1 |
# slapd.conf template |
2 |
include /usr/share/openldap/schema/core.schema |
3 |
include /usr/share/openldap/schema/cosine.schema |
4 |
include /usr/share/openldap/schema/corba.schema |
5 |
include /usr/share/openldap/schema/inetorgperson.schema |
6 |
include /usr/share/openldap/schema/java.schema |
7 |
include /usr/share/openldap/schema/krb5-kdc.schema |
8 |
#include /usr/share/openldap/schema/kerberosobject.schema |
9 |
include /usr/share/openldap/schema/misc.schema |
10 |
include /usr/share/openldap/schema/rfc2307bis.schema |
11 |
include /usr/share/openldap/schema/openldap.schema |
12 |
#include /usr/share/openldap/schema/autofs.schema |
13 |
include /usr/share/openldap/schema/samba.schema |
14 |
include /usr/share/openldap/schema/kolab.schema |
15 |
include /usr/share/openldap/schema/evolutionperson.schema |
16 |
include /usr/share/openldap/schema/calendar.schema |
17 |
include /usr/share/openldap/schema/sudo.schema |
18 |
include /usr/share/openldap/schema/dnszone.schema |
19 |
include /usr/share/openldap/schema/dhcp.schema |
20 |
include /usr/share/openldap/schema/dyngroup.schema |
21 |
include /usr/share/openldap/schema/ppolicy.schema |
22 |
include /usr/share/openldap/schema/openssh-lpk_openldap.schema |
23 |
|
24 |
#include /etc/openldap/schema/local.schema |
25 |
|
26 |
pidfile /var/run/ldap/slapd.pid |
27 |
argsfile /var/run/ldap/slapd.args |
28 |
|
29 |
modulepath <%= lib_dir %>/openldap |
30 |
moduleload back_monitor.la |
31 |
moduleload syncprov.la |
32 |
moduleload ppolicy.la |
33 |
#moduleload refint.la |
34 |
|
35 |
TLSCertificateFile /etc/ssl/openldap/ldap.pem |
36 |
TLSCertificateKeyFile /etc/ssl/openldap/ldap.pem |
37 |
TLSCACertificateFile /etc/ssl/openldap/ldap.pem |
38 |
|
39 |
# Give ldapi connection some security |
40 |
localSSF 56 |
41 |
# Require at least this security, so we allow: |
42 |
# ldapi |
43 |
# ldap+start_tls |
44 |
# ldaps |
45 |
security ssf=56 |
46 |
|
47 |
loglevel 256 |
48 |
|
49 |
database bdb |
50 |
suffix "<%= dc_suffix %>" |
51 |
directory /var/lib/ldap |
52 |
rootdn "cn=manager,<%= dc_suffix %>" |
53 |
|
54 |
checkpoint 256 5 |
55 |
# 32Mbytes, can hold about 10k posixAccount entries |
56 |
dbconfig set_cachesize 0 33554432 1 |
57 |
dbconfig set_lg_bsize 2097152 |
58 |
cachesize 1000 |
59 |
idlcachesize 3000 |
60 |
|
61 |
index objectClass eq |
62 |
index uidNumber,gidNumber,memberuid,member eq |
63 |
index uid eq,subinitial |
64 |
index cn,mail,surname,givenname eq,subinitial |
65 |
index sambaSID eq,sub |
66 |
index sambaDomainName,displayName,sambaGroupType eq |
67 |
index sambaSIDList eq |
68 |
index krb5PrincipalName eq |
69 |
index uniqueMember pres,eq |
70 |
index zoneName,relativeDomainName eq |
71 |
index sudouser eq,sub |
72 |
index entryCSN,entryUUID eq |
73 |
index dhcpHWAddress,dhcpClassData eq |
74 |
|
75 |
overlay syncprov |
76 |
syncprov-checkpoint 100 10 |
77 |
syncprov-sessionlog 100 |
78 |
|
79 |
overlay ppolicy |
80 |
ppolicy_default "cn=default,ou=Password Policies,<%= dc_suffix %>" |
81 |
ppolicy_hash_cleartext yes |
82 |
ppolicy_use_lockout yes |
83 |
|
84 |
|
85 |
# uncomment if you want to automatically update group |
86 |
# memberships when an user is removed from the tree |
87 |
# Also uncomment the refint.la moduleload above |
88 |
#overlay refint |
89 |
#refint_attributes member |
90 |
#refint_nothing "uid=LDAP Admin,ou=System Accounts,dc=example,dc=com" |
91 |
|
92 |
authz-regexp "gidNumber=0\\\+uidNumber=0,cn=peercred,cn=external,cn=auth" |
93 |
"uid=Account Admin,ou=System Accounts,<%= dc_suffix %>" |
94 |
authz-regexp ^uid=([^,]+),cn=[^,]+,cn=auth$ uid=$1,ou=People,<%= dc_suffix %> |
95 |
|
96 |
include /etc/openldap/mandriva-dit-access.conf |
97 |
|
98 |
|
99 |
database monitor |
100 |
access to dn.subtree="cn=Monitor" |
101 |
by group.exact="cn=LDAP Monitors,ou=System Groups,<%= dc_suffix %>" read |
102 |
by group.exact="cn=LDAP Admins,ou=System Groups,<%= dc_suffix %>" read |
103 |
by * none |
104 |
|