summaryrefslogblamecommitdiffstats
path: root/config/config.example
blob: 82468a16cb890ce8ee215179230f4f9f4d38373e (plain) (tree)
1
2
3
4
5
6
7
8
9
10
                                                              
                 
                                                       
                                                          
                      
             
                                                                                                                                  
                                       

                                                                                                                                                                                                      

                                                                                                           

                                                                                                                                

                                                                                          

                                                                                             





                                                                                         

                          
# Configure an ADS we proxy. hostname will be the section name
[dc0.example.com]
# bind DN towards this AD if client doesn't specify one
binddn=CN=blabla,OU=Foo,DC=public,DC=ads,DC=example,DC=com
# matching password...
bindpw=geheim
# search base to use (in case multiple ADs are configured this is used to identify which one the client actually wants to talk to)
base=DC=public,DC=ads,DC=example,DC=com
# optional: template for home directory mount point to pass to client. use %s as the users account name. only used if AD doesn't supply the homeDirectory attribute (or it doesn't contain a UNC path)
home=\\windows-server\users\%s
# Set this to use SSL when talking to the ADS. SSL is not enabled by default, so make sure your ADS has it.
fingerprint=76:EC:9D:18:99:0D:8F:E1:99:D2:07:09:48:DF:82:4F:28:47:32:14
# Alternatively, set a ca-certificate bundle file used for verification. This is loaded additionally to the system's default CAs
cabundle=/foo/bar.pem
# Optinally set remote port. Default is 3268 for plain connection, 636 for SSL connection.
port=6666
# don't map between AD and LDAP scheme - assume server has all the required fields and values
plainldap=true

# Configure the proxy)
[local]
# Local TCP port to listen on
port=1234
# For using SSL between client and proxy, set these. For plaintext, remove or comment out
cert=/my/cert.pem
privkey=/my/privatekey.pem