# $OpenLDAP: pkg/ldap/servers/slapd/slapd.conf,v 1.8.8.6 2001/04/20 23:32:43 kurt Exp $ # # See slapd.conf(5) for details on configuration options. # This file should NOT be world readable. # # Modified by Christian Zoffoli <czoffoli@linux-mandrake.com> # Version 0.2 # include /usr/share/openldap/schema/core.schema include /usr/share/openldap/schema/cosine.schema include /usr/share/openldap/schema/corba.schema include /usr/share/openldap/schema/inetorgperson.schema include /usr/share/openldap/schema/java.schema include /usr/share/openldap/schema/krb5-kdc.schema include /usr/share/openldap/schema/kerberosobject.schema include /usr/share/openldap/schema/misc.schema include /usr/share/openldap/schema/nis.schema include /usr/share/openldap/schema/openldap.schema include /usr/share/openldap/schema/autofs.schema include /usr/share/openldap/schema/samba.schema include /usr/share/openldap/schema/kolab.schema include /usr/share/openldap/schema/evolutionperson.schema include /usr/share/openldap/schema/calendar.schema include /usr/share/openldap/schema/sudo.schema include /usr/share/openldap/schema/dnszone.schema include /usr/share/openldap/schema/dhcp.schema #include /usr/share/openldap/schema/rfc822-MailMember.schema #include /usr/share/openldap/schema/pilot.schema #include /usr/share/openldap/schema/qmail.schema #include /usr/share/openldap/schema/mull.schema #include /usr/share/openldap/schema/netscape-profile.schema #include /usr/share/openldap/schema/trust.schema include /etc/openldap/schema/local.schema # Define global ACLs to disable default read access and provide default # behaviour for samba/pam use include /etc/openldap/slapd.access.conf # Provide write access to replicators, and cover access to any other # attributes (default anonymous read access may be undesirable) access to dn.subtree="dc=example,dc=com" by group="cn=Replicator,ou=Group,dc=example,dc=com" by users read by anonymous read # Replicas running syncrepl as non-rootdn need unrestricted size/time limits: limits group="cn=Replicator,ou=Group,dc=example,dc=com" size=unlimited time=unlimited # Do not enable referrals until AFTER you have a working directory # service AND an understanding of referrals. #referral ldap://root.openldap.org pidfile /var/run/ldap/slapd.pid argsfile /var/run/ldap/slapd.args modulepath /usr/lib/openldap # database backend modules available: #moduleload back_dnssrv.la #moduleload back_ldap.la #moduleload back_meta.la #moduleload back_monitor.la #moduleload back_passwd.la #moduleload back_sql.la # overlay modules available: #moduleload accesslog.la #moduleload denyop.la #moduleload dyngroup.la #moduleload dynlist.la #moduleload glue.la #moduleload lastmod.la #moduleload pcache.la #moduleload ppolicy.la #moduleload refint.la #moduleload retcode.la #moduleload rwm.la #moduleload syncprov.la #moduleload translucent.la #moduleload unique.la #contrib overlays #moduleload smbk5pwd.so # SASL config #sasl-host ldap.example.com # To allow TLS-enabled connections, create /etc/ssl/openldap/ldap.pem # and uncomment the following lines. #TLSRandFile /dev/random #TLSCipherSuite HIGH:MEDIUM:+SSLv2 TLSCertificateFile /etc/ssl/openldap/ldap.pem TLSCertificateKeyFile /etc/ssl/openldap/ldap.pem #TLSCACertificatePath /etc/ssl/openldap/ #TLSCACertificateFile /etc/ssl/cacert.pem TLSCACertificateFile /etc/ssl/openldap/ldap.pem #TLSVerifyClient never # ([never]|allow|try|demand) # logging #loglevel 256 ####################################################################### # database definitions ####################################################################### database bdb suffix "dc=example,dc=com" #suffix "o=My Organization Name,c=US" rootdn "cn=Manager,dc=example,dc=com" #rootdn "cn=Manager,o=My Organization Name,c=US" # Cleartext passwords, especially for the rootdn, should # be avoided. See slappasswd(8) and slapd.conf(5) for details. # Use of strong authentication encouraged. # rootpw secret # rootpw {crypt}ijFYNcSNctBYg # The database directory MUST exist prior to running slapd AND # should only be accessable by the slapd/tools. Mode 700 recommended. directory /var/lib/ldap # Tuning settings, please see the man page for slapd-bdb for more information # as well as the DB_CONFIG file in the database directory # commented entries are at their defaults # In-memory cache size in entries #cachesize 1000 # Checkpoint the bdb database after 256kb of writes or 5 minutes have passed # since the last checkpoint checkpoint 256 5 # Indices to maintain #index objectClass eq index objectClass,uid,uidNumber,gidNumber,memberuid eq index cn,mail,surname,givenname eq,subinitial # samba searches on sid #index sambaSID eq # Basic ACL (deprecated in favour of ACLs in /etc/openldap/slapd.access.conf) #access to attr=userPassword # by self write # by anonymous auth # by dn="uid=root,ou=People,dc=example,dc=com" write # by * none #access to * # by dn="uid=root,ou=People,dc=example,dc=com" write # by * read # ACL ensuring replicator has write access #access to * # by group="cn=Replicator,ou=Group,dc=example,dc=com" write # by * read # Replica configuration (if this server is a slave) #updatedn "cn=ldap-master.example.com,ou=Hosts,dc=example,dc=com" #updateref "ldap://ldap-master.example.com" # Replication configuration (if this server is a master) #replica host=ldap-slave1.example.com:389 # binddn="cn=ldap-master.example.com,ou=Hosts,dc=example,dc=com" # bindmethod=simple credentials="mypassword" # Uncomment to enable statistics gathering at basedn cn=monitor (load monitor # module above too) #database monitor