| rev | line source | 
| bsw@1656 | 1 config.ldap = { | 
| bsw@1656 | 2   hosts = { | 
| bsw@1656 | 3     { | 
| bsw@1656 | 4       { uri = "ldap://192.168.1.1", tls = true, timeout = 5 }, | 
| bsw@1656 | 5       { uri = "ldap://192.168.1.2", tls = true, timeout = 5 }, | 
| bsw@1656 | 6     }, | 
| bsw@1656 | 7     { uri = "ldap://192.168.1.3", tls = true, timeout = 5 }, | 
| bsw@1656 | 8   }, | 
| bsw@1656 | 9   base = "dc=example,dc=org", | 
| bsw@1656 | 10   bind_as = { dn = "cn=admin,dc=example,dc=org", password = "secure" }, | 
| bsw@1656 | 11   member = { | 
| bsw@1656 | 12     registration = "auto", | 
| bsw@1656 | 13     scope = "subtree", | 
| bsw@1656 | 14     login_normalizer = function (login) | 
| bsw@1656 | 15       return login:lower() | 
| bsw@1656 | 16     end, | 
| bsw@1656 | 17     login_filter_map = function (login) | 
| bsw@1656 | 18       return "(uid=" .. ldap.escape_filter(login) .. ")" | 
| bsw@1656 | 19     end, | 
| bsw@1656 | 20     login_map = function (ldap_entry) | 
| bsw@1656 | 21       return ldap_entry.uid[1] | 
| bsw@1656 | 22     end, | 
| bsw@1656 | 23     uid_filter_map = function (uid) | 
| bsw@1656 | 24       return "(uidNumber=" .. ldap.escape_filter(uid) .. ")" | 
| bsw@1656 | 25     end, | 
| bsw@1656 | 26     uid_map = function (ldap_entry) | 
| bsw@1656 | 27       return ldap_entry.uidNumber[1] | 
| bsw@1656 | 28     end, | 
| bsw@1656 | 29     fetch_attr = { "uid", "uidNumber", "givenName", "sn", "displayName", "memberof" }, | 
| bsw@1656 | 30     attr_map = function (ldap_entry, member) | 
| bsw@1656 | 31       member.identification = ldap_entry.givenName[1] .. " " .. ldap_entry.sn[1] | 
| bsw@1656 | 32       member.name = ldap_entry.displayName[1] | 
| bsw@1656 | 33     end, | 
| bsw@1656 | 34     privilege_map = function (ldap_entry, member) | 
| bsw@1656 | 35       local privileges | 
| bsw@1656 | 36       if ldap_entry.dn:match("ou=people,dc=example,dc=org") then | 
| bsw@1656 | 37         privileges = { | 
| bsw@1656 | 38           { unit_id = 1, voting_right = true, polling_right = true }, | 
| bsw@1656 | 39           { unit_id = 2, voting_right = true, polling_right = false }, | 
| bsw@1656 | 40           { unit_id = 3, voting_right = false, polling_right = true } | 
| bsw@1656 | 41         } | 
| bsw@1656 | 42       elseif ldap_entry.dn:match("ou=employees,dc=example,dc=org$") then | 
| bsw@1656 | 43         privileges = { | 
| bsw@1656 | 44           { unit_id = 1, voting_right = false, polling_right = true }, | 
| bsw@1656 | 45           { unit_id = 2, voting_right = false, polling_right = true }, | 
| bsw@1656 | 46           { unit_id = 3, voting_right = true, polling_right = false } | 
| bsw@1656 | 47         } | 
| bsw@1656 | 48       elseif ldap_entry.dn:match("ou=member,dc=example,dc=org$") then | 
| bsw@1656 | 49         privileges = { | 
| bsw@1656 | 50           { unit_id = 1, voting_right = true, polling_right = false } | 
| bsw@1656 | 51         } | 
| bsw@1656 | 52       end | 
| bsw@1656 | 53       return privileges | 
| bsw@1656 | 54     end, | 
| bsw@1656 | 55     cache_passwords = true, | 
| bsw@1656 | 56     locked_profile_fields = { name = true } | 
| bsw@1656 | 57   } | 
| bsw@1656 | 58 } | 
| bsw@1656 | 59 |