# This is the main slapd configuration file. See slapd.conf(5) for more # info on the configuration options. ####################################################################### # Global Directives: # Features to permit allow bind_v2 # Schema and objectClass definitions include /etc/ldap/schema/core.schema include /etc/ldap/schema/cosine.schema include /etc/ldap/schema/nis.schema include /etc/ldap/schema/inetorgperson.schema include /etc/ldap/schema/mmc.schema include /etc/ldap/schema/printer.schema include /etc/ldap/schema/samba.schema include /opt/open-xchange/share/openxchange.schema # Schema check allows for forcing entries to # match schemas for their objectClasses's schemacheck on # Where the pid file is put. The init.d script # will not stop the server if you change this. pidfile /var/run/slapd/slapd.pid # List of arguments that were passed to the server argsfile /var/run/slapd.args # Read slapd.conf(5) for possible values loglevel 0 # Where the dynamically loaded modules are stored modulepath /usr/lib/ldap moduleload back_bdb ####################################################################### # Specific Backend Directives for bdb: # Backend specific directives apply to this backend until another # 'backend' directive occurs backend bdb checkpoint 512 30 ####################################################################### # Specific Backend Directives for 'other': # Backend specific directives apply to this backend until another # 'backend' directive occurs #backend <other> ####################################################################### # Specific Directives for database #1, of type bdb: # Database specific directives apply to this databasse until another # 'database' directive occurs database bdb # The base of your directory in database #1 suffix "dc=mandriva,dc=com" # Where the database file are physically stored for database #1 directory "/var/lib/ldap" # Indexing options for database #1 index uid,mailEnabled,cn,sn,givenname,lnetMailAccess,alias,loginDestination eq,sub index objectClass eq # Save the time that the entry gets modified, for database #1 lastmod on # Where to store the replica logs for database #1 # replogfile /var/lib/ldap/replog # The userPassword by default can be changed # by the entry owning it if they are authenticated. # Others should not be able to see it, except the # admin entry below # These access lines apply to database #1 only access to attrs=userPassword by dn="cn=admin,dc=mandriva,dc=com" write by anonymous auth by self write by * none # Ensure read access to the base for things like # supportedSASLMechanisms. Without this you may # have problems with SASL not knowing what # mechanisms are available and the like. # Note that this is covered by the 'access to *' # ACL below too but if you change that as people # are wont to do you'll still need this if you # want SASL (and possible other things) to work # happily. access to dn.base="" by * read # For Netscape Roaming support, each user gets a roaming # profile for which they have write access to #access to dn=".*,ou=Roaming,o=morsnet" # by dn="cn=admin,dc=mandriva,dc=com" write # by dnattr=owner write access to dn.regex="ou=addr,uid=(.*),"ou=People,ou=OxObjects,dc=mandriva,dc=com"" attr=uid,objectClass,entry filter=(objectClass=OXUserObject) by dn.regex="uid=$1,"ou=People,ou=OxObjects,dc=mandriva,dc=com"" write by self write by dn="cn=admin,dc=mandriva,dc=com" write by * none access to dn.subtree="o=AddressBook,ou=OxObjects,dc=mandriva,dc=com" by group="cn=AddressAdmins,o=AddressBook,ou=OxObjects,dc=mandriva,dc=com" write by dn="cn=admin,dc=mandriva,dc=com" write by users read by * none access to * attr=uid,objectClass,entry filter=(objectClass=OXUserObject) by self write by dn="cn=admin,dc=mandriva,dc=com" write by * read access to dn="uid=mailadmin,ou=People,ou=OxObjects,dc=mandriva,dc=com" attr=imapServer,mailDomain,smtpServer,sn,givenName,uid by self write by dn="cn=admin,dc=mandriva,dc=com" write by users read access to dn="uid=mailadmin,ou=People,ou=OxObjects,dc=mandriva,dc=com" by self write by dn="cn=admin,dc=mandriva,dc=com" write by * none access to dn.regex="ou=addr,uid=(.*),"ou=People,ou=OxObjects,dc=mandriva,dc=com"" by dn.regex="uid=$1,"ou=People,ou=OxObjects,dc=mandriva,dc=com"" write by dn="cn=admin,dc=mandriva,dc=com" write by * none access to dn.subtree="ou=People,ou=OxObjects,dc=mandriva,dc=com" by self write by dn="cn=admin,dc=mandriva,dc=com" write by users read by anonymous auth access to dn="ou=OxObjects,dc=mandriva,dc=com" by dn="cn=admin,dc=mandriva,dc=com" write by users read by anonymous auth access to dn="dc=mandriva,dc=com" by dn="cn=admin,dc=mandriva,dc=com" write by dn="uid=*,ou=People,ou=OxObjects,dc=mandriva,dc=com" read # The admin dn has full write access, everyone else # can read everything. access to * by dn="cn=admin,dc=mandriva,dc=com" write by * read ####################################################################### # Specific Directives for database #2, of type 'other' (can be bdb too): # Database specific directives apply to this databasse until another # 'database' directive occurs #database <other> # The base of your directory for database #2 #suffix "dc=debian,dc=org"