slapd.ldif 2.54 KB
Newer Older
Howard Chu's avatar
Howard Chu committed
1
#
2
# See slapd-config(5) for details on configuration options.
Howard Chu's avatar
Howard Chu committed
3
4
5
6
7
8
9
10
11
# This file should NOT be world readable.
#
dn: cn=config
objectClass: olcGlobal
cn: config
#
#
# Define global ACLs to disable default read access.
#
12
13
olcArgsFile: %LOCALSTATEDIR%/run/slapd.args
olcPidFile: %LOCALSTATEDIR%/run/slapd.pid
Howard Chu's avatar
Howard Chu committed
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
#
# Do not enable referrals until AFTER you have a working directory
# service AND an understanding of referrals.
#olcReferral:	ldap://root.openldap.org
#
# Sample security restrictions
#	Require integrity protection (prevent hijacking)
#	Require 112-bit (3DES or better) encryption for updates
#	Require 64-bit encryption for simple bind
#olcSecurity: ssf=1 update_ssf=112 simple_bind=64


#
# Load dynamic backend modules:
#
#dn: cn=module,cn=config
#objectClass: olcModuleList
Quanah Gibson-Mount's avatar
Quanah Gibson-Mount committed
31
#cn: module
Howard Chu's avatar
Howard Chu committed
32
33
#olcModulepath:	%MODULEDIR%
#olcModuleload:	back_bdb.la
Kurt Zeilenga's avatar
Kurt Zeilenga committed
34
#olcModuleload:	back_hdb.la
Howard Chu's avatar
Howard Chu committed
35
36
37
38
39
40
41
42
43
#olcModuleload:	back_ldap.la
#olcModuleload:	back_passwd.la
#olcModuleload:	back_shell.la


dn: cn=schema,cn=config
objectClass: olcSchemaConfig
cn: schema

44
include: file://%SYSCONFDIR%/schema/core.ldif
Howard Chu's avatar
Howard Chu committed
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75

# Frontend settings
#
dn: olcDatabase=frontend,cn=config
objectClass: olcDatabaseConfig
olcDatabase: frontend
#
# Sample global access control policy:
#	Root DSE: allow anyone to read it
#	Subschema (sub)entry DSE: allow anyone to read it
#	Other DSEs:
#		Allow self write access
#		Allow authenticated users read access
#		Allow anonymous users to authenticate
#
#olcAccess: to dn.base="" by * read
#olcAccess: to dn.base="cn=Subschema" by * read
#olcAccess: to *
#	by self write
#	by users read
#	by anonymous auth
#
# if no access controls are present, the default policy
# allows anyone and everyone to read anything but restricts
# updates to rootdn.  (e.g., "access to * by * read")
#
# rootdn can always read and write EVERYTHING!
#


#######################################################################
76
# LMDB database definitions
Howard Chu's avatar
Howard Chu committed
77
78
#######################################################################
#
79
dn: olcDatabase=mdb,cn=config
Howard Chu's avatar
Howard Chu committed
80
objectClass: olcDatabaseConfig
81
82
objectClass: olcMdbConfig
olcDatabase: mdb
83
84
olcSuffix: dc=my-domain,dc=com
olcRootDN: cn=Manager,dc=my-domain,dc=com
Howard Chu's avatar
Howard Chu committed
85
# Cleartext passwords, especially for the rootdn, should
Quanah Gibson-Mount's avatar
Quanah Gibson-Mount committed
86
# be avoided.  See slappasswd(8) and slapd-config(5) for details.
Howard Chu's avatar
Howard Chu committed
87
# Use of strong authentication encouraged.
88
olcRootPW: secret
Howard Chu's avatar
Howard Chu committed
89
90
91
92
93
# The database directory MUST exist prior to running slapd AND 
# should only be accessible by the slapd and slap tools.
# Mode 700 recommended.
olcDbDirectory:	%LOCALSTATEDIR%/openldap-data
# Indices to maintain
94
olcDbIndex: objectClass eq