1 |
# slapd.conf template |
2 |
include /usr/share/openldap/schema/core.schema |
3 |
include /usr/share/openldap/schema/cosine.schema |
4 |
include /usr/share/openldap/schema/corba.schema |
5 |
include /usr/share/openldap/schema/inetorgperson.schema |
6 |
include /usr/share/openldap/schema/java.schema |
7 |
include /usr/share/openldap/schema/krb5-kdc.schema |
8 |
#include /usr/share/openldap/schema/kerberosobject.schema |
9 |
include /usr/share/openldap/schema/misc.schema |
10 |
include /usr/share/openldap/schema/nis.schema |
11 |
include /usr/share/openldap/schema/openldap.schema |
12 |
include /usr/share/openldap/schema/autofs.schema |
13 |
include /usr/share/openldap/schema/samba.schema |
14 |
include /usr/share/openldap/schema/kolab.schema |
15 |
include /usr/share/openldap/schema/evolutionperson.schema |
16 |
include /usr/share/openldap/schema/calendar.schema |
17 |
include /usr/share/openldap/schema/sudo.schema |
18 |
include /usr/share/openldap/schema/dnszone.schema |
19 |
include /usr/share/openldap/schema/dhcp.schema |
20 |
include /usr/share/openldap/schema/dyngroup.schema |
21 |
include /usr/share/openldap/schema/ppolicy.schema |
22 |
|
23 |
#include /etc/openldap/schema/local.schema |
24 |
|
25 |
pidfile /var/run/ldap/slapd.pid |
26 |
argsfile /var/run/ldap/slapd.args |
27 |
|
28 |
modulepath /usr/lib/openldap |
29 |
moduleload back_monitor.la |
30 |
moduleload syncprov.la |
31 |
moduleload ppolicy.la |
32 |
#moduleload refint.la |
33 |
|
34 |
TLSCertificateFile /etc/ssl/openldap/ldap.pem |
35 |
TLSCertificateKeyFile /etc/ssl/openldap/ldap.pem |
36 |
TLSCACertificateFile /etc/ssl/openldap/ldap.pem |
37 |
|
38 |
loglevel 256 |
39 |
|
40 |
database bdb |
41 |
suffix "dc=mageia,dc=org" |
42 |
directory /var/lib/ldap |
43 |
rootdn "cn=manager,dc=mageia,dc=org" |
44 |
|
45 |
checkpoint 256 5 |
46 |
# 32Mbytes, can hold about 10k posixAccount entries |
47 |
dbconfig set_cachesize 0 33554432 1 |
48 |
dbconfig set_lg_bsize 2097152 |
49 |
cachesize 1000 |
50 |
idlcachesize 3000 |
51 |
|
52 |
index objectClass eq |
53 |
index uidNumber,gidNumber,memberuid,member eq |
54 |
index uid eq,subinitial |
55 |
index cn,mail,surname,givenname eq,subinitial |
56 |
index sambaSID eq,sub |
57 |
index sambaDomainName,displayName,sambaGroupType eq |
58 |
index sambaSIDList eq |
59 |
index krb5PrincipalName eq |
60 |
index uniqueMember pres,eq |
61 |
index zoneName,relativeDomainName eq |
62 |
index sudouser eq,sub |
63 |
index entryCSN,entryUUID eq |
64 |
index dhcpHWAddress,dhcpClassData eq |
65 |
|
66 |
overlay syncprov |
67 |
syncprov-checkpoint 100 10 |
68 |
syncprov-sessionlog 100 |
69 |
|
70 |
overlay ppolicy |
71 |
ppolicy_default "cn=default,ou=Password Policies,dc=mageia,dc=org" |
72 |
ppolicy_hash_cleartext yes |
73 |
ppolicy_use_lockout yes |
74 |
|
75 |
|
76 |
# uncomment if you want to automatically update group |
77 |
# memberships when an user is removed from the tree |
78 |
# Also uncomment the refint.la moduleload above |
79 |
#overlay refint |
80 |
#refint_attributes member |
81 |
#refint_nothing "uid=LDAP Admin,ou=System Accounts,dc=example,dc=com" |
82 |
|
83 |
authz-regexp "gidNumber=0\\\+uidNumber=0,cn=peercred,cn=external,cn=auth" |
84 |
"uid=Account Admin,ou=System Accounts,dc=mageia,dc=org" |
85 |
authz-regexp ^uid=([^,]+),cn=[^,]+,cn=auth$ uid=$1,ou=People,dc=mageia,dc=org |
86 |
|
87 |
include /etc/openldap/mandriva-dit-access.conf |
88 |
|
89 |
|
90 |
database monitor |
91 |
access to dn.subtree="cn=Monitor" |
92 |
by group.exact="cn=LDAP Monitors,ou=System Groups,dc=mageia,dc=org" read |
93 |
by group.exact="cn=LDAP Admins,ou=System Groups,dc=mageia,dc=org" read |
94 |
by * none |
95 |
|