KOLAB_META_START TARGET=/etc/openldap/slapd.conf PERMISSIONS=0640 OWNERSHIP=root:ldap KOLAB_META_END # (c) 2003 Tassilo Erlewein <tassilo.erlewein@erfrakon.de> # (c) 2003-2007 Martin Konold <martin.konold@erfrakon.de> # (c) 2003 Achim Frank <achim.frank@erfrakon.de> # This program is Free Software under the GNU General Public License (>=v2). # Read the file COPYING that comes with this packages for details. # this file is automatically written by the Kolab config backend and should have the # file mode 0640 # manual additions are lost unless made to the template in the Kolab config directory # the template is /etc/kolab/templates/slapd.conf.template include /usr/share/openldap/schema/core.schema include /usr/share/openldap/schema/cosine.schema include /usr/share/openldap/schema/inetorgperson.schema include /etc/openldap/schema/rfc2739.schema include /etc/openldap/schema/kolab2.schema #include /etc/openldap/schema/horde.schema include /etc/openldap/slapd.access access to * by self write by group/kolabGroupOfNames="cn=admin,cn=internal,@@@base_dn@@@" write by group/kolabGroupOfNames="cn=maintainer,cn=internal,@@@base_dn@@@" write by * read stop pidfile /var/run/ldap/slapd.pid replica-pidfile /var/run/ldap/slurpd.pid argsfile /var/run/ldap/slapd.args replicationinterval 5 #schemacheck on modulepath /usr/lib64/openldap moduleload back_monitor.la TLSCertificateFile /etc/kolab/cert.pem TLSCertificateKeyFile /etc/kolab/key.pem rootDSE /etc/kolab/rootDSE.ldif defaultsearchbase "@@@base_dn@@@" #require none allow bind_v2 loglevel 0 database bdb suffix "@@@base_dn@@@" cachesize 10000 checkpoint 512 5 idlcachesize 10000 idletimeout 80 # The value can be increased if some clients develop problems. # Please report to kolab-devel@kolab.org if you encounter such a client. dirtyread directory /var/lib/ldap-kolab rootdn "@@@bind_dn@@@" rootpw "@@@bind_pw_hash@@@" replogfile /var/lib/ldap-kolab/replog replica uri=ldap://127.0.0.1:9999 binddn="cn=replicator" bindmethod=simple credentials=secret #### Using overlays to improve data consistency # Ensure that we never get dangling member attributes # Checked on rename and delete moduleload refint.la overlay refint refint_attributes member # The mail and the uid attribute must be unique. moduleload unique.la overlay unique unique_attributes mail uid index objectClass pres,eq index uid approx,sub,pres,eq index mail approx,sub,pres,eq index alias approx,sub,pres,eq index cn approx,sub,pres,eq index sn approx,sub,pres,eq index givenName approx,sub,pres,eq index kolabDelegate approx,sub,pres,eq index kolabHomeServer pres,eq index kolabDeleteflag pres,eq index member pres,eq access to dn="@@@base_dn@@@" attrs=children by group/kolabGroupOfNames="cn=admin,cn=internal,@@@base_dn@@@" write by group/kolabGroupOfNames="cn=maintainer,cn=internal,@@@base_dn@@@" write by group/kolabGroupOfNames="cn=domain-maintainer,cn=internal,@@@base_dn@@@" write access to dn="cn=internal,@@@base_dn@@@" attrs=children by group/kolabGroupOfNames="cn=admin,cn=internal,@@@base_dn@@@" write by group/kolabGroupOfNames="cn=maintainer,cn=internal,@@@base_dn@@@" write by group/kolabGroupOfNames="cn=domain-maintainer,cn=internal,@@@base_dn@@@" write access to dn.subtree="@@@base_dn@@@" attrs=userPassword by group/kolabGroupOfNames="cn=admin,cn=internal,@@@base_dn@@@" =wx