Selveste1

1. # This is the main slapd configuration file. See slapd.conf(5) for more
2. # info on the configuration options.
3.  
4. #######################################################################
5. # Global Directives:
6.  
7. # Features to permit
8. allow bind_v2
9.  
10. # Schema and objectClass definitions
11. include /etc/ldap/schema.conf
12.  
13. # Where the pid file is put. The init.d script
14. # will not stop the server if you change this.
15. pidfile /var/run/slapd/slapd.pid
16.  
17. # List of arguments that were passed to the server
18. argsfile /var/run/slapd/slapd.args
19.  
20. # Read slapd.conf(5) for possible values
21. loglevel 256
22.  
23. # Where the dynamically loaded modules are stored
24. modulepath /usr/lib/ldap
25. moduleload back_hdb
26. moduleload back_bdb
27.  
28.  
29. # The maximum number of entries that is returned for a search operation
30. sizelimit 5000
31.  
32. # The tool-threads parameter sets the actual amount of cpu's that is used
33. # for indexing.
34. tool-threads 1
35.  
36. #######################################################################
37. # Specific Backend Directives for hdb:
38. # Backend specific directives apply to this backend until another
39. # 'backend' directive occurs
40. backend hdb
41.  
42. #######################################################################
43. # Specific Directives for database #1, of type hdb:
44. # Database specific directives apply to this databasse until another
45. # 'database' directive occurs
46. database hdb
47.  
48. # The base of your directory in database #1
49. suffix "dc=semarkit,dc=dk"
50.  
51. # rootdn directive for specifying a superuser on the database. This is needed
52. # for syncrepl.
53. rootdn "cn=admin,dc=semarkit,dc=dk"
54. rootpw {MD5}MY-PASS
55.  
56. # Where the database file are physically stored for database #1
57. directory "/var/lib/ldap/semarkit"
58.  
59.  
60. # TLS
61. #TLSCertificateFile /etc/ldap/ssl/ldap-server.pem
62. #TLSCACertificateFile /etc/ldap/ssl/ldap-server.pem
63. #TLSCertificateKeyFile /etc/ldap/ssl/ldap-server.pem
64.  
65.  
66. # The dbconfig settings are used to generate a DB_CONFIG file the first
67. # time slapd starts. They do NOT override existing an existing DB_CONFIG
68. # file. You should therefore change these settings in DB_CONFIG directly
69. # or remove DB_CONFIG and restart slapd for changes to take effect.
70.  
71. # For the Debian package we use 2MB as default but be sure to update this
72. # value if you have plenty of RAM
73. dbconfig set_cachesize 0 20097152 0
74.  
75. # Sven Hartge reported that he had to set this value incredibly high
76. # to get slapd running at all. See http://bugs.debian.org/303057 for more
77. # information.
78.  
79. # Number of objects that can be locked at the same time.
80. dbconfig set_lk_max_objects 1500
81. # Number of locks (both requested and granted)
82. dbconfig set_lk_max_locks 1500
83. # Number of lockers
84. dbconfig set_lk_max_lockers 1500
85.  
86. # Indexing options for database #1
87. index objectClass,uidNumber,gidNumber eq
88. index cn,sn,uid,displayName pres,sub,eq
89. index memberUid,mail,givenname eq,subinitial
90. index sambaSID,sambaPrimaryGroupSID,sambaDomainName eq
91. index default eq,sub
92.  
93. # Save the time that the entry gets modified, for database #1
94. lastmod on
95.  
96. # Checkpoint the BerkeleyDB database periodically in case of system
97. # failure and to speed slapd shutdown.
98. checkpoint 512 30
99.  
100. # Where to store the replica logs for database #1
101. # replogfile /var/lib/ldap/replog
102.  
103. # The userPassword by default can be changed
104. # by the entry owning it if they are authenticated.
105. # Others should not be able to see it, except the
106. # admin entry below
107. # These access lines apply to database #1 only
108.  
109. access to attrs=userPassword,shadowLastChange
110. by dn="cn=admin,dc=semarkit,dc=dk" write
111. by anonymous auth
112. by self write
113. by * none
114.  
115. # Ensure read access to the base for things like
116. # supportedSASLMechanisms. Without this you may
117. # have problems with SASL not knowing what
118. # mechanisms are available and the like.
119. # Note that this is covered by the 'access to *'
120. # ACL below too but if you change that as people
121. # are wont to do you'll still need this if you
122. # want SASL (and possible other things) to work
123. # happily.
124. access to dn.base="" by * read
125.  
126. # The admin dn has full write access, everyone else
127. # can read everything.
128. access to *
129. by dn="cn=admin,dc=semarkit,dc=dk" write
130. by * read
131.  
132.  
133. # Tilf�jet fjern evt.!
134. access to attrs=userPassword,sambaNTPassword,sambaLMPassword,sambaPwdLastSet,sambaPwdMustChange
135. by dn="cn=admin,dc=semarkit,dc=dk" write
136. by anonymous auth
137. by self write
138. by * none
139.  
140. access to attrs=loginShell
141. by dn="cn=admin,dc=semarkit,dc=dk" write
142. by * none
143.  
144. access to attrs=description,telephoneNumber,roomNumber,homePhone,gecos,cn,sn,givenname
145. by dn="cn=admin,dc=semarkit,dc=dk" write
146. by self write
147. by * read
148.  
149.  
150. # For Netscape Roaming support, each user gets a roaming
151. # profile for which they have write access to
152. #access to dn=".*,ou=Roaming,o=morsnet"
153. # by dn="cn=admin,dc=semark,dc=dk" write
154. # by dnattr=owner write
155.  
156. #######################################################################
157. # Specific Directives for database #2, of type 'other' (can be hdb too):
158. # Database specific directives apply to this databasse until another
159. # 'database' directive occurs
160. #database bdb
161.  
162. # The base of your directory for database #2
163. #suffix "dc=Email,dc=semarkit,dc=dk"
164.