-
Notifications
You must be signed in to change notification settings - Fork 1
/
splat.conf
265 lines (239 loc) · 8.28 KB
/
splat.conf
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
195
196
197
198
199
200
201
202
203
204
205
206
207
208
209
210
211
212
213
214
215
216
217
218
219
220
221
222
223
224
225
226
227
228
229
230
231
232
233
234
235
236
237
238
239
240
241
242
243
244
245
246
247
248
249
250
251
252
253
254
255
256
257
258
259
260
261
262
263
264
265
<LDAP>
# The LDAP Server configuration.
# URI of the server(s)
URI ldaps://ldap1.example.com
# The default search base for the server
BaseDN dc=example,dc=com
# The distinguished name to use to bind to the LDAP directory
# Both the BindDN and Password may be omitted, in which
# case an anonymous bind is made.
BindDN cn=Manager,dc=example,dc=com
# The password (may be in LDAP MD5/SHA1 form, generate using slappasswd)
Password {SSHA}0JjiKIXNxsrjzSRnFDDuJEM1wQLIMvv/
</LDAP>
<Logging>
# Log messages at level INFO or higher
Level info
# Log to syslog
<syslog>
Facility daemon
Address /var/run/log
</syslog>
# # Log messages to stdout
# <logfile>
# Path STDOUT
# </logfile>
</Logging>
<Service UserSSH>
# The helper module
Helper splat.helpers.sshPublicKeys
# The frequency at which the daemon will poll LDAP
Frequency 10m
# Helper-specific options. These are passed directly
# to the helper plugin.
<Option home>
# Only write keys to home directories in /home
Value /home
</Option>
<Option minuid>
# Do not write keys for users with a UID less than minuid
Value 1000
</Option>
<Option mingid>
# Do not write keys for users with a GID less than mingid
Value 1000
</Option>
# The base DN to use when searching for entries.
# Defaults to the LDAP BaseDN.
SearchBase ou=People,dc=example,dc=com
# The filer to use when searching for entries
SearchFilter (&(objectClass=sshAccount)(accountStatus=active))
# Group-specific options.
# Require that entries match one of the specified groups
RequireGroup yes
# Only the first matching group is used, and groups are evaluated in the
# order specified. Groups must store member DNs, which groupOfUniqueNames
# and groupOfNames object classes do. The posixGroup object class cannot be
# used because it stores member UIDs only.
<Group Administrators>
# The base DN to use when searching for groups
# Defaults to the LDAP BaseDN
SearchBase ou=Groups,dc=example,dc=com
# The filter to use when searching for groups
SearchFilter (&(objectClass=groupOfUniqueNames)(cn=administrators))
# LDAP attribute used to store member DNs. Defaults to uniqueMember.
MemberAttribute uniqueMember
</Group>
<Group Developers>
# The base DN to use when searching for groups
# Defaults to the LDAP BaseDN
SearchBase ou=Groups,dc=example,dc=com
# The filter to use when searching for groups
SearchFilter (&(objectClass=groupOfUniqueNames)(cn=developers))
