95 lines
2.2 KiB
Plaintext
95 lines
2.2 KiB
Plaintext
# Configuration file for OpenSC / scldap
|
|
# Example configuration file
|
|
|
|
ldap example {
|
|
# Hostname for LDAP server (required)
|
|
ldaphost = "ldap.foobar.tld";
|
|
# Port for LDAP server
|
|
ldapport = 389;
|
|
# Scope for ldap search
|
|
# 0 = LDAP_SCOPE_BASE
|
|
# 1 = LDAP_SCOPE_ONELEVEL
|
|
# 2 = LDAP_SCOPE_SUBTREE
|
|
scope = 2;
|
|
# Use the Distinguished Name to
|
|
# bind to the LDAP directory
|
|
binddn = "cn=public,dc=cc,dc=foobar,dc=tld";
|
|
# Use passwd as the password for simple authentication
|
|
passwd = "bazfoo";
|
|
# Use base as the starting point for the
|
|
# search instead of the default
|
|
base = "dc=foobar,dc=tld";
|
|
# Search attribute(s)
|
|
attributes = "cert", "user";
|
|
# Search filter. (required)
|
|
# formatted searches like (user=%s) are accepted
|
|
filter = "(identifier=foobarAuthority)";
|
|
}
|
|
|
|
# Test cards
|
|
card "FINEID S4-1-1", "VRK-FINSIGN" {
|
|
ldap "auth certificate" {
|
|
ldaphost = ldap.example.com;
|
|
ldapport = 389;
|
|
scope = 2;
|
|
base = "dc=example,dc=com";
|
|
attributes = userCertificate;
|
|
filter = "(uniqueIdentifier=%s)";
|
|
}
|
|
ldap crl {
|
|
# unnecessary, data for crl is usually generated from
|
|
# auth cert's crlDistributionPoints
|
|
ldaphost = ldap.example.com;
|
|
ldapport = 389;
|
|
scope = 2;
|
|
base = "dc=example,dc=com";
|
|
}
|
|
ldap "ca certificate" {
|
|
ldaphost = ldap.example.com;
|
|
ldapport = 389;
|
|
scope = 2;
|
|
base = "dc=example,dc=com";
|
|
attributes = cACertificate;
|
|
filter = "(objectClass=fineidCertificationAuthority)";
|
|
}
|
|
ldap "approx base" {
|
|
ldaphost = ldap.example.com;
|
|
ldapport = 389;
|
|
scope = 2;
|
|
base = "dc=example,dc=com";
|
|
}
|
|
}
|
|
|
|
card "FINEID S4-1", "VRK-FINSIGN" {
|
|
ldap "auth certificate" {
|
|
ldaphost = ldap.example.com;
|
|
ldapport = 389;
|
|
scope = 2;
|
|
base = "dc=example,dc=com";
|
|
attributes = userCertificate;
|
|
filter = "(uniqueIdentifier=%s)";
|
|
}
|
|
ldap crl {
|
|
# unnecessary, data for crl is usually generated from
|
|
# auth cert's crlDistributionPoints
|
|
ldaphost = ldap.example.com;
|
|
ldapport = 389;
|
|
scope = 2;
|
|
base = "dc=example,dc=com";
|
|
}
|
|
ldap "ca certificate" {
|
|
ldaphost = ldap.example.com;
|
|
ldapport = 389;
|
|
scope = 2;
|
|
base = "dc=example,dc=com";
|
|
attributes = cACertificate;
|
|
filter = "(objectClass=fineidCertificationAuthority)";
|
|
}
|
|
ldap "approx base" {
|
|
ldaphost = ldap.example.com;
|
|
ldapport = 389;
|
|
scope = 2;
|
|
base = "dc=example,dc=com";
|
|
}
|
|
}
|