X-Git-Url: https://git.adam-barratt.org.uk/?a=blobdiff_plain;f=userdir-ldap.conf;h=3c45fe343c0235d9d7f41e1c6b469a6d7591d2d2;hb=9395775f2c5f320feb64a27811db0c0945c9c5c9;hp=090ac5a68ad7796a53d05a85a5c34e8130f12ce3;hpb=a599d46c4f33a68d1033bba48060089749ec5e0d;p=mirror%2Fuserdir-ldap.git diff --git a/userdir-ldap.conf b/userdir-ldap.conf index 090ac5a..3c45fe3 100644 --- a/userdir-ldap.conf +++ b/userdir-ldap.conf @@ -4,10 +4,11 @@ # host from which to rsync the information (the one running ud-generate) synchost = "db"; # hosts on which to use a local path to get the data (used as a shell glob later) -localsyncon = "*samosa*"; +localsyncon = "*draghi*"; # Basic LDAP configuration ldaphost = "db.debian.org"; +usessl = True; basedn = "ou=users,dc=debian,dc=org"; hostbasedn = "ou=hosts,dc=debian,dc=org"; adminuser = "admin"; @@ -15,6 +16,9 @@ adminuser = "admin"; # Printable email addresses are shown as: 'cn mn sn ' emailappend = "debian.org"; +# Domain for hosts, defaults to emailappend if not present +#hostdomain = "debian.org" + # For the mail interface maildomain = "db.debian.org"; replyto = "admin@" + maildomain; @@ -26,6 +30,9 @@ replaycachefile = "/var/cache/userdir-ldap/mail/replay"; #replaycachefile = "/tmp/replay"; fingerprintfile = "/etc/userdir-ldap/badfingerprints" +# do we have a debian-private like list that we should ask about in ud-useradd +haveprivatelist = True; + # Echelon ech_errorlog = "/org/db.debian.org/mail/Log/ech-errors.log" ech_mainlog = "/org/db.debian.org/mail/Log/ech.log" @@ -34,20 +41,20 @@ ech_mainlog = "/org/db.debian.org/mail/Log/ech.log" defaultgid = 800; # For the output generator -generateconf = "/etc/userdir-ldap/generate.conf" generatedir = "/var/cache/userdir-ldap/hosts/"; -singlesshfile = True -multiplesshfiles = False passdir = "/etc/userdir-ldap/"; +allowedgroupspreload = "adm"; +homeprefix = "/home/"; # GPG Things gpg = "/usr/bin/gpg"; # The whole set of all keyrings -keyrings = "/org/keyring.debian.org/keyrings/debian-keyring.gpg:/org/keyring.debian.org/keyrings/debian-keyring.pgp:/org/keyring.debian.org/keyrings/removed-keys.gpg:/org/keyring.debian.org/keyrings/removed-keys.pgp:/home/jgg/keys/extrakeys.gpg:/home/jgg/keys/guest-keys.gpg"; +keyrings = "/org/keyring.debian.org/keyrings/debian-keyring.gpg:/org/keyring.debian.org/keyrings/removed-keys.gpg:/srv/db.debian.org/keyring-guest/guest-keyring/debian-guest.gpg:/org/keyring.debian.org/keyrings/debian-maintainers.gpg" # Keyrings synced to other machines, if they need them -sync_keyrings = "/org/keyring.debian.org/keyrings/debian-keyring.gpg:/org/keyring.debian.org/keyrings/debian-keyring.pgp"; +sync_keyrings = "/org/keyring.debian.org/keyrings/debian-keyring.gpg:/org/keyring.debian.org/keyrings/debian-maintainers.gpg" # Keyrings used to search in when new developers get added -add_keyrings = "/org/keyring.debian.org/keyrings/debian-keyring.gpg"; +add_keyrings = "/org/keyring.debian.org/keyrings/debian-keyring.gpg" +add_keyrings_guest = "/org/keyring.debian.org/keyrings/debian-maintainers.gpg:/srv/db.debian.org/keyring-guest/guest-keyring/debian-guest.gpg" # For the WEB interface webloginhtml = "login.html"; @@ -74,3 +81,6 @@ countrylist = "/var/www/userdir-ldap/domains.tab"; # Finger daemon settings # use_inetd = 1; + +# only create sshfp and A records for hostnames matching this: +dns_hostmatch = "[a-zA-Z0-9\.]+\.debian\.org$"