# $OpenLDAP: pkg/ldap/servers/slapd/slapd.conf,v 1.8.8.7 2001/09/27 20:00:31 kurt Exp $ # # See slapd.conf(5) for details on configuration options. # This file should NOT be world readable. # # Modified by Christian Zoffoli # Version 0.2 # # Modified by Volkov Serge # Version 0.3 # Last modification at 26 Jun 2002 # # Default schemas include /etc/openldap/schema/core.schema include /etc/openldap/schema/cosine.schema include /etc/openldap/schema/inetorgperson.schema include /etc/openldap/schema/misc.schema include /etc/openldap/schema/nis.schema include /etc/openldap/schema/openldap.schema #include /etc/openldap/schema/krb5-kdc.schema #include /etc/openldap/schema/kerberosobject.schema #include /etc/openldap/schema/corba.schema #include /etc/openldap/schema/java.schema # Addon schemas #include /etc/openldap/schema/rfc822-MailMember.schema #include /etc/openldap/schema/pilot.schema #include /etc/openldap/schema/autofs.schema #include /etc/openldap/schema/samba.schema #include /etc/openldap/schema/qmail.schema #include /etc/openldap/schema/qmailControl.schema #include /etc/openldap/schema/cron.schema #include /etc/openldap/schema/dns.schema #include /etc/openldap/schema/trust.schema #include /etc/openldap/schema/turbo.schema # Netscape Roaming #include /etc/openldap/schema/mull.schema #include /etc/openldap/schema/netscape-profile.schema # Local schema, that you will be constract #include /etc/openldap/schema/local.schema # Load dynamic backend modules: #modulepath /usr/lib/openldap #moduleload back_bdb.la # moduleload back_ldap.la #moduleload back_ldbm.la # moduleload back_passwd.la # moduleload back_shell.la # Do not enable referrals until AFTER you have a working directory # service AND an understanding of referrals. #referral ldap://root.openldap.org pidfile /var/run/slapd.pid argsfile /var/run/slapd.args # To allow TLS-enabled connections, create /usr/share/ssl/certs/slapd.pem # and uncomment the following lines. TLSCipherSuite HIGH:MEDIUM:LOW:+SSLv2 TLSCertificateFile /etc/openldap/ldap.pem TLSCertificateKeyFile /etc/openldap/ldap.pem # TLSCACertificateFile /etc/openldap/ldap.pem # Define global ACLs to disable default read access. #include /etc/openldap/slapd.access.conf # # Sample Access Control # Allow read access of root DSE # Allow self write access # Allow authenticated users read access # Allow anonymous users to authenticate # #access to dn="" by * read #access to * # by self write # by users read # by anonymous auth # # if no access controls are present, the default is: # Allow read by all # # rootdn can always write! # The example in development not use if you don't known what are you doing!!! # Basic ACL # access to attr=userPassword # by self write # by anonymous auth # by dn="uid=root,ou=People,dc=example,dc=com" write # by * none # # access to * # by dn="uid=root,ou=People,dc=example,dc=com" write # by * read ####################################################################### # ldbm database definitions ####################################################################### database ldbm suffix "dc=intranet" rootdn "cn=ldapadmin,dc=intranet" # Cleartext passwords, especially for the rootdn, should # be avoid. See slappasswd(8) and slapd.conf(5) for details. # Use of strong authentication encouraged. rootpw secret #rootpw {crypt}ijFYNcSNctBYg # The database directory MUST exist prior to running slapd AND # should only be accessible by the slapd/tools. Mode 700 recommended. directory /var/lib/ldap/bases/intranet # LogLevel information # if you want enable debuggin mode # choose one of the next # and check /etc/syslog.conf for line # "LOCAL4.* /var/log/ldap/log" exist # --------------------------------------------------- # | -1 | enable all debugging # | 0 | no debugging # | 1 | trace function calls # | 2 | debug packet handling # | 4 | heavy trace debugging # | 8 | connection management # | 16 | print out packets sent and received # | 32 | search filter processing # | 64 | configuration file processing # | 128 | access control list processing # | 256 | stats log connections/operations/results # | 512 | stats log entries sent # | 1024| print communication with shell backends # | 2048| print entry parsing debugging # --------------------------------------------------- loglevel -1 # Indices to maintain #index objectClass eq index objectClass,uid,uidNumber,gidNumber eq index cn,mail,surname,givenname eq,subinitial # Sample security restrictions # # Disallow clear text exchange of passwords # disallow bind_simple_unprotected # # Require integrity protection (prevent hijacking) # Require 112-bit (3DES or better) encryption for updates # Require 63-bit encryption for simple bind # security ssf=1 update_ssf=112 simple_bind=64 # Sample access control policy: # Root DSE: allow anyone to read it # Subschema (sub)entry DSE: allow anyone to read it # Other DSEs: # Allow self write access # Allow authenticated users read access # Allow anonymous users to authenticate # Directives needed to implement policy: # access to dn.base="" by * read # access to dn.base="cn=Subschema" by * read # access to * # by self write # by users read # by anonymous auth # # if no access controls are present, the default policy is: # Allow read by all # # rootdn can always write!