# Limit developers to using svn, rooted in /export/svn/repos
<Option command>
Value /usr/local/bin/svnserve -t -r /export/svn/repos
</Option>
</Group>
</Service>
<Service MailForward>
# The helper module
Helper splat.helpers.mailForwardingAddress
# The frequency at which the daemon will poll LDAP
Frequency 10m
# Helper-specific options. These are passed directly
# to the helper plugin.
<Option home>
# Only write keys to home directories in /home
Value /home
</Option>
<Option minuid>
# Do not write keys for users with a UID less than minuid
Value 1000
</Option>
<Option mingid>
# Do not write keys for users with a GID less than mingid
Value 1000
</Option>
# The base DN to use when searching for entries.
# Defaults to the LDAP BaseDN.
SearchBase ou=People,dc=example,dc=com
# The filer to use when searching for entries
SearchFilter (&(objectClass=posixAccount)(accountStatus=active))
</Service>
<Service HomeDirectory>
# The helper module
Helper splat.helpers.homeDirectory
# The frequency at which the daemon will poll LDAP
Frequency 10m
# Helper-specific options. These are passed directly
# to the helper plugin.
<Option home>
# Only create home directories in /home
Value /home
</Option>
<Option minuid>
# Do not create directories for users with a UID less than minuid
Value 1000
</Option>
<Option mingid>
# Do not create directories for users with a GID less than mingid
Value 1000
</Option>
<Option skeldir>
# Skeletal home directory to copy files from. By default, created
# home directories are empty.
Value /usr/share/skel
</Option>
<Option postcreate>
# Script to execute post-homedir creation. Will be given the user's
# uid, gid, and home directory as arguments
Value /usr/local/libexec/splat-home-postcreate.sh
</Option>
# The base DN to use when searching for entries.
# Defaults to the LDAP BaseDN.
SearchBase ou=People,dc=example,dc=com
# The filer to use when searching for entries
SearchFilter (&(objectClass=posixAccount)(accountStatus=active))
</Service>
<Service purgeUser>
# The helper module
Helper splat.helpers.purgeUser
# The frequency at which the daemon will poll LDAP
Frequency 10m
# Helper-specific options. These are passed directly
# to the helper plugin.
<Option home>
# Only purge/archive users with home directories in home
Value /home
</Option>
<Option minuid>
# Do not purge users with a UID less than minuid
Value 1000
</Option>
<Option mingid>
# Do not purge users with a GID less than mingid
Value 1000
</Option>
<Option archivehomedir>
# Archive home directory before purging? Defaults to true.
Value true
</Option>
<Option purgehomedir>
# Actually purge home directory? Defaults to true.
Value true
</Option>
<Option purgehomearchive>
# Eventually purge archive made of home directory, too?
# Defaults to true.
Value true
</Option>
<Option archivedest>
# Where to place archives of home directories, if
# they are created. Defaults to /home.
Value /home
</Option>
<Option purgearchivewait>
# Number of days to wait after pendingPurge time before
# purging home archive, if purgehomearchive is set to
# true. Defaults to 14.
Value 14
</Option>
# The base DN to use when searching for entries.
# Defaults to the LDAP BaseDN.
SearchBase ou=People,dc=example,dc=com
# The filer to use when searching for entries
SearchFilter (&(objectClass=purgeableAccount)(accountStatus=disabled))
</Service>
<Service OpenNMS>
# The helper module
Helper splat.helpers.opennms
# The frequency at which the daemon will poll LDAP
Frequency 60m
# Helper-specific options. These are passed directly
# to the helper plugin.
<Option usersFile>
Value /usr/local/opennms/etc/users.xml
</Option>
<Option groupsFile>
Value /usr/local/opennms/etc/groups.xml
</Option>
<Option userNameAttribute>
Value uid
</Option>
<Option fullNameAttribute>
Value cn
</Option>
<Option emailAttribute>
Value mail
</Option>
<Option xmppAddressAttribute>
Value mail
</Option>
<Option commentsAttribute>
Value title
</Option>
<Option opennmsGroup>
Value Users
</Option>
# The base DN to use when searching for entries.
# Defaults to the LDAP BaseDN.
SearchBase ou=People,dc=example,dc=com
# The filer to use when searching for entries
SearchFilter (&(objectClass=sshAccount)(accountStatus=active))
# Group-specific options.
# Require that entries match one of the specified groups
RequireGroup no
# Only the first matching group is used, and groups are evaluated in the
# order specified.
<Group Administrators>
# The base DN to use when searching for groups
# Defaults to the LDAP BaseDN
SearchBase ou=Groups,dc=example,dc=com
# The filter to use when searching for groups
SearchFilter (&(objectClass=groupOfUniqueNames)(cn=administrators))
<Option opennmsGroup>
Value Administrators
</Option>
</Group>
</Service>