@!@
from univention.lib.misc import getLDAPServersCommaList
auth  = "auth optional pam_univentionmailcyrus.so"
auth += " ldap_host=%s" % getLDAPServersCommaList(configRegistry)
auth += " ldap_base=%s" % configRegistry.get("ldap/base")
auth += " from_attr=mailPrimaryAddress to_attr=uid"
auth += " binddn=%s " % configRegistry.get("ldap/hostdn")
auth += " pwfile=/etc/machine.secret"
auth += " ldap_port=%s" % configRegistry.get("ldap/server/port", "7389")
print(auth)
@!@
auth    sufficient    pam_ldap.so
auth    required      pam_krb5.so use_first_pass

account  sufficient   pam_unix.so
account  required     pam_ldap.so

