# $OpenLDAP: pkg/ldap/servers/slapd/slapd.conf,v 1.8.8.6 2001/04/20 23:32:43 kurt Exp $
#
# See slapd.conf(5) for details on configuration options.
# This file should NOT be world readable.
#
# Modified by Christian Zoffoli <czoffoli@linux-mandrake.com>
# Version 0.2
#
include /usr/share/openldap/schema/core.schema
include /usr/share/openldap/schema/cosine.schema
include /usr/share/openldap/schema/corba.schema
include /usr/share/openldap/schema/inetorgperson.schema
include /usr/share/openldap/schema/java.schema
include /usr/share/openldap/schema/krb5-kdc.schema
include /usr/share/openldap/schema/kerberosobject.schema
include /usr/share/openldap/schema/misc.schema
include /usr/share/openldap/schema/nis.schema
include /usr/share/openldap/schema/openldap.schema
include /usr/share/openldap/schema/autofs.schema
include /usr/share/openldap/schema/samba.schema
include /usr/share/openldap/schema/kolab.schema
include /usr/share/openldap/schema/evolutionperson.schema
include /usr/share/openldap/schema/calendar.schema
include /usr/share/openldap/schema/sudo.schema
include /usr/share/openldap/schema/dnszone.schema
include /usr/share/openldap/schema/dhcp.schema
#include /usr/share/openldap/schema/rfc822-MailMember.schema
#include /usr/share/openldap/schema/pilot.schema
#include /usr/share/openldap/schema/qmail.schema
#include /usr/share/openldap/schema/mull.schema
#include /usr/share/openldap/schema/netscape-profile.schema
#include /usr/share/openldap/schema/trust.schema
include /etc/openldap/schema/local.schema
# Define global ACLs to disable default read access and provide default
# behaviour for samba/pam use
include /etc/openldap/slapd.access.conf
# Provide write access to replicators, and cover access to any other
# attributes (default anonymous read access may be undesirable)
access to dn.subtree="dc=example,dc=com"
by group="cn=Replicator,ou=Group,dc=example,dc=com"
by users read
by anonymous read
# Do not enable referrals until AFTER you have a working directory
# service AND an understanding of referrals.
#referral ldap://root.openldap.org
pidfile /var/run/ldap/slapd.pid
argsfile /var/run/ldap/slapd.args
modulepath /usr/lib/openldap
# database backend modules available:
#moduleload back_dnssrv.la
#moduleload back_ldap.la
#moduleload back_meta.la
#moduleload back_monitor.la
#moduleload back_passwd.la
#moduleload back_sql.la
# overlay modules available:
#moduleload accesslog.la
#moduleload denyop.la
#moduleload dyngroup.la
#moduleload dynlist.la
#moduleload glue.la
#moduleload lastmod.la
#moduleload pcache.la
#moduleload ppolicy.la
#moduleload refint.la
#moduleload retcode.la
#moduleload rwm.la
#moduleload syncprov.la
#moduleload translucent.la
#moduleload unique.la
#contrib overlays
#moduleload smbk5pwd.so
# SASL config
#sasl-host ldap.example.com
# To allow TLS-enabled connections, create /etc/ssl/openldap/ldap.pem
# and uncomment the following lines.
#TLSRandFile /dev/random
#TLSCipherSuite HIGH:MEDIUM:+SSLv2
TLSCertificateFile /etc/pki/tls/private/ldap.pem
TLSCertificateKeyFile /etc/pki/tls/private/ldap.pem
#TLSCACertificatePath /etc/ssl/openldap/
#TLSCACertificateFile /etc/ssl/cacert.pem
TLSCACertificateFile /etc/pki/tls/private/ldap.pem
#TLSVerifyClient never # ([never]|allow|try|demand)
# logging
#loglevel 256
#######################################################################
# database definitions
#######################################################################
database bdb
suffix "dc=example,dc=com"
#suffix "o=My Organization Name,c=US"
rootdn "cn=Manager,dc=example,dc=com"
#rootdn "cn=Manager,o=My Organization Name,c=US"
# Cleartext passwords, especially for the rootdn, should
# be avoided. See slappasswd(8) and slapd.conf(5) for details.
# Use of strong authentication encouraged.
# rootpw secret
# rootpw {crypt}ijFYNcSNctBYg
# The database directory MUST exist prior to running slapd AND
# should only be accessable by the slapd/tools. Mode 700 recommended.
directory /var/lib/ldap
# Tuning settings, please see the man page for slapd-bdb for more information
# as well as the DB_CONFIG file in the database directory
# commented entries are at their defaults
# In-memory cache size in entries
#cachesize 1000
# Checkpoint the bdb database after 256kb of writes or 5 minutes have passed
# since the last checkpoint
checkpoint 256 5
# Indices to maintain
index objectClass eq
# persion-type searches
index cn,mail,surname,givenname eq,subinitial
# nss_ldap exact searches:
index uidNumber,gidNumber,memberuid,member,uniqueMember eq
# username completion via nss_ldap needs uid indexed sub:
index uid eq,subinitial
# samba:
index sambaSID,sambaDomainName,displayName eq
# autofs:
#index nisMapName eq
# bind sdb_ldap:
#index zoneName,relativeDomainName eq
# sudo
#index sudoUser eq
# syncprov
#index entryCSN,entryUUID eq
# Replicas running syncrepl as non-rootdn need unrestricted size/time limits:
limits group="cn=Replicator,ou=Group,dc=example,dc=com"
size=unlimited
time=unlimited
# Basic ACL (deprecated in favour of ACLs in /etc/openldap/slapd.access.conf)
#access to attr=userPassword
# by self write
# by anonymous auth
# by dn="uid=root,ou=People,dc=example,dc=com" write
# by * none
#access to *
# by dn="uid=root,ou=People,dc=example,dc=com" write
# by * read
# ACL ensuring replicator has write access
#access to *
# by group="cn=Replicator,ou=Group,dc=example,dc=com" write
# by * read
# Replica configuration (if this server is a slave)
#updatedn "cn=ldap-master.example.com,ou=Hosts,dc=example,dc=com"
#updateref "ldap://ldap-master.example.com"
# Replication configuration (if this server is a master)
#replica host=ldap-slave1.example.com:389
# binddn="cn=ldap-master.example.com,ou=Hosts,dc=example,dc=com"
# bindmethod=simple credentials="mypassword"
# Uncomment to enable statistics gathering at basedn cn=monitor (load monitor
# module above too)
#database monitor
