Advertisement
Not a member of Pastebin yet?
Sign Up,
it unlocks many cool features!
- # This is the main slapd configuration file. See slapd.conf(5) for more
- # info on the configuration options.
- #######################################################################
- # Global Directives:
- # Features to permit
- allow bind_v2
- # Schema and objectClass definitions
- include /etc/ldap/schema.conf
- # Where the pid file is put. The init.d script
- # will not stop the server if you change this.
- pidfile /var/run/slapd/slapd.pid
- # List of arguments that were passed to the server
- argsfile /var/run/slapd/slapd.args
- # Read slapd.conf(5) for possible values
- loglevel 256
- # Where the dynamically loaded modules are stored
- modulepath /usr/lib/ldap
- moduleload back_hdb
- moduleload back_bdb
- # The maximum number of entries that is returned for a search operation
- sizelimit 5000
- # The tool-threads parameter sets the actual amount of cpu's that is used
- # for indexing.
- tool-threads 1
- #######################################################################
- # Specific Backend Directives for hdb:
- # Backend specific directives apply to this backend until another
- # 'backend' directive occurs
- backend hdb
- #######################################################################
- # Specific Directives for database #1, of type hdb:
- # Database specific directives apply to this databasse until another
- # 'database' directive occurs
- database hdb
- # The base of your directory in database #1
- suffix "dc=semarkit,dc=dk"
- # rootdn directive for specifying a superuser on the database. This is needed
- # for syncrepl.
- rootdn "cn=admin,dc=semarkit,dc=dk"
- rootpw {MD5}MY-PASS
- # Where the database file are physically stored for database #1
- directory "/var/lib/ldap/semarkit"
- # TLS
- #TLSCertificateFile /etc/ldap/ssl/ldap-server.pem
- #TLSCACertificateFile /etc/ldap/ssl/ldap-server.pem
- #TLSCertificateKeyFile /etc/ldap/ssl/ldap-server.pem
- # The dbconfig settings are used to generate a DB_CONFIG file the first
- # time slapd starts. They do NOT override existing an existing DB_CONFIG
- # file. You should therefore change these settings in DB_CONFIG directly
- # or remove DB_CONFIG and restart slapd for changes to take effect.
- # For the Debian package we use 2MB as default but be sure to update this
- # value if you have plenty of RAM
- dbconfig set_cachesize 0 20097152 0
- # Sven Hartge reported that he had to set this value incredibly high
- # to get slapd running at all. See http://bugs.debian.org/303057 for more
- # information.
- # Number of objects that can be locked at the same time.
- dbconfig set_lk_max_objects 1500
- # Number of locks (both requested and granted)
- dbconfig set_lk_max_locks 1500
- # Number of lockers
- dbconfig set_lk_max_lockers 1500
- # Indexing options for database #1
- index objectClass,uidNumber,gidNumber eq
- index cn,sn,uid,displayName pres,sub,eq
- index memberUid,mail,givenname eq,subinitial
- index sambaSID,sambaPrimaryGroupSID,sambaDomainName eq
- index default eq,sub
- # Save the time that the entry gets modified, for database #1
- lastmod on
- # Checkpoint the BerkeleyDB database periodically in case of system
- # failure and to speed slapd shutdown.
- checkpoint 512 30
- # Where to store the replica logs for database #1
- # replogfile /var/lib/ldap/replog
- # The userPassword by default can be changed
- # by the entry owning it if they are authenticated.
- # Others should not be able to see it, except the
- # admin entry below
- # These access lines apply to database #1 only
- access to attrs=userPassword,shadowLastChange
- by dn="cn=admin,dc=semarkit,dc=dk" write
- by anonymous auth
- by self write
- by * none
- # Ensure read access to the base for things like
- # supportedSASLMechanisms. Without this you may
- # have problems with SASL not knowing what
- # mechanisms are available and the like.
- # Note that this is covered by the 'access to *'
- # ACL below too but if you change that as people
- # are wont to do you'll still need this if you
- # want SASL (and possible other things) to work
- # happily.
- access to dn.base="" by * read
- # The admin dn has full write access, everyone else
- # can read everything.
- access to *
- by dn="cn=admin,dc=semarkit,dc=dk" write
- by * read
- # Tilf�jet fjern evt.!
- access to attrs=userPassword,sambaNTPassword,sambaLMPassword,sambaPwdLastSet,sambaPwdMustChange
- by dn="cn=admin,dc=semarkit,dc=dk" write
- by anonymous auth
- by self write
- by * none
- access to attrs=loginShell
- by dn="cn=admin,dc=semarkit,dc=dk" write
- by * none
- access to attrs=description,telephoneNumber,roomNumber,homePhone,gecos,cn,sn,givenname
- by dn="cn=admin,dc=semarkit,dc=dk" write
- by self write
- by * read
- # For Netscape Roaming support, each user gets a roaming
- # profile for which they have write access to
- #access to dn=".*,ou=Roaming,o=morsnet"
- # by dn="cn=admin,dc=semark,dc=dk" write
- # by dnattr=owner write
- #######################################################################
- # Specific Directives for database #2, of type 'other' (can be hdb too):
- # Database specific directives apply to this databasse until another
- # 'database' directive occurs
- #database bdb
- # The base of your directory for database #2
- #suffix "dc=Email,dc=semarkit,dc=dk"
Advertisement
Add Comment
Please, Sign In to add comment
Advertisement