## See slapd.conf(5) for details on configuration options.# This file should

1. #
2. # See slapd.conf(5) for details on configuration options.
3. # This file should NOT be world readable.
4. #
5. include /usr/local/etc/openldap/schema/core.schema
6. include /usr/local/etc/openldap/schema/cosine.schema
7. include /usr/local/etc/openldap/schema/inetorgperson.schema
8. include /usr/local/etc/openldap/schema/misc.schema
9. include /usr/local/etc/openldap/schema/nis.schema
10. include /usr/local/etc/openldap/schema/openldap.schema
11. include /usr/local/etc/openldap/schema/samba.schema
12.  
13. # Define global ACLs to disable default read access.
14.  
15. # Do not enable referrals until AFTER you have a working directory
16. # service AND an understanding of referrals.
17. #referral ldap://root.openldap.org
18.  
19. loglevel 256
20.  
21. pidfile /var/run/openldap/slapd.pid
22. argsfile /var/run/openldap/slapd.args
23.  
24. # Load dynamic backend modules:
25. modulepath /usr/local/libexec/openldap
26. moduleload back_bdb
27. # moduleload back_hdb
28. # moduleload back_ldap
29.  
30. # Sample security restrictions
31. # Require integrity protection (prevent hijacking)
32. # Require 112-bit (3DES or better) encryption for updates
33. # Require 63-bit encryption for simple bind
34. # security ssf=1 update_ssf=112 simple_bind=64
35.  
36. # Sample access control policy:
37. # Root DSE: allow anyone to read it
38. # Subschema (sub)entry DSE: allow anyone to read it
39. # Other DSEs:
40. # Allow self write access
41. # Allow authenticated users read access
42. # Allow anonymous users to authenticate
43. # Directives needed to implement policy:
44. # access to dn.base="" by * read
45. # access to dn.base="cn=Subschema" by * read
46. # access to *
47. # by self write
48. # by users read
49. # by anonymous auth
50. #
51. # if no access controls are present, the default policy
52. # allows anyone and everyone to read anything but restricts
53. # updates to rootdn. (e.g., "access to * by * read")
54. #
55. # rootdn can always read and write EVERYTHING!
56.  
57. #######################################################################
58. # BDB database definitions
59. #######################################################################
60.  
61. database bdb
62. suffix "dc=example,dc=com"
63. rootdn "cn=Manager,dc=example,dc=com"
64. # Cleartext passwords, especially for the rootdn, should
65. # be avoid. See slappasswd(8) and slapd.conf(5) for details.
66. # Use of strong authentication encouraged.
67. rootpw {SSHA}removed
68. # The database directory MUST exist prior to running slapd AND
69. # should only be accessible by the slapd and slap tools.
70. # Mode 700 recommended.
71. directory /usr/local/var/db/openldap-data
72. # Indices to maintain
73. index objectClass eq
74. index cn pres,sub,eq
75. index sn pres,sub,eq
76. index uid pres,sub,eq
77. index displayName pres,sub,eq
78. index uidNumber eq
79. index gidNumber eq
80. index memberUID eq
81. index sambaSID eq
82. index sambaPrimaryGroupSID eq
83. index sambaDomainName eq
84. index default sub