slapd.conf.obsolete

Download slapd.conf.obsolete

  1: #
  2: # See slapd.conf(5) for details on configuration options.
  3: # This file should NOT be world readable.
  4: #
  5: 
  6: include		/etc/openldap/schema/corba.schema
  7: include		/etc/openldap/schema/core.schema
  8: include		/etc/openldap/schema/cosine.schema
  9: include		/etc/openldap/schema/duaconf.schema
 10: include		/etc/openldap/schema/dyngroup.schema
 11: include		/etc/openldap/schema/inetorgperson.schema
 12: include		/etc/openldap/schema/java.schema
 13: include		/etc/openldap/schema/misc.schema
 14: include		/etc/openldap/schema/nis.schema
 15: include		/etc/openldap/schema/openldap.schema
 16: include		/etc/openldap/schema/ppolicy.schema
 17: include		/etc/openldap/schema/collective.schema
 18: 
 19: # Allow LDAPv2 client connections.  This is NOT the default.
 20: allow bind_v2
 21: 
 22: # Do not enable referrals until AFTER you have a working directory
 23: # service AND an understanding of referrals.
 24: #referral	ldap://root.openldap.org
 25: 
 26: pidfile		/var/run/openldap/slapd.pid
 27: argsfile	/var/run/openldap/slapd.args
 28: 
 29: # Load dynamic backend modules:
 30: # modulepath	/usr/lib/openldap # or /usr/lib64/openldap
 31: # moduleload accesslog.la
 32: # moduleload auditlog.la
 33: # moduleload back_sql.la
 34: # moduleload denyop.la
 35: # moduleload dyngroup.la
 36: # moduleload dynlist.la
 37: # moduleload lastmod.la
 38: # moduleload pcache.la
 39: # moduleload ppolicy.la
 40: # moduleload refint.la
 41: # moduleload retcode.la
 42: # moduleload rwm.la
 43: # moduleload syncprov.la
 44: # moduleload translucent.la
 45: # moduleload unique.la
 46: # moduleload valsort.la
 47: 
 48: # The next three lines allow use of TLS for encrypting connections using a
 49: # dummy test certificate which you can generate by changing to
 50: # /etc/pki/tls/certs, running "make slapd.pem", and fixing permissions on
 51: # slapd.pem so that the ldap user or group can read it.  Your client software
 52: # may balk at self-signed certificates, however.
 53: # TLSCACertificateFile /etc/pki/tls/certs/ca-bundle.crt
 54: # TLSCertificateFile /etc/pki/tls/certs/slapd.pem
 55: # TLSCertificateKeyFile /etc/pki/tls/certs/slapd.pem
 56: 
 57: # Sample security restrictions
 58: #	Require integrity protection (prevent hijacking)
 59: #	Require 112-bit (3DES or better) encryption for updates
 60: #	Require 63-bit encryption for simple bind
 61: # security ssf=1 update_ssf=112 simple_bind=64
 62: 
 63: # Sample access control policy:
 64: #	Root DSE: allow anyone to read it
 65: #	Subschema (sub)entry DSE: allow anyone to read it
 66: #	Other DSEs:
 67: #		Allow self write access
 68: #		Allow authenticated users read access
 69: #		Allow anonymous users to authenticate
 70: #	Directives needed to implement policy:
 71: # access to dn.base="" by * read
 72: # access to dn.base="cn=Subschema" by * read
 73: # access to *
 74: #	by self write
 75: #	by users read
 76: #	by anonymous auth
 77: #
 78: # if no access controls are present, the default policy
 79: # allows anyone and everyone to read anything but restricts
 80: # updates to rootdn.  (e.g., "access to * by * read")
 81: #
 82: # rootdn can always read and write EVERYTHING!
 83: 
 84: #######################################################################
 85: # ldbm and/or bdb database definitions
 86: #######################################################################
 87: 
 88: database	bdb
 89: suffix		"dc=my-domain,dc=com"
 90: checkpoint	1024 15
 91: rootdn		"cn=Manager,dc=my-domain,dc=com"
 92: # Cleartext passwords, especially for the rootdn, should
 93: # be avoided.  See slappasswd(8) and slapd.conf(5) for details.
 94: # Use of strong authentication encouraged.
 95: # rootpw		secret
 96: # rootpw		{crypt}ijFYNcSNctBYg
 97: 
 98: # The database directory MUST exist prior to running slapd AND
 99: # should only be accessible by the slapd and slap tools.
100: # Mode 700 recommended.
101: directory	/var/lib/ldap
102: 
103: # Indices to maintain for this database
104: index objectClass                       eq,pres
105: index ou,cn,mail,surname,givenname      eq,pres,sub
106: index uidNumber,gidNumber,loginShell    eq,pres
107: index uid,memberUid                     eq,pres,sub
108: index nisMapName,nisMapEntry            eq,pres,sub
109: 
110: # Replicas of this database
111: #replogfile /var/lib/ldap/openldap-master-replog
112: #replica host=ldap-1.example.com:389 starttls=critical
113: #     bindmethod=sasl saslmech=GSSAPI
114: #     authcId=host/ldap-master.example.com@EXAMPLE.COM
115: 
116: 
117: # enable monitoring
118: database monitor
119: 
120: # allow onlu rootdn to read the monitor
121: access to *
122:         by dn.exact="cn=Manager,dc=my-domain,dc=com" read
123:         by * none