Attachment 213091 Details for Bug 314821 – slapd.conf, ldap.conf and LDAP database

slapd.conf, ldap.conf and LDAP database

ldap_config (text/plain), 4.97 KB, created by W. Michael Petullo on 2007-10-01 23:36:57 UTC

(hide)

Description:

Filename:

MIME Type:

Creator: W. Michael Petullo

Created: 2007-10-01 23:36:57 UTC

Size: 4.97 KB

patch

obsolete

>/etc/openldap/slapd.conf:
>#
># See slapd.conf(5) for details on configuration options.
># This file should NOT be world readable.
>#
>include		/etc/openldap/schema/core.schema
>include		/etc/openldap/schema/cosine.schema
>include		/etc/openldap/schema/inetorgperson.schema
>include		/etc/openldap/schema/nis.schema
>include		/etc/openldap/schema/misc.schema
>include		/etc/openldap/schema/redhat/autofs.schema
>
># Allow LDAPv2 client connections.  This is NOT the default.
>allow bind_v2
>
># Do not enable referrals until AFTER you have a working directory
># service AND an understanding of referrals.
>#referral	ldap://root.openldap.org
>
>pidfile		/var/run/openldap/slapd.pid
>argsfile	/var/run/openldap/slapd.args
>
># Load dynamic backend modules:
># modulepath	/usr/lib/openldap
># moduleload accesslog.la
># moduleload auditlog.la
># moduleload back_sql.la
># moduleload denyop.la
># moduleload dyngroup.la
># moduleload dynlist.la
># moduleload lastmod.la
># moduleload pcache.la
># moduleload ppolicy.la
># moduleload refint.la
># moduleload retcode.la
># moduleload rwm.la
># moduleload syncprov.la
># moduleload translucent.la
># moduleload unique.la
># moduleload valsort.la
>
># The next three lines allow use of TLS for encrypting connections using a
># dummy test certificate which you can generate by changing to
># /etc/pki/tls/certs, running "make slapd.pem", and fixing permissions on
># slapd.pem so that the ldap user or group can read it.  Your client software
># may balk at self-signed certificates, however.
>TLSCACertificateFile /etc/pki/tls/certs/ca-bundle.crt
>TLSCertificateFile /etc/pki/tls/certs/slapd.pem
>TLSCertificateKeyFile /etc/pki/tls/certs/slapd.pem
>
># Sample security restrictions
>#	Require integrity protection (prevent hijacking)
>#	Require 112-bit (3DES or better) encryption for updates
>#	Require 63-bit encryption for simple bind
># security ssf=1 update_ssf=112 simple_bind=64
>
># Sample access control policy:
>#	Root DSE: allow anyone to read it
>#	Subschema (sub)entry DSE: allow anyone to read it
>#	Other DSEs:
>#		Allow self write access
>#		Allow authenticated users read access
>#		Allow anonymous users to authenticate
>#	Directives needed to implement policy:
># access to dn.base="" by * read
># access to dn.base="cn=Subschema" by * read
># access to *
>#	by self write
>#	by users read
>#	by anonymous auth
>#
># if no access controls are present, the default policy
># allows anyone and everyone to read anything but restricts
># updates to rootdn.  (e.g., "access to * by * read")
>#
># rootdn can always read and write EVERYTHING!
>
>#######################################################################
># ldbm and/or bdb database definitions
>#######################################################################
>
>database	bdb
>suffix		"dc=flyn,dc=org"
>rootdn		"cn=Manager,dc=flyn,dc=org"
># Cleartext passwords, especially for the rootdn, should
># be avoided.  See slappasswd(8) and slapd.conf(5) for details.
># Use of strong authentication encouraged.
># rootpw		secret
>rootpw		{SSHA}Xmx0nOEKRbYE6BYlSk3t4OVVxlUcTQvl
>
># The database directory MUST exist prior to running slapd AND 
># should only be accessible by the slapd and slap tools.
># Mode 700 recommended.
>directory	/var/lib/ldap
>
># Indices to maintain for this database
>index objectClass                       eq,pres
>index ou,cn,mail,surname,givenname      eq,pres,sub
>index uidNumber,gidNumber,loginShell    eq,pres
>index uid,memberUid                     eq,pres,sub
>index nisMapName,nisMapEntry            eq,pres,sub
>
># Replicas of this database
>#replogfile /var/lib/ldap/openldap-master-replog
>#replica host=ldap-1.example.com:389 starttls=critical
>#     bindmethod=sasl saslmech=GSSAPI
>#     authcId=host/ldap-master.example.com@EXAMPLE.COM
>
>/etc/openldap/ldap.conf:
>#
># LDAP Defaults
>#
>
># See ldap.conf(5) for details
># This file should be world readable but not world writable.
>
>#BASE	dc=example, dc=com
>#URI	ldap://ldap.example.com ldap://ldap-master.example.com:666
>
>#SIZELIMIT	12
>#TIMELIMIT	15
>#DEREF		never
>
>BASE dc=flyn,dc=org
>URI ldaps://localhost
>TLS_REQCERT allow
>TLS hard
>TLS_CACERTDIR /etc/openldap/cacerts
>
>LDAP database:
>dn: dc=flyn,dc=org
>objectClass: organization
>objectClass: dcObject
>o: Flyn Computing
>dc: flyn
>
>dn: ou=people,dc=flyn,dc=org
>objectClass: organizationalUnit
>ou: people
>
>dn: ou=group,dc=flyn,dc=org
>objectClass: organizationalUnit
>ou: group
>
>dn: uid=mike,ou=People,dc=flyn,dc=org
>uid: mike
>cn: W. Michael Petullo
>objectClass: account
>objectClass: posixAccount
>objectClass: top
>userPassword: XXXX
>loginShell: /bin/bash
>uidNumber: 500
>gidNumber: 500
>homeDirectory: /home/mike
>gecos: W. Michael Petullo
>
>dn: cn=mike,ou=Group,dc=flyn,dc=org
>objectClass: posixGroup
>objectClass: top
>cn: mike
>userPassword: XXXX
>gidNumber: 500
>
>dn: uid=mary,ou=People,dc=flyn,dc=org
>uid: mary
>cn: Mary A. Petullo
>objectClass: account
>objectClass: posixAccount
>objectClass: top
>userPassword: XXXX
>loginShell: /bin/bash
>uidNumber: 501
>gidNumber: 501
>homeDirectory: /home/mary
>gecos: Mary A. Petullo
>
>dn: cn=mary,ou=Group,dc=flyn,dc=org
>objectClass: posixGroup
>objectClass: top
>cn: mary
>userPassword: XXXX
>gidNumber: 501

Actions: View

Attachments on bug 314821: 213091