| 1 |
# slapd.conf template |
| 2 |
include /usr/share/openldap/schema/core.schema |
| 3 |
include /usr/share/openldap/schema/cosine.schema |
| 4 |
include /usr/share/openldap/schema/corba.schema |
| 5 |
include /usr/share/openldap/schema/inetorgperson.schema |
| 6 |
include /usr/share/openldap/schema/java.schema |
| 7 |
include /usr/share/openldap/schema/krb5-kdc.schema |
| 8 |
#include /usr/share/openldap/schema/kerberosobject.schema |
| 9 |
include /usr/share/openldap/schema/misc.schema |
| 10 |
include /usr/share/openldap/schema/rfc2307bis.schema |
| 11 |
include /usr/share/openldap/schema/openldap.schema |
| 12 |
#include /usr/share/openldap/schema/autofs.schema |
| 13 |
include /usr/share/openldap/schema/samba.schema |
| 14 |
include /usr/share/openldap/schema/kolab.schema |
| 15 |
include /usr/share/openldap/schema/evolutionperson.schema |
| 16 |
include /usr/share/openldap/schema/calendar.schema |
| 17 |
include /usr/share/openldap/schema/sudo.schema |
| 18 |
include /usr/share/openldap/schema/dnszone.schema |
| 19 |
include /usr/share/openldap/schema/dhcp.schema |
| 20 |
include /usr/share/openldap/schema/dyngroup.schema |
| 21 |
include /usr/share/openldap/schema/ppolicy.schema |
| 22 |
include /usr/share/openldap/schema/openssh-lpk_openldap.schema |
| 23 |
|
| 24 |
#include /etc/openldap/schema/local.schema |
| 25 |
|
| 26 |
pidfile /var/run/ldap/slapd.pid |
| 27 |
argsfile /var/run/ldap/slapd.args |
| 28 |
|
| 29 |
modulepath <%= lib_dir %>/openldap |
| 30 |
moduleload back_monitor.la |
| 31 |
moduleload syncprov.la |
| 32 |
moduleload ppolicy.la |
| 33 |
#moduleload refint.la |
| 34 |
|
| 35 |
TLSCertificateFile /etc/ssl/openldap/ldap.pem |
| 36 |
TLSCertificateKeyFile /etc/ssl/openldap/ldap.pem |
| 37 |
TLSCACertificateFile /etc/ssl/openldap/ldap.pem |
| 38 |
|
| 39 |
# Give ldapi connection some security |
| 40 |
localSSF 56 |
| 41 |
# Require at least this security, so we allow: |
| 42 |
# ldapi |
| 43 |
# ldap+start_tls |
| 44 |
# ldaps |
| 45 |
security ssf=56 |
| 46 |
|
| 47 |
loglevel 256 |
| 48 |
|
| 49 |
database bdb |
| 50 |
suffix "<%= dc_suffix %>" |
| 51 |
directory /var/lib/ldap |
| 52 |
rootdn "cn=manager,<%= dc_suffix %>" |
| 53 |
|
| 54 |
checkpoint 256 5 |
| 55 |
# 32Mbytes, can hold about 10k posixAccount entries |
| 56 |
dbconfig set_cachesize 0 33554432 1 |
| 57 |
dbconfig set_lg_bsize 2097152 |
| 58 |
cachesize 1000 |
| 59 |
idlcachesize 3000 |
| 60 |
|
| 61 |
index objectClass eq |
| 62 |
index uidNumber,gidNumber,memberuid,member eq |
| 63 |
index uid eq,subinitial |
| 64 |
index cn,mail,surname,givenname eq,subinitial |
| 65 |
index sambaSID eq,sub |
| 66 |
index sambaDomainName,displayName,sambaGroupType eq |
| 67 |
index sambaSIDList eq |
| 68 |
index krb5PrincipalName eq |
| 69 |
index uniqueMember pres,eq |
| 70 |
index zoneName,relativeDomainName eq |
| 71 |
index sudouser eq,sub |
| 72 |
index entryCSN,entryUUID eq |
| 73 |
index dhcpHWAddress,dhcpClassData eq |
| 74 |
|
| 75 |
overlay syncprov |
| 76 |
syncprov-checkpoint 100 10 |
| 77 |
syncprov-sessionlog 100 |
| 78 |
|
| 79 |
overlay ppolicy |
| 80 |
ppolicy_default "cn=default,ou=Password Policies,<%= dc_suffix %>" |
| 81 |
ppolicy_hash_cleartext yes |
| 82 |
ppolicy_use_lockout yes |
| 83 |
|
| 84 |
|
| 85 |
# uncomment if you want to automatically update group |
| 86 |
# memberships when an user is removed from the tree |
| 87 |
# Also uncomment the refint.la moduleload above |
| 88 |
#overlay refint |
| 89 |
#refint_attributes member |
| 90 |
#refint_nothing "uid=LDAP Admin,ou=System Accounts,dc=example,dc=com" |
| 91 |
|
| 92 |
authz-regexp "gidNumber=0\\\+uidNumber=0,cn=peercred,cn=external,cn=auth" |
| 93 |
"uid=Account Admin,ou=System Accounts,<%= dc_suffix %>" |
| 94 |
authz-regexp ^uid=([^,]+),cn=[^,]+,cn=auth$ uid=$1,ou=People,<%= dc_suffix %> |
| 95 |
|
| 96 |
include /etc/openldap/mandriva-dit-access.conf |
| 97 |
|
| 98 |
|
| 99 |
database monitor |
| 100 |
access to dn.subtree="cn=Monitor" |
| 101 |
by group.exact="cn=LDAP Monitors,ou=System Groups,<%= dc_suffix %>" read |
| 102 |
by group.exact="cn=LDAP Admins,ou=System Groups,<%= dc_suffix %>" read |
| 103 |
by * none |
| 104 |
|
Parent Directory
| 
Revision Log