Download slapd.conf.obsolete.bak
1: # 2: # See slapd.conf(5) for details on configuration options. 3: # This file should NOT be world readable. 4: # 5: 6: include /etc/openldap/schema/corba.schema 7: include /etc/openldap/schema/core.schema 8: include /etc/openldap/schema/cosine.schema 9: include /etc/openldap/schema/duaconf.schema 10: include /etc/openldap/schema/dyngroup.schema 11: include /etc/openldap/schema/inetorgperson.schema 12: include /etc/openldap/schema/java.schema 13: include /etc/openldap/schema/misc.schema 14: include /etc/openldap/schema/nis.schema 15: include /etc/openldap/schema/openldap.schema 16: include /etc/openldap/schema/ppolicy.schema 17: include /etc/openldap/schema/collective.schema 18: 19: # Allow LDAPv2 client connections. This is NOT the default. 20: allow bind_v2 21: 22: # Do not enable referrals until AFTER you have a working directory 23: # service AND an understanding of referrals. 24: #referral ldap://root.openldap.org 25: 26: pidfile /var/run/openldap/slapd.pid 27: argsfile /var/run/openldap/slapd.args 28: 29: # Load dynamic backend modules: 30: # modulepath /usr/lib/openldap # or /usr/lib64/openldap 31: # moduleload accesslog.la 32: # moduleload auditlog.la 33: # moduleload back_sql.la 34: # moduleload denyop.la 35: # moduleload dyngroup.la 36: # moduleload dynlist.la 37: # moduleload lastmod.la 38: # moduleload pcache.la 39: # moduleload ppolicy.la 40: # moduleload refint.la 41: # moduleload retcode.la 42: # moduleload rwm.la 43: # moduleload syncprov.la 44: # moduleload translucent.la 45: # moduleload unique.la 46: # moduleload valsort.la 47: 48: # The next three lines allow use of TLS for encrypting connections using a 49: # dummy test certificate which you can generate by changing to 50: # /etc/pki/tls/certs, running "make slapd.pem", and fixing permissions on 51: # slapd.pem so that the ldap user or group can read it. Your client software 52: # may balk at self-signed certificates, however. 53: # TLSCACertificateFile /etc/pki/tls/certs/ca-bundle.crt 54: # TLSCertificateFile /etc/pki/tls/certs/slapd.pem 55: # TLSCertificateKeyFile /etc/pki/tls/certs/slapd.pem 56: 57: # Sample security restrictions 58: # Require integrity protection (prevent hijacking) 59: # Require 112-bit (3DES or better) encryption for updates 60: # Require 63-bit encryption for simple bind 61: # security ssf=1 update_ssf=112 simple_bind=64 62: 63: # Sample access control policy: 64: # Root DSE: allow anyone to read it 65: # Subschema (sub)entry DSE: allow anyone to read it 66: # Other DSEs: 67: # Allow self write access 68: # Allow authenticated users read access 69: # Allow anonymous users to authenticate 70: # Directives needed to implement policy: 71: # access to dn.base="" by * read 72: # access to dn.base="cn=Subschema" by * read 73: # access to * 74: # by self write 75: # by users read 76: # by anonymous auth 77: # 78: # if no access controls are present, the default policy 79: # allows anyone and everyone to read anything but restricts 80: # updates to rootdn. (e.g., "access to * by * read") 81: # 82: # rootdn can always read and write EVERYTHING! 83: 84: ####################################################################### 85: # ldbm and/or bdb database definitions 86: ####################################################################### 87: 88: database bdb 89: suffix "dc=my-domain,dc=com" 90: checkpoint 1024 15 91: rootdn "cn=Manager,dc=my-domain,dc=com" 92: # Cleartext passwords, especially for the rootdn, should 93: # be avoided. See slappasswd(8) and slapd.conf(5) for details. 94: # Use of strong authentication encouraged. 95: # rootpw secret 96: # rootpw {crypt}ijFYNcSNctBYg 97: 98: # The database directory MUST exist prior to running slapd AND 99: # should only be accessible by the slapd and slap tools. 100: # Mode 700 recommended. 101: directory /var/lib/ldap 102: 103: # Indices to maintain for this database 104: index objectClass eq,pres 105: index ou,cn,mail,surname,givenname eq,pres,sub 106: index uidNumber,gidNumber,loginShell eq,pres 107: index uid,memberUid eq,pres,sub 108: index nisMapName,nisMapEntry eq,pres,sub 109: 110: # Replicas of this database 111: #replogfile /var/lib/ldap/openldap-master-replog 112: #replica host=ldap-1.example.com:389 starttls=critical 113: # bindmethod=sasl saslmech=GSSAPI 114: # authcId=host/ldap-master.example.com@EXAMPLE.COM 115: 116: 117: # enable monitoring 118: database monitor 119: 120: # allow onlu rootdn to read the monitor 121: access to * 122: by dn.exact="cn=Manager,dc=my-domain,dc=com" read 123: by * none