/conf/radius/ldap-alcasar |
---|
1,6 → 1,5 |
# -*- text -*- |
# Lightweight Directory Access Protocol (LDAP) module for ALCASAR |
ldap { |
server = "localhost" |
port = 389 |
7,38 → 6,28 |
identity = "cn=alcasaradmin;cn=Users;dc=serverad;dc=com" |
password = "mypass" |
base_dn = "cn=Users;dc=serverad;dc=com" |
user { |
base_dn = "${..base_dn}" |
# "samaccountname=" for AD; "uid=" for LDAP |
filter = (samaccountname=%{%{Stripped-User-Name}:-%{User-Name}}) |
} |
options { |
chase_referrals = yes |
rebind = yes |
res_timeout = 10 |
srv_timelimit = 3 |
net_timeout = 1 |
idle = 60 |
probes = 3 |
interval = 3 |
# ldap_debug = 0x0129 |
} |
tls { |
# start_tls = yes |
# ca_file = /etc/raddb/certs/alcasar-ldaps.crt |
# ca_path = ${certdir} |
# certificate_file = /path/to/radius.crt |
# private_key_file = /path/to/radius.key |
# random_file = /dev/urandom |
# require_cert = 'demand' |
} |
pool { |
start = 5 |
min = 3 |
max = 10 |
uses = 0 |
retry_delay = 30 |
lifetime = 0 |
idle_timeout = 60 |
} |
user { |
base_dn = "${..base_dn}" |
# "samaccountname=" for AD; "uid=" for LDAP |
filter = (samaccountname=%{%{Stripped-User-Name}:-%{User-Name}}) |
} |
options { |
chase_referrals = yes |
rebind = yes |
res_timeout = 10 |
srv_timelimit = 3 |
net_timeout = 1 |
idle = 60 |
probes = 3 |
interval = 3 |
} |
pool { |
start = 5 |
min = 3 |
max = 10 |
uses = 0 |
retry_delay = 30 |
lifetime = 0 |
idle_timeout = 60 |
} |
} |
/conf/sudoers |
---|
26,7 → 26,7 |
Cmnd_Alias UAM=/usr/local/bin/alcasar-uamallowed.sh # to manage the trusted websites (uamallowed) |
Cmnd_Alias SERVICE=/usr/bin/systemctl,/usr/sbin/shutdown # to manage the linux services |
Cmnd_Alias GAMMU=/usr/local/bin/alcasar-sms.sh # to manage the SMS subsystem |
Cmnd_Alias SSL=/usr/local/bin/alcasar-importcert.sh,/usr/local/bin/alcasar-letsencrypt.sh,/usr/local/bin/alcasar-https.sh,/usr/local/bin/alcasar-ldap.sh --import-cert * # to manage the certificates |
Cmnd_Alias SSL=/usr/local/bin/alcasar-importcert.sh,/usr/local/bin/alcasar-letsencrypt.sh,/usr/local/bin/alcasar-https.sh # to manage the certificates |
Cmnd_Alias HTDIGEST=/usr/local/bin/alcasar-profil.sh # to manage htdigest groups |
Cmnd_Alias LOG_GEN=/usr/local/bin/alcasar-generate_log.sh # to create log PDF from ACC |
Cmnd_Alias LDAP=/usr/local/bin/alcasar-ldap.sh # to enable/disable LDAP connection |