# This file is auto-generated.
# User changes will be destroyed the next time authconfig is run.
auth required /lib/security/$ISA/pam_env.so
auth sufficient /lib/security/$ISA/pam_unix.so likeauth nullok
auth sufficient /lib/security/$ISA/pam_ldap.so use_first_pass
auth required /lib/security/$ISA/pam_deny.so
account required /lib/security/$ISA/pam_unix.so broken_shadow
account sufficient /lib/security/$ISA/pam_succeed_if.so uid < 100 quiet
account [default=bad success=ok user_unknown=ignore] /lib/security/$ISA/pam_ldap.so
account required /lib/security/$ISA/pam_permit.so
password requisite /lib/security/$ISA/pam_cracklib.so retry=3
password sufficient /lib/security/$ISA/pam_unix.so nullok use_authtok md5 shadow
password sufficient /lib/security/$ISA/pam_ldap.so use_authtok
password required /lib/security/$ISA/pam_deny.so
session required /lib/security/$ISA/pam_limits.so
session required /lib/security/$ISA/pam_unix.so
session optional /lib/security/$ISA/pam_ldap.so
#NSSWITCH
passwd: compat ldap
group: compat ldap
hosts: files dns
networks: files dns
services: files ldap
protocols: files ldap
rpc: files
ethers: files
netmasks: files
netgroup: files ldap
publickey: files
bootparams: files
automount: files ldap
aliases: files
shadow: compat ldap
#/etc/ldap.conf
host 127.0.0.1
base dc=xxx,dc=com
# stored in /etc/ldap.secret (mode 600)
rootbinddn cn=nssldap,ou=DSA,dc=xxx,dc=com
nss_base_passwd ou=Users,dc=xxx,dc=com?one
nss_base_passwd ou=Computers,dc=xxx,dc=com?one
nss_base_shadow ou=Users,dc=xxx,dc=com?one
nss_base_group ou=Groups,dc=xxx,dc=com?one
pam_password md5
ssl no
