]>
Commit | Line | Data |
---|---|---|
68088e11 | 1 | |
73abe331 | 2 | # |
3 | # See slapd.conf(5) for details on configuration options. | |
4 | # This file should NOT be world readable. | |
5 | # | |
68088e11 | 6 | include /etc/openldap/schema/core.schema |
7 | include /etc/openldap/schema/cosine.schema | |
8 | include /etc/openldap/schema/inetorgperson.schema | |
9 | include /etc/openldap/schema/nis.schema | |
10 | include /etc/openldap/schema/shuttle.schema | |
73abe331 | 11 | |
68088e11 | 12 | # Allow LDAPv2 client connections. This is NOT the default. |
13 | #allow bind_v2 | |
73abe331 | 14 | |
15 | # Do not enable referrals until AFTER you have a working directory | |
16 | # service AND an understanding of referrals. | |
17 | #referral ldap://root.openldap.org | |
18 | ||
68088e11 | 19 | pidfile /var/run/slapd.pid |
20 | argsfile /var/run/slapd.args | |
73abe331 | 21 | |
22 | # Load dynamic backend modules: | |
68088e11 | 23 | # modulepath /usr/sbin/openldap |
73abe331 | 24 | # moduleload back_bdb.la |
25 | # moduleload back_ldap.la | |
26 | # moduleload back_ldbm.la | |
27 | # moduleload back_passwd.la | |
28 | # moduleload back_shell.la | |
29 | ||
68088e11 | 30 | # The next three lines allow use of TLS for encrypting connections using a |
31 | # dummy test certificate which you can generate by changing to | |
32 | # /usr/share/ssl/certs, running "make slapd.pem", and fixing permissions on | |
33 | # slapd.pem so that the ldap user or group can read it. Your client software | |
34 | # may balk at self-signed certificates, however. | |
35 | # TLSCACertificateFile /usr/share/ssl/certs/ca-bundle.crt | |
36 | # TLSCertificateFile /usr/share/ssl/certs/slapd.pem | |
37 | # TLSCertificateKeyFile /usr/share/ssl/certs/slapd.pem | |
38 | ||
73abe331 | 39 | # Sample security restrictions |
40 | # Require integrity protection (prevent hijacking) | |
41 | # Require 112-bit (3DES or better) encryption for updates | |
42 | # Require 63-bit encryption for simple bind | |
43 | # security ssf=1 update_ssf=112 simple_bind=64 | |
44 | ||
45 | # Sample access control policy: | |
46 | # Root DSE: allow anyone to read it | |
47 | # Subschema (sub)entry DSE: allow anyone to read it | |
48 | # Other DSEs: | |
49 | # Allow self write access | |
50 | # Allow authenticated users read access | |
51 | # Allow anonymous users to authenticate | |
52 | # Directives needed to implement policy: | |
53 | # access to dn.base="" by * read | |
54 | # access to dn.base="cn=Subschema" by * read | |
68088e11 | 55 | # access to * |
56 | # by self write | |
73abe331 | 57 | # by users read |
58 | # by anonymous auth | |
59 | # | |
60 | # if no access controls are present, the default policy | |
61 | # allows anyone and everyone to read anything but restricts | |
62 | # updates to rootdn. (e.g., "access to * by * read") | |
63 | # | |
64 | # rootdn can always read and write EVERYTHING! | |
65 | ||
68088e11 | 66 | #access to * |
67 | # by * read | |
68 | # by anonymous read | |
69 | ||
70 | allow bind_anon_dn | |
71 | allow bind_anon_cred | |
72 | #allow bind_anon | |
73 | ||
73abe331 | 74 | ####################################################################### |
68088e11 | 75 | # ldbm and/or bdb database definitions |
73abe331 | 76 | ####################################################################### |
77 | ||
68088e11 | 78 | database ldbm |
79 | suffix "dc=cern, dc=ch" | |
80 | rootdn "cn=Manager,dc=cern, dc=ch" | |
73abe331 | 81 | # Cleartext passwords, especially for the rootdn, should |
68088e11 | 82 | # be avoided. See slappasswd(8) and slapd.conf(5) for details. |
73abe331 | 83 | # Use of strong authentication encouraged. |
68088e11 | 84 | # rootpw secret |
85 | # rootpw {crypt}ijFYNcSNctBYg | |
86 | ||
73abe331 | 87 | # The database directory MUST exist prior to running slapd AND |
88 | # should only be accessible by the slapd and slap tools. | |
89 | # Mode 700 recommended. | |
68088e11 | 90 | directory /var/lib/ldap |
91 | ||
92 | # Indices to maintain for this database | |
93 | index objectClass eq,pres | |
94 | index ou,cn,mail,surname,givenname eq,pres,sub | |
95 | index uidNumber,gidNumber,loginShell eq,pres | |
96 | index uid,memberUid eq,pres,sub | |
97 | index nisMapName,nisMapEntry eq,pres,sub | |
98 | ||
99 | # Replicas of this database | |
100 | #replogfile /var/lib/ldap/openldap-master-replog | |
101 | #replica host=ldap-1.example.com:389 starttls=critical | |
102 | # bindmethod=sasl saslmech=GSSAPI | |
103 | # authcId=host/ldap-master.example.com@EXAMPLE.COM | |
104 | ||
105 | ### shuttle configuration | |
106 | rootpw {SSHA}OztXD9506FAbxxHmZU+/5JDyPKHldGNh |