Skip to content

Commit

Permalink
Fix whitespace
Browse files Browse the repository at this point in the history
  • Loading branch information
@arr2036
arr2036 committed Mar 28, 2014
1 parent 15c4249 commit d2c44f7
Showing 1 changed file with 54 additions and 57 deletions.
111 changes: 54 additions & 57 deletions raddb/mods-available/ldap
View file
Expand Up @@ -3,7 +3,7 @@
# $Id$

#
# Lightweight Directory Access Protocol (LDAP)
# Lightweight Directory Access Protocol (LDAP)
#
ldap {
# Note that this needs to match the name in the LDAP server
Expand All @@ -14,7 +14,7 @@ ldap {
# LDAPS if start_tls (see below) is not able to be used.
# port = 389

# Administrator account for searching and possibly modifying.
# Administrator account for searching and possibly modifying.
# identity = "cn=admin,dc=example,dc=org"
# password = mypass

Expand All @@ -24,6 +24,8 @@ ldap {

#
# Generic valuepair attribute
#

# If set, this will attribute will be retrieved in addition to any
# mapped attributes.
#
Expand All @@ -37,12 +39,12 @@ ldap {
# <value>: Is the value to parse into the new valuepair.
# If the attribute name is wrapped in double
# quotes it will be xlat expanded.
#
# valuepair_attribute = "radiusAttribute"

#
# Mapping of LDAP directory attributes to RADIUS dictionary attributes.
#

# WARNING: Although this format is almost identical to the unlang
# update section format, it does *NOT* mean that you can use other
# unlang constructs in module configuration files.
Expand All @@ -66,7 +68,6 @@ ldap {
# Note: LDAP attribute names should be single quoted unless you want
# the name value to be derived from an xlat expansion, or an
# attribute ref.
#
update {
control:Password-With-Header += 'userPassword'
# control:NT-Password := 'ntPassword'
Expand All @@ -83,38 +84,38 @@ ldap {
# reply: += 'radiusReplyAttributes'
}

# Set to yes if you have eDirectory and want to use the universal
# password mechanism.
# Set to yes if you have eDirectory and want to use the universal
# password mechanism.
# edir = no

# Set to yes if you want to bind as the user after retrieving the
# Cleartext-Password. This will consume the login grace, and
# verify user authorization.
# Set to yes if you want to bind as the user after retrieving the
# Cleartext-Password. This will consume the login grace, and
# verify user authorization.
# edir_autz = no

# Note: set_auth_type was removed in v3.x.x
# Equivalent functionality can be achieved by adding the following
# stanza to the authorize {} section of your virtual server.
# Note: set_auth_type was removed in v3.x.x
# Equivalent functionality can be achieved by adding the following
# stanza to the authorize {} section of your virtual server.
#
# ldap
# if ((ok || updated) && User-Password) {
# update {
# control:Auth-Type := ldap
# }
# }

#
# User object identification.
#
user {
# Where to start searching in the tree for users
# Where to start searching in the tree for users
base_dn = "${..base_dn}"

# Filter for user objects, should be specific enough
# to identify a single user object.
filter = "(uid=%{%{Stripped-User-Name}:-%{User-Name}})"

# Search scope, may be 'base', 'one', sub' or 'children'
# Search scope, may be 'base', 'one', sub' or 'children'
# scope = 'sub'

# If this is undefined, anyone is authorised.
Expand Down Expand Up @@ -150,7 +151,7 @@ ldap {
# User membership checking.
#
group {
# Where to start searching in the tree for groups
# Where to start searching in the tree for groups
base_dn = "${..base_dn}"

# Filter for group objects, should match all available
Expand Down Expand Up @@ -264,14 +265,13 @@ ldap {
}
}

#
# Load clients on startup
#
# read_clients = no

#
# Modify user object on receiving Accounting-Request
#

# Useful for recording things like the last time the user logged
# in, or the Acct-Session-ID for CoA/DM.
#
Expand All @@ -288,7 +288,6 @@ ldap {
# WARNING: If using the ':=' operator with a multi-valued LDAP
# attribute, all instances of the attribute will be removed and
# replaced with a single attribute.
#
accounting {
reference = "%{tolower:type.%{Acct-Status-Type}}"

