Newer
Older
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
# master slapd config -- for testing
# $OpenLDAP: pkg/ldap/tests/data/slapd-pw.conf,v 1.19.2.4 2003/12/15 22:05:29
kurt Exp $
## This work is part of OpenLDAP Software <http://www.openldap.org/>.
##
## Copyright 1998-2003 The OpenLDAP Foundation.
## All rights reserved.
##
## Redistribution and use in source and binary forms, with or without
## modification, are permitted only as authorized by the OpenLDAP
## Public License.
##
## A copy of this license is available in the file LICENSE in the
## top-level directory of the distribution or, alternatively, at
## <http://www.OpenLDAP.org/license.html>.
#ucdata-path ./ucdata
include ./schema/core.schema
include ./schema/cosine.schema
include ./schema/inetorgperson.schema
include ./schema/openldap.schema
include ./schema/nis.schema
pidfile ./testrun/slapd.1.pid
argsfile ./testrun/slapd.1.args
# password-hash {md5}
#mod#modulepath ../servers/slapd/back-@BACKEND@/
#mod#moduleload back_@BACKEND@.la
#######################################################################
# ldbm database definitions
#######################################################################
authz-policy both
authz-regexp "^uid=admin/([^,]+),.*" "ldap:///ou=Admin,dc=example,dc=com??sub?cn=$1"
authz-regexp "^uid=it/([^,]+),.*" "ldap:///ou=People,dc=example,dc=it??sub?uid=$1"
authz-regexp "^uid=(us/)*([^,]+),.*" "ldap:///ou=People,dc=example,dc=com??sub?uid=$2"
#
# normal installations should protect root dse,
# cn=monitor, cn=schema, and cn=config
#
access to attr=userpassword
by self =wx
by anonymous =x
access to *
by users read
by * search
database @BACKEND@
#ldbm#cachesize 0
suffix "dc=example,dc=com"
directory ./testrun/db.1.a
rootdn "cn=Manager,dc=example,dc=com"
rootpw secret
index objectClass eq
index cn,sn,uid pres,eq,sub
access to dn.exact="cn=Proxy,ou=Admin,dc=example,dc=com"
attr=authzTo
by dn.exact="cn=Proxy,ou=Admin,dc=example,dc=com" =wx
by * =x
database @BACKEND@
#ldbm#cachesize 0
suffix "dc=example,dc=it"
directory ./testrun/db.2.a
rootdn "cn=Manager,dc=example,dc=it"
rootpw secret
index objectClass eq
index cn,sn,uid pres,eq,sub
database ldap
suffix "o=Example,c=US"
suffixmassage "o=Example,c=US" "dc=example,dc=com"
uri "ldap://:9011/"
#sasl#idassert-method "sasl" "authcDN=cn=Proxy US,ou=Admin,dc=example,dc=com" "authcID=admin/proxy US" "cred=proxy" "mech=DIGEST-MD5"
#nosasl#idassert-method "simple"
#nosasl#idassert-authcDN "cn=Proxy US,ou=Admin,dc=example,dc=com"
#nosasl#idassert-passwd proxy
idassert-mode self
# authorizes database
idassert-authz "dn.subtree:dc=example,dc=it"
database ldap
suffix "o=Esempio,c=IT"
suffixmassage "o=Esempio,c=IT" "dc=example,dc=com"
uri "ldap://:9011/"
acl-authcDN "cn=Proxy IT,ou=Admin,dc=example,dc=com"
acl-passwd proxy
idassert-method "simple"
idassert-authcDN "cn=Proxy IT,ou=Admin,dc=example,dc=com"
idassert-passwd proxy
idassert-mode "dn:cn=Sandbox,ou=Admin,dc=example,dc=com"
# authorizes database
idassert-authz "dn.subtree:dc=example,dc=com"
# authorizes anonymous
idassert-authz "dn.exact:"
access to attrs=entry,cn,sn,mail
by users read
access to *
by dn.exact="cn=Proxy IT,ou=Admin,o=Esempio,c=IT" read
by group.exact="cn=Authorizable,ou=Groups,o=Esempio,c=IT" read
by dn.exact="cn=Sandbox,ou=Admin,dc=example,dc=com" search
by * none