<%=
@retry_delay
%>
retry_delay =
<%=
@retry_delay
%>
# The lifetime (in seconds) of the connection
lifetime =
<%=
@lifetime
%>
lifetime =
<%=
@lifetime
%>
# Idle timeout (in seconds). A connection which is
# unused for this length of time will be closed.
idle_timeout =
<%=
@idle_timeout
%>
idle_timeout =
<%=
@idle_timeout
%>
# Connection timeout (in seconds). The maximum amount of
# time to wait for a new connection to be established.
# Sets LDAP_OPT_NETWORK_TIMEOUT in libldap.
connect_timeout =
<%=
@connect_timeout
%>
connect_timeout =
<%=
@connect_timeout
%>
# NOTE: All configuration settings are enforced. If a
# connection is closed because of 'idle_timeout',
...
...
Write
Preview
Supports
Markdown
0%
Try again
or
attach a new file
.
Cancel
You are about to add
0
people
to the discussion. Proceed with caution.
Finish editing this message first!
Cancel
Please
register
or
sign in
to comment