]>
Commit | Line | Data |
---|---|---|
73abe331 | 1 | # |
2 | # See slapd.conf(5) for details on configuration options. | |
3 | # This file should NOT be world readable. | |
4 | # | |
5 | include /home/byordano/install/etc/openldap/schema/core.schema | |
6 | include /home/byordano/install/etc/openldap/schema/shuttle.schema | |
7 | ||
8 | # Define global ACLs to disable default read access. | |
9 | ||
10 | # Do not enable referrals until AFTER you have a working directory | |
11 | # service AND an understanding of referrals. | |
12 | #referral ldap://root.openldap.org | |
13 | ||
14 | pidfile /home/byordano/install/var/run/slapd.pid | |
15 | argsfile /home/byordano/install/var/run/slapd.args | |
16 | ||
17 | # Load dynamic backend modules: | |
18 | # modulepath /home/byordano/install/libexec/openldap | |
19 | # moduleload back_bdb.la | |
20 | # moduleload back_ldap.la | |
21 | # moduleload back_ldbm.la | |
22 | # moduleload back_passwd.la | |
23 | # moduleload back_shell.la | |
24 | ||
25 | # Sample security restrictions | |
26 | # Require integrity protection (prevent hijacking) | |
27 | # Require 112-bit (3DES or better) encryption for updates | |
28 | # Require 63-bit encryption for simple bind | |
29 | # security ssf=1 update_ssf=112 simple_bind=64 | |
30 | ||
31 | # Sample access control policy: | |
32 | # Root DSE: allow anyone to read it | |
33 | # Subschema (sub)entry DSE: allow anyone to read it | |
34 | # Other DSEs: | |
35 | # Allow self write access | |
36 | # Allow authenticated users read access | |
37 | # Allow anonymous users to authenticate | |
38 | # Directives needed to implement policy: | |
39 | # access to dn.base="" by * read | |
40 | # access to dn.base="cn=Subschema" by * read | |
41 | access to * | |
42 | by self write | |
43 | by * read | |
44 | # by users read | |
45 | # by anonymous auth | |
46 | # | |
47 | # if no access controls are present, the default policy | |
48 | # allows anyone and everyone to read anything but restricts | |
49 | # updates to rootdn. (e.g., "access to * by * read") | |
50 | # | |
51 | # rootdn can always read and write EVERYTHING! | |
52 | ||
53 | ####################################################################### | |
54 | # BDB database definitions | |
55 | ####################################################################### | |
56 | ||
57 | database bdb | |
58 | suffix "dc=alice,dc=cern,dc=ch" | |
59 | rootdn "cn=Manager,dc=alice,dc=cern,dc=ch" | |
60 | # Cleartext passwords, especially for the rootdn, should | |
61 | # be avoid. See slappasswd(8) and slapd.conf(5) for details. | |
62 | # Use of strong authentication encouraged. | |
63 | rootpw secret | |
64 | # The database directory MUST exist prior to running slapd AND | |
65 | # should only be accessible by the slapd and slap tools. | |
66 | # Mode 700 recommended. | |
67 | directory /home/byordano/install/var/openldap-data | |
68 | # Indices to maintain | |
69 | index objectClass eq |