/[smeserver]/rpms/openldap/sme9/slapd.conf
ViewVC logotype

Annotation of /rpms/openldap/sme9/slapd.conf

Parent Directory Parent Directory | Revision Log Revision Log | View Revision Graph Revision Graph


Revision 1.1 - (hide annotations) (download)
Tue Nov 11 00:46:15 2014 UTC (10 years ago) by vip-ire
Branch: MAIN
CVS Tags: openldap-2_4_39-8_el6_sme, HEAD
Import openldap

1 vip-ire 1.1 #
2     # See slapd.conf(5) for details on configuration options.
3     # This file should NOT be world readable.
4     #
5    
6     include /etc/openldap/schema/corba.schema
7     include /etc/openldap/schema/core.schema
8     include /etc/openldap/schema/cosine.schema
9     include /etc/openldap/schema/duaconf.schema
10     include /etc/openldap/schema/dyngroup.schema
11     include /etc/openldap/schema/inetorgperson.schema
12     include /etc/openldap/schema/java.schema
13     include /etc/openldap/schema/misc.schema
14     include /etc/openldap/schema/nis.schema
15     include /etc/openldap/schema/openldap.schema
16     include /etc/openldap/schema/ppolicy.schema
17     include /etc/openldap/schema/collective.schema
18    
19     # Allow LDAPv2 client connections. This is NOT the default.
20     allow bind_v2
21    
22     # Do not enable referrals until AFTER you have a working directory
23     # service AND an understanding of referrals.
24     #referral ldap://root.openldap.org
25    
26     pidfile /var/run/openldap/slapd.pid
27     argsfile /var/run/openldap/slapd.args
28    
29     # Load dynamic backend modules
30     # - modulepath is architecture dependent value (32/64-bit system)
31     # - back_sql.la overlay requires openldap-server-sql package
32     # - dyngroup.la and dynlist.la cannot be used at the same time
33    
34     # modulepath /usr/lib/openldap
35     # modulepath /usr/lib64/openldap
36    
37     # moduleload accesslog.la
38     # moduleload auditlog.la
39     # moduleload back_sql.la
40     # moduleload chain.la
41     # moduleload collect.la
42     # moduleload constraint.la
43     # moduleload dds.la
44     # moduleload deref.la
45     # moduleload dyngroup.la
46     # moduleload dynlist.la
47     # moduleload memberof.la
48     # moduleload pbind.la
49     # moduleload pcache.la
50     # moduleload ppolicy.la
51     # moduleload refint.la
52     # moduleload retcode.la
53     # moduleload rwm.la
54     # moduleload seqmod.la
55     # moduleload smbk5pwd.la
56     # moduleload sssvlv.la
57     # moduleload syncprov.la
58     # moduleload translucent.la
59     # moduleload unique.la
60     # moduleload valsort.la
61    
62     # The next three lines allow use of TLS for encrypting connections using a
63     # dummy test certificate which you can generate by running
64     # /usr/libexec/openldap/generate-server-cert.sh. Your client software may balk
65     # at self-signed certificates, however.
66     TLSCACertificatePath /etc/openldap/certs
67     TLSCertificateFile "\"OpenLDAP Server\""
68     TLSCertificateKeyFile /etc/openldap/certs/password
69    
70     # Sample security restrictions
71     # Require integrity protection (prevent hijacking)
72     # Require 112-bit (3DES or better) encryption for updates
73     # Require 63-bit encryption for simple bind
74     # security ssf=1 update_ssf=112 simple_bind=64
75    
76     # Sample access control policy:
77     # Root DSE: allow anyone to read it
78     # Subschema (sub)entry DSE: allow anyone to read it
79     # Other DSEs:
80     # Allow self write access
81     # Allow authenticated users read access
82     # Allow anonymous users to authenticate
83     # Directives needed to implement policy:
84     # access to dn.base="" by * read
85     # access to dn.base="cn=Subschema" by * read
86     # access to *
87     # by self write
88     # by users read
89     # by anonymous auth
90     #
91     # if no access controls are present, the default policy
92     # allows anyone and everyone to read anything but restricts
93     # updates to rootdn. (e.g., "access to * by * read")
94     #
95     # rootdn can always read and write EVERYTHING!
96    
97     # enable on-the-fly configuration (cn=config)
98     database config
99     access to *
100     by dn.exact="gidNumber=0+uidNumber=0,cn=peercred,cn=external,cn=auth" manage
101     by * none
102    
103     # enable server status monitoring (cn=monitor)
104     database monitor
105     access to *
106     by dn.exact="gidNumber=0+uidNumber=0,cn=peercred,cn=external,cn=auth" read
107     by dn.exact="cn=Manager,dc=my-domain,dc=com" read
108     by * none
109    
110     #######################################################################
111     # database definitions
112     #######################################################################
113    
114     database bdb
115     suffix "dc=my-domain,dc=com"
116     checkpoint 1024 15
117     rootdn "cn=Manager,dc=my-domain,dc=com"
118     # Cleartext passwords, especially for the rootdn, should
119     # be avoided. See slappasswd(8) and slapd.conf(5) for details.
120     # Use of strong authentication encouraged.
121     # rootpw secret
122     # rootpw {crypt}ijFYNcSNctBYg
123    
124     # The database directory MUST exist prior to running slapd AND
125     # should only be accessible by the slapd and slap tools.
126     # Mode 700 recommended.
127     directory /var/lib/ldap
128    
129     # Indices to maintain for this database
130     index objectClass eq,pres
131     index ou,cn,mail,surname,givenname eq,pres,sub
132     index uidNumber,gidNumber,loginShell eq,pres
133     index uid,memberUid eq,pres,sub
134     index nisMapName,nisMapEntry eq,pres,sub
135    
136     # Replicas of this database
137     #replogfile /var/lib/ldap/openldap-master-replog
138     #replica host=ldap-1.example.com:389 starttls=critical
139     # bindmethod=sasl saslmech=GSSAPI
140     # authcId=host/ldap-master.example.com@EXAMPLE.COM

admin@koozali.org
ViewVC Help
Powered by ViewVC 1.2.1 RSS 2.0 feed