]>
Commit | Line | Data |
---|---|---|
8fed81c8 SS |
1 | # See slapd-config(5) for details on configuration options. |
2 | # This file should NOT be world readable. | |
3 | # | |
4 | ||
5 | dn: cn=config | |
6 | objectClass: olcGlobal | |
7 | cn: config | |
8 | olcArgsFile: /run/openldap/slapd.args | |
9 | olcPidFile: /run/openldap/slapd.pid | |
10 | # | |
11 | # TLS settings | |
12 | # | |
13 | #olcTLSCACertificateFile: /etc/pki/CA/cacert.pem | |
f2dfd577 SS |
14 | olcTLSCertificateFile: /etc/openldap/certs/server.pem |
15 | olcTLSCertificateKeyFile: /etc/openldap/certs/server.key | |
8fed81c8 SS |
16 | # |
17 | # Do not enable referrals until AFTER you have a working directory | |
18 | # service AND an understanding of referrals. | |
19 | # | |
20 | #olcReferral: ldap://root.openldap.org | |
21 | # | |
22 | # Sample security restrictions | |
23 | # Require integrity protection (prevent hijacking) | |
24 | # Require 112-bit (3DES or better) encryption for updates | |
25 | # Require 64-bit encryption for simple bind | |
26 | # | |
27 | #olcSecurity: ssf=1 update_ssf=112 simple_bind=64 | |
28 | ||
29 | # | |
30 | # Load dynamic backend modules: | |
31 | # - modulepath is architecture dependent value (32/64-bit system) | |
32 | # - back_sql.la backend requires openldap-servers-sql package | |
33 | # - dyngroup.la and dynlist.la cannot be used at the same time | |
34 | # | |
35 | ||
36 | #dn: cn=module,cn=config | |
37 | #objectClass: olcModuleList | |
38 | #cn: module | |
39 | #olcModulepath: /usr/lib/openldap | |
40 | #olcModulepath: /usr/lib64/openldap | |
41 | #olcModuleload: accesslog.la | |
42 | #olcModuleload: auditlog.la | |
43 | #olcModuleload: back_dnssrv.la | |
44 | #olcModuleload: back_hdb.so | |
45 | #olcModuleload: back_ldap.la | |
46 | #olcModuleload: back_mdb.la | |
47 | #olcModuleload: back_meta.la | |
48 | #olcModuleload: back_null.la | |
49 | #olcModuleload: back_passwd.la | |
50 | #olcModuleload: back_relay.la | |
51 | #olcModuleload: back_shell.la | |
52 | #olcModuleload: back_sock.la | |
53 | #olcModuleload: collect.la | |
54 | #olcModuleload: constraint.la | |
55 | #olcModuleload: dds.la | |
56 | #olcModuleload: deref.la | |
57 | #olcModuleload: dyngroup.la | |
58 | #olcModuleload: dynlist.la | |
59 | #olcModuleload: memberof.la | |
60 | #olcModuleload: pcache.la | |
61 | #olcModuleload: ppolicy.la | |
62 | #olcModuleload: refint.la | |
63 | #olcModuleload: retcode.la | |
64 | #olcModuleload: rwm.la | |
65 | #olcModuleload: seqmod.la | |
66 | #olcModuleload: smbk5pwd.la | |
67 | #olcModuleload: sssvlv.la | |
68 | #olcModuleload: syncprov.la | |
69 | #olcModuleload: translucent.la | |
70 | #olcModuleload: unique.la | |
71 | #olcModuleload: valsort.la | |
72 | ||
73 | ||
74 | # | |
75 | # Schema settings | |
76 | # | |
77 | ||
78 | dn: cn=schema,cn=config | |
79 | objectClass: olcSchemaConfig | |
80 | cn: schema | |
81 | ||
82 | include: file:///etc/openldap/schema/core.ldif | |
83 | include: file:///etc/openldap/schema/cosine.ldif | |
84 | include: file:///etc/openldap/schema/nis.ldif | |
85 | include: file:///etc/openldap/schema/inetorgperson.ldif | |
86 | ||
87 | # | |
88 | # Frontend settings | |
89 | # | |
90 | ||
91 | dn: olcDatabase=frontend,cn=config | |
92 | objectClass: olcDatabaseConfig | |
93 | olcDatabase: frontend | |
94 | # | |
95 | # Sample global access control policy: | |
96 | # Root DSE: allow anyone to read it | |
97 | # Subschema (sub)entry DSE: allow anyone to read it | |
98 | # Other DSEs: | |
99 | # Allow self write access | |
100 | # Allow authenticated users read access | |
101 | # Allow anonymous users to authenticate | |
102 | # | |
103 | #olcAccess: to dn.base="" by * read | |
104 | #olcAccess: to dn.base="cn=Subschema" by * read | |
105 | #olcAccess: to * | |
106 | # by self write | |
107 | # by users read | |
108 | # by anonymous auth | |
109 | # | |
110 | # if no access controls are present, the default policy | |
111 | # allows anyone and everyone to read anything but restricts | |
112 | # updates to rootdn. (e.g., "access to * by * read") | |
113 | # | |
114 | # rootdn can always read and write EVERYTHING! | |
115 | # | |
116 | ||
117 | # | |
118 | # Configuration database | |
119 | # | |
120 | ||
121 | dn: olcDatabase=config,cn=config | |
122 | objectClass: olcDatabaseConfig | |
123 | olcDatabase: config | |
124 | olcAccess: to * by dn.base="gidNumber=0+uidNumber=0,cn=peercred,cn=external,c | |
125 | n=auth" manage by * none | |
126 | ||
127 | # | |
128 | # Server status monitoring | |
129 | # | |
130 | ||
131 | #dn: olcDatabase=monitor,cn=config | |
132 | #objectClass: olcDatabaseConfig | |
133 | #olcDatabase: monitor | |
134 | #olcAccess: to * by dn.base="gidNumber=0+uidNumber=0,cn=peercred,cn=external,c | |
135 | n=auth" read by dn.base="cn=Manager,dc=my-domain,dc=com" read by * none | |
136 | ||
137 | # | |
138 | # Backend database definitions | |
139 | # | |
140 | ||
141 | dn: olcDatabase=hdb,cn=config | |
142 | objectClass: olcDatabaseConfig | |
143 | objectClass: olcHdbConfig | |
144 | olcDatabase: hdb | |
145 | olcSuffix: @SUFFIX@ | |
146 | olcRootDN: cn=admin,@SUFFIX@ | |
147 | olcDbDirectory: /var/lib/ldap | |
148 | olcDbIndex: objectClass eq,pres | |
149 | olcDbIndex: ou,cn,mail,surname,givenname eq,pres,sub |