by group/kolabGroupOfNames="cn=maintainer,cn=internal,@@@base_dn@@@" =wx by self =wx by anonymous =x by * none stop access to dn.subtree="@@@base_dn@@@" attrs=mail by group/kolabGroupOfNames="cn=admin,cn=internal,@@@base_dn@@@" write by group/kolabGroupOfNames="cn=maintainer,cn=internal,@@@base_dn@@@" write by * read stop access to dn.subtree="@@@base_dn@@@" attrs=alias by group/kolabGroupOfNames="cn=admin,cn=internal,@@@base_dn@@@" write by group/kolabGroupOfNames="cn=maintainer,cn=internal,@@@base_dn@@@" write by * read stop access to dn.subtree="@@@base_dn@@@" attrs=uid by group/kolabGroupOfNames="cn=admin,cn=internal,@@@base_dn@@@" write by group/kolabGroupOfNames="cn=maintainer,cn=internal,@@@base_dn@@@" write by * read stop access to dn.subtree="@@@base_dn@@@" attrs=cyrus-userquota by group/kolabGroupOfNames="cn=admin,cn=internal,@@@base_dn@@@" write by group/kolabGroupOfNames="cn=maintainer,cn=internal,@@@base_dn@@@" write by self read stop access to dn.subtree="@@@base_dn@@@" attrs=kolabHomeServer by group/kolabGroupOfNames="cn=admin,cn=internal,@@@base_dn@@@" write by group/kolabGroupOfNames="cn=maintainer,cn=internal,@@@base_dn@@@" write by * read stop access to dn.subtree="@@@base_dn@@@" attrs=kolabHomeMTA by group/kolabGroupOfNames="cn=admin,cn=internal,@@@base_dn@@@" write by group/kolabGroupOfNames="cn=maintainer,cn=internal,@@@base_dn@@@" write by * read stop access to dn="cn=nobody,@@@base_dn@@@" by anonymous auth stop access to dn="cn=manager,cn=internal,@@@base_dn@@@" by dn="cn=nobody,cn=internal,@@@base_dn@@@" read by self write by anonymous auth stop access to dn="cn=admin,cn=internal,@@@base_dn@@@" by group/kolabGroupOfNames="cn=admin,cn=internal,@@@base_dn@@@" write by dn="cn=nobody,cn=internal,@@@base_dn@@@" read by self write by anonymous auth stop access to dn="cn=maintainer,cn=internal,@@@base_dn@@@" by group/kolabGroupOfNames="cn=admin,cn=internal,@@@base_dn@@@" write by group/kolabGroupOfNames="cn=maintainer,cn=internal,@@@base_dn@@@" read by dn="cn=nobody,cn=internal,@@@base_dn@@@" read by self write by anonymous auth stop access to dn.regex="(.*,)?cn=internal,@@@base_dn@@@" by group/kolabGroupOfNames="cn=admin,cn=internal,@@@base_dn@@@" write by group/kolabGroupOfNames="cn=maintainer,cn=internal,@@@base_dn@@@" write by self write by dn="cn=nobody,cn=internal,@@@base_dn@@@" read by anonymous auth stop access to dn.regex="(.*,)?cn=external,@@@base_dn@@@" by group/kolabGroupOfNames="cn=admin,cn=internal,@@@base_dn@@@" write by group/kolabGroupOfNames="cn=maintainer,cn=internal,@@@base_dn@@@" write by * read stop access to dn="cn=external,@@@base_dn@@@" by dn="cn=nobody,cn=internal,@@@base_dn@@@" read by * search stop access to dn="cn=internal,@@@base_dn@@@" by dn="cn=nobody,cn=internal,@@@base_dn@@@" read by * search stop access to dn="k=kolab,@@@base_dn@@@" by group/kolabGroupOfNames="cn=admin,cn=internal,@@@base_dn@@@" write by group/kolabGroupOfNames="cn=maintainer,cn=internal,@@@base_dn@@@" read by group/kolabGroupOfNames="cn=domain-maintainer,cn=internal,@@@base_dn@@@" read by dn="cn=nobody,cn=internal,@@@base_dn@@@" read by * none stop include /etc/openldap/slapd.replicas database monitor access to dn.subtree="cn=Monitor" by group/kolabGroupOfNames="cn=admin,cn=internal,@@@base_dn@@@" write by * none stop