/[smeserver]/rpms/openldap/sme9/slapd.conf
ViewVC logotype

Contents of /rpms/openldap/sme9/slapd.conf

Parent Directory Parent Directory | Revision Log Revision Log | View Revision Graph Revision Graph


Revision 1.1 - (show annotations) (download)
Tue Nov 11 00:46:15 2014 UTC (10 years ago) by vip-ire
Branch: MAIN
CVS Tags: openldap-2_4_39-8_el6_sme, HEAD
Import openldap

1 #
2 # See slapd.conf(5) for details on configuration options.
3 # This file should NOT be world readable.
4 #
5
6 include /etc/openldap/schema/corba.schema
7 include /etc/openldap/schema/core.schema
8 include /etc/openldap/schema/cosine.schema
9 include /etc/openldap/schema/duaconf.schema
10 include /etc/openldap/schema/dyngroup.schema
11 include /etc/openldap/schema/inetorgperson.schema
12 include /etc/openldap/schema/java.schema
13 include /etc/openldap/schema/misc.schema
14 include /etc/openldap/schema/nis.schema
15 include /etc/openldap/schema/openldap.schema
16 include /etc/openldap/schema/ppolicy.schema
17 include /etc/openldap/schema/collective.schema
18
19 # Allow LDAPv2 client connections. This is NOT the default.
20 allow bind_v2
21
22 # Do not enable referrals until AFTER you have a working directory
23 # service AND an understanding of referrals.
24 #referral ldap://root.openldap.org
25
26 pidfile /var/run/openldap/slapd.pid
27 argsfile /var/run/openldap/slapd.args
28
29 # Load dynamic backend modules
30 # - modulepath is architecture dependent value (32/64-bit system)
31 # - back_sql.la overlay requires openldap-server-sql package
32 # - dyngroup.la and dynlist.la cannot be used at the same time
33
34 # modulepath /usr/lib/openldap
35 # modulepath /usr/lib64/openldap
36
37 # moduleload accesslog.la
38 # moduleload auditlog.la
39 # moduleload back_sql.la
40 # moduleload chain.la
41 # moduleload collect.la
42 # moduleload constraint.la
43 # moduleload dds.la
44 # moduleload deref.la
45 # moduleload dyngroup.la
46 # moduleload dynlist.la
47 # moduleload memberof.la
48 # moduleload pbind.la
49 # moduleload pcache.la
50 # moduleload ppolicy.la
51 # moduleload refint.la
52 # moduleload retcode.la
53 # moduleload rwm.la
54 # moduleload seqmod.la
55 # moduleload smbk5pwd.la
56 # moduleload sssvlv.la
57 # moduleload syncprov.la
58 # moduleload translucent.la
59 # moduleload unique.la
60 # moduleload valsort.la
61
62 # The next three lines allow use of TLS for encrypting connections using a
63 # dummy test certificate which you can generate by running
64 # /usr/libexec/openldap/generate-server-cert.sh. Your client software may balk
65 # at self-signed certificates, however.
66 TLSCACertificatePath /etc/openldap/certs
67 TLSCertificateFile "\"OpenLDAP Server\""
68 TLSCertificateKeyFile /etc/openldap/certs/password
69
70 # Sample security restrictions
71 # Require integrity protection (prevent hijacking)
72 # Require 112-bit (3DES or better) encryption for updates
73 # Require 63-bit encryption for simple bind
74 # security ssf=1 update_ssf=112 simple_bind=64
75
76 # Sample access control policy:
77 # Root DSE: allow anyone to read it
78 # Subschema (sub)entry DSE: allow anyone to read it
79 # Other DSEs:
80 # Allow self write access
81 # Allow authenticated users read access
82 # Allow anonymous users to authenticate
83 # Directives needed to implement policy:
84 # access to dn.base="" by * read
85 # access to dn.base="cn=Subschema" by * read
86 # access to *
87 # by self write
88 # by users read
89 # by anonymous auth
90 #
91 # if no access controls are present, the default policy
92 # allows anyone and everyone to read anything but restricts
93 # updates to rootdn. (e.g., "access to * by * read")
94 #
95 # rootdn can always read and write EVERYTHING!
96
97 # enable on-the-fly configuration (cn=config)
98 database config
99 access to *
100 by dn.exact="gidNumber=0+uidNumber=0,cn=peercred,cn=external,cn=auth" manage
101 by * none
102
103 # enable server status monitoring (cn=monitor)
104 database monitor
105 access to *
106 by dn.exact="gidNumber=0+uidNumber=0,cn=peercred,cn=external,cn=auth" read
107 by dn.exact="cn=Manager,dc=my-domain,dc=com" read
108 by * none
109
110 #######################################################################
111 # database definitions
112 #######################################################################
113
114 database bdb
115 suffix "dc=my-domain,dc=com"
116 checkpoint 1024 15
117 rootdn "cn=Manager,dc=my-domain,dc=com"
118 # Cleartext passwords, especially for the rootdn, should
119 # be avoided. See slappasswd(8) and slapd.conf(5) for details.
120 # Use of strong authentication encouraged.
121 # rootpw secret
122 # rootpw {crypt}ijFYNcSNctBYg
123
124 # The database directory MUST exist prior to running slapd AND
125 # should only be accessible by the slapd and slap tools.
126 # Mode 700 recommended.
127 directory /var/lib/ldap
128
129 # Indices to maintain for this database
130 index objectClass eq,pres
131 index ou,cn,mail,surname,givenname eq,pres,sub
132 index uidNumber,gidNumber,loginShell eq,pres
133 index uid,memberUid eq,pres,sub
134 index nisMapName,nisMapEntry eq,pres,sub
135
136 # Replicas of this database
137 #replogfile /var/lib/ldap/openldap-master-replog
138 #replica host=ldap-1.example.com:389 starttls=critical
139 # bindmethod=sasl saslmech=GSSAPI
140 # authcId=host/ldap-master.example.com@EXAMPLE.COM

admin@koozali.org
ViewVC Help
Powered by ViewVC 1.2.1 RSS 2.0 feed