You can not select more than 25 topics
Topics must start with a letter or number, can include dashes ('-') and can be up to 35 characters long.
158 lines
4.1 KiB
158 lines
4.1 KiB
# |
|
# See slapd-config(5) for details on configuration options. |
|
# This file should NOT be world readable. |
|
# |
|
|
|
dn: cn=config |
|
objectClass: olcGlobal |
|
cn: config |
|
# |
|
# TLS settings |
|
# |
|
# When no CA certificates are specified the Shared System Certificates |
|
# are in use. In order to have these available along with the ones specified |
|
# by oclTLSCACertificatePath one has to include them explicitly: |
|
#olcTLSCACertificateFile: /etc/pki/tls/cert.pem |
|
# |
|
# Private cert and key are not pregenerated. |
|
#olcTLSCertificateFile: |
|
#olcTLSCertificateKeyFile: |
|
# |
|
# System-wide Crypto Policies provide up to date cipher suite which should |
|
# be used unless one needs a finer grinded selection of ciphers. Hence, the |
|
# PROFILE=SYSTEM value represents the default behavior which is in place |
|
# when no explicit setting is used. (see openssl-ciphers(1) for more info) |
|
#olcTLSCipherSuite: PROFILE=SYSTEM |
|
|
|
|
|
# |
|
# Do not enable referrals until AFTER you have a working directory |
|
# service AND an understanding of referrals. |
|
# |
|
#olcReferral: ldap://root.openldap.org |
|
# |
|
# Sample security restrictions |
|
# Require integrity protection (prevent hijacking) |
|
# Require 112-bit (3DES or better) encryption for updates |
|
# Require 64-bit encryption for simple bind |
|
# |
|
#olcSecurity: ssf=1 update_ssf=112 simple_bind=64 |
|
|
|
|
|
# |
|
# Load dynamic backend modules: |
|
# - modulepath is architecture dependent value (32/64-bit system) |
|
# - back_sql.la backend requires openldap-servers-sql package |
|
# - dyngroup.la and dynlist.la cannot be used at the same time |
|
# |
|
|
|
#dn: cn=module,cn=config |
|
#objectClass: olcModuleList |
|
#cn: module |
|
#olcModulepath: /usr/lib/openldap |
|
#olcModulepath: /usr/lib64/openldap |
|
#olcModuleload: accesslog.la |
|
#olcModuleload: auditlog.la |
|
#olcModuleload: back_dnssrv.la |
|
#olcModuleload: back_ldap.la |
|
#olcModuleload: back_mdb.la |
|
#olcModuleload: back_meta.la |
|
#olcModuleload: back_null.la |
|
#olcModuleload: back_passwd.la |
|
#olcModuleload: back_relay.la |
|
#olcModuleload: back_shell.la |
|
#olcModuleload: back_sock.la |
|
#olcModuleload: collect.la |
|
#olcModuleload: constraint.la |
|
#olcModuleload: dds.la |
|
#olcModuleload: deref.la |
|
#olcModuleload: dyngroup.la |
|
#olcModuleload: dynlist.la |
|
#olcModuleload: memberof.la |
|
#olcModuleload: pcache.la |
|
#olcModuleload: ppolicy.la |
|
#olcModuleload: refint.la |
|
#olcModuleload: retcode.la |
|
#olcModuleload: rwm.la |
|
#olcModuleload: seqmod.la |
|
#olcModuleload: smbk5pwd.la |
|
#olcModuleload: sssvlv.la |
|
#olcModuleload: syncprov.la |
|
#olcModuleload: translucent.la |
|
#olcModuleload: unique.la |
|
#olcModuleload: valsort.la |
|
|
|
|
|
# |
|
# Schema settings |
|
# |
|
|
|
dn: cn=schema,cn=config |
|
objectClass: olcSchemaConfig |
|
cn: schema |
|
|
|
include: file:///etc/openldap/schema/core.ldif |
|
|
|
# |
|
# Frontend settings |
|
# |
|
|
|
dn: olcDatabase=frontend,cn=config |
|
objectClass: olcDatabaseConfig |
|
olcDatabase: frontend |
|
# |
|
# Sample global access control policy: |
|
# Root DSE: allow anyone to read it |
|
# Subschema (sub)entry DSE: allow anyone to read it |
|
# Other DSEs: |
|
# Allow self write access |
|
# Allow authenticated users read access |
|
# Allow anonymous users to authenticate |
|
# |
|
#olcAccess: to dn.base="" by * read |
|
#olcAccess: to dn.base="cn=Subschema" by * read |
|
#olcAccess: to * |
|
# by self write |
|
# by users read |
|
# by anonymous auth |
|
# |
|
# if no access controls are present, the default policy |
|
# allows anyone and everyone to read anything but restricts |
|
# updates to rootdn. (e.g., "access to * by * read") |
|
# |
|
# rootdn can always read and write EVERYTHING! |
|
# |
|
|
|
# |
|
# Configuration database |
|
# |
|
|
|
dn: olcDatabase=config,cn=config |
|
objectClass: olcDatabaseConfig |
|
olcDatabase: config |
|
olcAccess: to * by dn.base="gidNumber=0+uidNumber=0,cn=peercred,cn=external,c |
|
n=auth" manage by * none |
|
|
|
# |
|
# Server status monitoring |
|
# |
|
|
|
dn: olcDatabase=monitor,cn=config |
|
objectClass: olcDatabaseConfig |
|
olcDatabase: monitor |
|
olcAccess: to * by dn.base="gidNumber=0+uidNumber=0,cn=peercred,cn=external,c |
|
n=auth" read by dn.base="cn=Manager,dc=my-domain,dc=com" read by * none |
|
|
|
# |
|
# Backend database definitions |
|
# |
|
|
|
dn: olcDatabase=mdb,cn=config |
|
objectClass: olcDatabaseConfig |
|
objectClass: olcMdbConfig |
|
olcDatabase: mdb |
|
olcSuffix: dc=my-domain,dc=com |
|
olcRootDN: cn=Manager,dc=my-domain,dc=com |
|
olcDbDirectory: /var/lib/ldap |
|
olcDbIndex: objectClass eq,pres |
|
olcDbIndex: ou,cn,mail,surname,givenname eq,pres,sub
|
|
|