API tools faq
paste
Advertisement
dkluenter

slapd-conf

dkluenter
Nov 26th, 2014
249
0
Never
Add comment
Not a member of Pastebin yet? Sign Up, it unlocks many cool features!
Bash 2.72 KB | None | 0 0
raw download clone embed print report
  1. include         /etc/openldap/schema/core.schema
  2. include         /etc/openldap/schema/cosine.schema
  3. include         /etc/openldap/schema/inetorgperson.schema
  4. include         /etc/openldap/schema/rfc2307bis.schema
  5.  
  6. pidfile         /var/run/slapd/slapd.pid
  7. argsfile        /var/run/slapd/slapd.args
  8.  
  9. loglevel 256
  10.  
  11. password-hash {CLEARTEXT}
  12. access to dn.base="" by * read
  13. access to dn.base="cn=subschema" by * read
  14.  
  15. authz-regexp uid=(.*),cn=.*,cn=auth
  16.         ldap:///dc=example,dc=com??sub?uid=$1
  17.  
  18. authz-regexp
  19.         gidNumber=0\\+uidNumber=0,peercred,cn=external,cn=auth
  20.         cn=config
  21.  
  22. TLSCACertificateFile    /etc/openldap/certs/myCA.crt
  23. TLSCertifcateFile       /etc/openldap/certs/myserver.crt
  24. TLSCertificateKeyFile   /etc/openldap/certs/myserver.key
  25. TLSCipherSuite HIGH:TLSv1.2:SSLv3
  26.  
  27. serverID 1
  28. security ssf=0
  29.  
  30. database        config
  31. rootdn          cn=config
  32. rootpw          {SSHA}xxxxxxxx
  33.  
  34. database        mdb
  35. suffix          "dc=example,dc=com"
  36. rootdn          "cn=Manager,dc=example,dc=com"
  37. rootpw          {SSHA}xxxxxxxx
  38. directory       /var/lib/ldap
  39.  
  40. checkpoint      1024 5
  41. envflags {nometasync,writemap,mapasync}
  42. maxsize 5368709120
  43. index   objectClass             pres,eq
  44. index   entryCSN,entryUUID      eq
  45. index   mail,uid eq,sub
  46.  
  47. limits dn.base="uid=Replicator,dc=example,dc=com"
  48.         size=unlimited
  49.         time=unlimited
  50. access to attrs=userPassword
  51.         by self write
  52.         by dn.base="uid=Replicator,dc=example,dc=com" read
  53.         by * auth
  54. access to dn.subtree="dc=example,dc=com"
  55.         by self write
  56.         by dn.base="uid=Replicator,dc=example,dc=com" write
  57.         by * read
  58. syncrepl rid=010
  59.          provider=ldap://192.168.220.171
  60.          sizelimit=unlimited
  61.          timelimit=unlimited
  62.          bindmethod=sasl
  63.          saslmech=DIGEST-MD5
  64.          authcid=Replicator
  65.          credentials=xxxxxx
  66.          starttls=yes
  67.          tls_cacert=/etc/openldap/certs/myCA.crt
  68.          searchbase="dc=example,dc=com"
  69.          scope=sub
  70.          type=refreshAndPersist
  71.          retry="5 5 300 5"
  72.          logbase="cn=log"
  73.          logfilter=(&(objectClass=auditWriteObject)(reqResult=0))
  74.          syncdata=accesslog
  75. updateref ldap://192.168.220.171
  76. overlay accesslog
  77. logdb   cn=log
  78. logops writes
  79. logpurge 3+00:00 1+00:00
  80. logsuccess TRUE
  81. overlay syncprov
  82. syncprov-checkpoint 5 5
  83.  
  84. database mdb
  85. suffix cn=log
  86. directory /var/lib/ldap/log
  87. rootdn  cn=log
  88. limits dn.base="uid=Replicator,dc=example,dc=com"
  89.         size=unlimited
  90.         time=unlimited
  91. index reqStart,reqEnd,reqResult,reqMod eq
  92. index objectClass,entryCSN,entryUUID eq
  93. access to * by dn.base="uid=Replicator,dc=example,dc=com" read
  94.  
  95. database monitor
  96. access to dn.subtree="cn=monitor" by users read
Advertisement
Add Comment
Please, Sign In to add comment
Advertisement
Public Pastes
Advertisement
We use cookies for various purposes including analytics. By continuing to use Pastebin, you agree to our use of cookies as described in the Cookies Policy.  OK, I Understand
Not a member of Pastebin yet?
Sign Up, it unlocks many cool features!