<% ldap_server = "ldap-master.#{domain}" ldap_account = "cn=catdap-#{hostname},ou=System Accounts,#{dc_suffix}" %> organisation: Mageia apptitle: Mageia Identity Management emailfrom: noreply@<%= domain %> Model::Proxy: base: ou=People,<%= dc_suffix %> dn: <%= ldap_account %> password: <%= scope.lookupvar("catdap::ldap_password") %> Model::User: base: <%= dc_suffix %> host: <%= ldap_server %> start_tls: 1 authentication: default_realm: ldap realms: ldap: store: ldap_server: <%= ldap_server %> binddn: <%= ldap_account %> bindpw: <%= scope.lookupvar("catdap::ldap_password") %> user_basedn: ou=People,<%= dc_suffix %> role_basedn: <%= dc_suffix %> register: login_regex: ^[a-z][a-z0-9]*$ login_blacklist: - apache - mirror - bcd - iurt - schedbot - signbot - postmaster - hostmaster - abuse - noc - security - listmaster - MAILER-DAEMON - webmaster - www - treasurer - president - secretary - security email_domain_blacklist: - armyspy.com - codehot.co.uk - dayrep.com - guerrillamail.com - guerrillamail.info - guerrillamail.biz - guerrillamail.com - guerrillamail.de - guerrillamail.net - guerrillamail.org - guerrillamailblock.com - grr.la - jourrapide.com - namecheap.com - pokemail.net - rhyta.com - sharklasers.com - spam4.me - wowring.ru - yopmail.com - zasod.com - group.mageia.org - ml.mageia.org Controller::User: editable_attrs: - cn - sn - givenName - mobile - mailForwardingAddress - preferredLanguage - loginShell uneditable_attrs: - uid - uidNumber - gidNumber - homeDirectory - mail - sshPublicKey skip_attrs: - objectClass - krb5Key - sambaMungedDial - sambaPasswordHistory - userPassword - sambaLMPassword - sambaNTPassword - sambaPwdMustChange - sambaSID - sambaPrimaryGroupSID - sambaAcctFlags - sambaPwdCanChange - sambaPwdLastSet - sambaKickOffTime - sambaUserWorkstations - sambaLogonTime - krb5KeyVersionNumber - krb5PasswordEnd - krb5MaxLife - krb5MaxRenew - krb5KDCFlags - shadowLastChange - roomNumber - secretary