Expand Down Expand Up @@ -322,6 +321,7 @@ ldap {
}
}

#
# LDAP connection-specific options.
#
# These options set timeouts, keep-alives, etc. for the connections.
Expand All @@ -336,29 +336,28 @@ ldap {
chase_referrals = yes
rebind = yes

# seconds to wait for LDAP query to finish. default: 20
# Seconds to wait for LDAP query to finish. default: 20
timeout = 10

# seconds LDAP server has to process the query (server-side
# Seconds LDAP server has to process the query (server-side
# time limit). default: 20
#
# LDAP_OPT_TIMELIMIT is set to this value.
timelimit = 3

#
# seconds to wait for response of the server. (network
# failures) default: 10
# Seconds to wait for response of the server. (network
# failures) default: 10
#
# LDAP_OPT_NETWORK_TIMEOUT is set to this value.
net_timeout = 1

# LDAP_OPT_X_KEEPALIVE_IDLE
# LDAP_OPT_X_KEEPALIVE_IDLE
idle = 60

# LDAP_OPT_X_KEEPALIVE_PROBES
# LDAP_OPT_X_KEEPALIVE_PROBES
probes = 3

# LDAP_OPT_X_KEEPALIVE_INTERVAL
# LDAP_OPT_X_KEEPALIVE_INTERVAL
interval = 3

# ldap_debug: debug flag for LDAP SDK
Expand Down Expand Up @@ -415,56 +414,54 @@ ldap {
# The connection pool is new for 3.0, and will be used in many
# modules, for all kinds of connection-related activity.
#
# When the server is not threaded, the connection pool
# limits are ignored, and only one connection is used.
#
# When the server is not threaded, the connection pool
# limits are ignored, and only one connection is used.
pool {
# Number of connections to start
# Number of connections to start
start = 5

# Minimum number of connections to keep open
# Minimum number of connections to keep open
min = 4

# Maximum number of connections
#
# If these connections are all in use and a new one
# is requested, the request will NOT get a connection.
# Maximum number of connections
#
# Setting 'max' to LESS than the number of threads means
# that some threads may starve, and you will see errors
# like "No connections available and at max connection limit"
# If these connections are all in use and a new one
# is requested, the request will NOT get a connection.
#
# Setting 'max' to MORE than the number of threads means
# that there are more connections than necessary.
# Setting 'max' to LESS than the number of threads means
# that some threads may starve, and you will see errors
# like "No connections available and at max connection limit"
#
# Setting 'max' to MORE than the number of threads means
# that there are more connections than necessary.
max = ${thread[pool].max_servers}

# Spare connections to be left idle
# Spare connections to be left idle
#
# NOTE: Idle connections WILL be closed if "idle_timeout"
# is set.
# NOTE: Idle connections WILL be closed if "idle_timeout"
# is set.
spare = 3

# Number of uses before the connection is closed
# Number of uses before the connection is closed
#
# 0 means "infinite"
# 0 means "infinite"
uses = 0

# The lifetime (in seconds) of the connection
# The lifetime (in seconds) of the connection
lifetime = 0

# idle timeout (in seconds). A connection which is
# unused for this length of time will be closed.
# Idle timeout (in seconds). A connection which is
# unused for this length of time will be closed.
idle_timeout = 60

# NOTE: All configuration settings are enforced. If a
# connection is closed because of "idle_timeout",
# "uses", or "lifetime", then the total number of
# connections MAY fall below "min". When that
# happens, it will open a new connection. It will
# also log a WARNING message.
# NOTE: All configuration settings are enforced. If a
# connection is closed because of "idle_timeout",
# "uses", or "lifetime", then the total number of
# connections MAY fall below "min". When that
# happens, it will open a new connection. It will
# also log a WARNING message.
#
# The solution is to either lower the "min" connections,
# or increase lifetime/idle_timeout.
# The solution is to either lower the "min" connections,
# or increase lifetime/idle_timeout.
}
}

0 comments on commit d2c44f7

Please sign in to comment.