1 config.ldap = {

2 hosts = {

3 {

4 { uri = "ldap://192.168.1.1", tls = true, timeout = 5 },

5 { uri = "ldap://192.168.1.2", tls = true, timeout = 5 },

6 },

7 { uri = "ldap://192.168.1.3", tls = true, timeout = 5 },

8 },

9 base = "dc=example,dc=org",

10 bind_as = { dn = "cn=admin,dc=example,dc=org", password = "secure" },

11 member = {

12 registration = "auto",

13 scope = "subtree",

14 login_normalizer = function (login)

15 return login:lower()

16 end,

17 login_filter_map = function (login)

18 return "(uid=" .. ldap.escape_filter(login) .. ")"

19 end,

20 login_map = function (ldap_entry)

21 return ldap_entry.uid[1]

22 end,

23 uid_filter_map = function (uid)

24 return "(uidNumber=" .. ldap.escape_filter(uid) .. ")"

25 end,

26 uid_map = function (ldap_entry)

27 return ldap_entry.uidNumber[1]

28 end,

29 fetch_attr = { "uid", "uidNumber", "givenName", "sn", "displayName", "memberof" },

30 attr_map = function (ldap_entry, member)

31 member.identification = ldap_entry.givenName[1] .. " " .. ldap_entry.sn[1]

32 member.name = ldap_entry.displayName[1]

33 end,

34 privilege_map = function (ldap_entry, member)

35 local privileges

36 if ldap_entry.dn:match("ou=people,dc=example,dc=org") then

37 privileges = {

38 { unit_id = 1, voting_right = true, polling_right = true },

39 { unit_id = 2, voting_right = true, polling_right = false },

40 { unit_id = 3, voting_right = false, polling_right = true }

41 }

42 elseif ldap_entry.dn:match("ou=employees,dc=example,dc=org$") then

43 privileges = {

44 { unit_id = 1, voting_right = false, polling_right = true },

45 { unit_id = 2, voting_right = false, polling_right = true },

46 { unit_id = 3, voting_right = true, polling_right = false }

47 }

48 elseif ldap_entry.dn:match("ou=member,dc=example,dc=org$") then

49 privileges = {

50 { unit_id = 1, voting_right = true, polling_right = false }

51 }

52 end

53 return privileges

54 end,

55 cache_passwords = true,

56 locked_profile_fields = { name = true }

57 }

58 }

59