slapd.conf.obsolete
Download slapd.conf.obsolete
1: #
2: # See slapd.conf(5) for details on configuration options.
3: # This file should NOT be world readable.
4: #
5:
6: include /etc/openldap/schema/corba.schema
7: include /etc/openldap/schema/core.schema
8: include /etc/openldap/schema/cosine.schema
9: include /etc/openldap/schema/duaconf.schema
10: include /etc/openldap/schema/dyngroup.schema
11: include /etc/openldap/schema/inetorgperson.schema
12: include /etc/openldap/schema/java.schema
13: include /etc/openldap/schema/misc.schema
14: include /etc/openldap/schema/nis.schema
15: include /etc/openldap/schema/openldap.schema
16: include /etc/openldap/schema/ppolicy.schema
17: include /etc/openldap/schema/collective.schema
18:
19: # Allow LDAPv2 client connections. This is NOT the default.
20: allow bind_v2
21:
22: # Do not enable referrals until AFTER you have a working directory
23: # service AND an understanding of referrals.
24: #referral ldap://root.openldap.org
25:
26: pidfile /var/run/openldap/slapd.pid
27: argsfile /var/run/openldap/slapd.args
28:
29: # Load dynamic backend modules:
30: # modulepath /usr/lib/openldap # or /usr/lib64/openldap
31: # moduleload accesslog.la
32: # moduleload auditlog.la
33: # moduleload back_sql.la
34: # moduleload denyop.la
35: # moduleload dyngroup.la
36: # moduleload dynlist.la
37: # moduleload lastmod.la
38: # moduleload pcache.la
39: # moduleload ppolicy.la
40: # moduleload refint.la
41: # moduleload retcode.la
42: # moduleload rwm.la
43: # moduleload syncprov.la
44: # moduleload translucent.la
45: # moduleload unique.la
46: # moduleload valsort.la
47:
48: # The next three lines allow use of TLS for encrypting connections using a
49: # dummy test certificate which you can generate by changing to
50: # /etc/pki/tls/certs, running "make slapd.pem", and fixing permissions on
51: # slapd.pem so that the ldap user or group can read it. Your client software
52: # may balk at self-signed certificates, however.
53: # TLSCACertificateFile /etc/pki/tls/certs/ca-bundle.crt
54: # TLSCertificateFile /etc/pki/tls/certs/slapd.pem
55: # TLSCertificateKeyFile /etc/pki/tls/certs/slapd.pem
56:
57: # Sample security restrictions
58: # Require integrity protection (prevent hijacking)
59: # Require 112-bit (3DES or better) encryption for updates
60: # Require 63-bit encryption for simple bind
61: # security ssf=1 update_ssf=112 simple_bind=64
62:
63: # Sample access control policy:
64: # Root DSE: allow anyone to read it
65: # Subschema (sub)entry DSE: allow anyone to read it
66: # Other DSEs:
67: # Allow self write access
68: # Allow authenticated users read access
69: # Allow anonymous users to authenticate
70: # Directives needed to implement policy:
71: # access to dn.base="" by * read
72: # access to dn.base="cn=Subschema" by * read
73: # access to *
74: # by self write
75: # by users read
76: # by anonymous auth
77: #
78: # if no access controls are present, the default policy
79: # allows anyone and everyone to read anything but restricts
80: # updates to rootdn. (e.g., "access to * by * read")
81: #
82: # rootdn can always read and write EVERYTHING!
83:
84: #######################################################################
85: # ldbm and/or bdb database definitions
86: #######################################################################
87:
88: database bdb
89: suffix "dc=my-domain,dc=com"
90: checkpoint 1024 15
91: rootdn "cn=Manager,dc=my-domain,dc=com"
92: # Cleartext passwords, especially for the rootdn, should
93: # be avoided. See slappasswd(8) and slapd.conf(5) for details.
94: # Use of strong authentication encouraged.
95: # rootpw secret
96: # rootpw {crypt}ijFYNcSNctBYg
97:
98: # The database directory MUST exist prior to running slapd AND
99: # should only be accessible by the slapd and slap tools.
100: # Mode 700 recommended.
101: directory /var/lib/ldap
102:
103: # Indices to maintain for this database
104: index objectClass eq,pres
105: index ou,cn,mail,surname,givenname eq,pres,sub
106: index uidNumber,gidNumber,loginShell eq,pres
107: index uid,memberUid eq,pres,sub
108: index nisMapName,nisMapEntry eq,pres,sub
109:
110: # Replicas of this database
111: #replogfile /var/lib/ldap/openldap-master-replog
112: #replica host=ldap-1.example.com:389 starttls=critical
113: # bindmethod=sasl saslmech=GSSAPI
114: # authcId=host/ldap-master.example.com@EXAMPLE.COM
115:
116:
117: # enable monitoring
118: database monitor
119:
120: # allow onlu rootdn to read the monitor
121: access to *
122: by dn.exact="cn=Manager,dc=my-domain,dc=com" read
123: by * none