# This an example of a config file:# See slapd.conf(5)# Global Directive

1. # This an example of a config file:
2.  
3. # See slapd.conf(5)
4.  
5. # Global Directives:
6.  
7. # Schema and objectClass definitions
8. include /etc/ldap/schema/core.schema
9. include /etc/ldap/schema/cosine.schema
10. include /etc/ldap/schema/nis.schema
11. include /etc/ldap/schema/inetorgperson.schema
12. include /etc/ldap/schema/misc.schema
13.  
14.  
15.  
16. # Where the pid file is put. The init.d script
17. # will not stop the server if you change this.
18. pidfile /var/run/slapd/slapd.pid
19.  
20. # List of arguments that were passed to the server
21. argsfile /var/run/slapd/slapd.args
22.  
23. # Read slapd.conf(5) for possible values
24. # Change loglevel to "any" if you want to see everything.
25. loglevel none
26.  
27. # Where the dynamically loaded modules are stored
28. modulepath /usr/lib/ldap
29.  
30. # Here are the recommended modules:
31.  
32. # module for meta-database
33. moduleload back_meta.la
34.  
35. # module for the target ldap-server
36. moduleload back_ldap.la
37.  
38. # module for your local database
39. moduleload back_hdb.la
40.  
41. # module for rewriting attributes
42. moduleload rwm
43.  
44. # caching module
45. moduleload pcache.la
46.  
47. # module to enable memberof in ldap
48. moduleload memberof.la
49.  
50. # The maximum number of entries that is returned for a search operation
51. sizelimit unlimited
52. timelimit 5
53.  
54. # The tool-threads parameter sets the actual amount of cpu's that is used
55. # for indexing.
56. tool-threads 1
57.  
58.  
59.  
60.  
61.  
62.  
63.  
64. # See slapd-meta
65.  
66. # database type, for multiple ADS "meta" is required
67. database meta
68.  
69. network-timeout 3
70. timeout 3
71.  
72. # now we create a local ldap tree
73. # in our tree we put the multiple ADS on different branches
74. # we need a suffix, an admin, and a password
75. suffix "dc=domain"
76. rootdn "cn=Administrator,cn=Users,dc=domain"
77. rootpw {SSHA}xxx
78.  
79. overlay rwm
80. rwm-map attribute samaccountname *
81. rwm-map attribute cn *
82. rwm-map attribute uid *
83. rwm-map attribute l l
84. rwm-map attribute telephoneNumber *
85. rwm-map attribute name *
86. rwm-map attribute mail *
87. rwm-map attribute mailNickname *
88. rwm-map attribute objectCategory *
89.  
90. rwm-map attribute sn *
91. rwm-map attribute givenName *
92.  
93. rwm-map attribute entryuuid *
94. rwm-map attribute nsuniqueid *
95. rwm-map attribute objectguid *
96. rwm-map attribute objectsid *
97. rwm-map attribute guid *
98. rwm-map attribute ipauniqueid *
99. rwm-map attribute jpegphoto *
100. rwm-map attribute thumbnailphoto *
101. rwm-map attribute dn *
102. rwm-map attribute memberof *
103. rwm-map attribute member *
104. #rwm-map attribute 1.1 *
105.  
106. # DIese Zeile ignoriert alle nicht oben genannten Attribute!
107. rwm-map attribute *
108.  
109.  
110.  
111.  
112. onerr stop
113.  
114.  
115. uri "xxx"
116. readonly yes
117. norefs yes
118. lastmod off
119. chase-referrals no
120. rebind-as-user yes
121. suffixmassage "xxx" "yyy"
122. idassert-bind
123. bindmethod=simple
124. binddn=""
125. credentials=""
126. tls_reqcert=allow
127.  
128.  
129.  
130.  
131. uri "xxx"
132. readonly yes
133. norefs yes
134. lastmod off
135. chase-referrals no
136. rebind-as-user no
137. suffixmassage "xxx" "yyy"
138. # authentication parameters
139. idassert-bind bindmethod=simple binddn="" credentials="password"
140.  
141. uri "xxx"
142. readonly yes
143. norefs yes
144. lastmod off
145. chase-referrals no
146. rebind-as-user no
147. suffixmassage "xxx" "yyy"
148. # authentication parameters
149. idassert-bind bindmethod=simple binddn="" credentials="password"
150.  
151.  
152. # Next one is optional, if you want memberof, for the groups,
153. # you have to load it.
154. #overlay memberof
155.  
156.  
157. # Now we load the caching module
158. #overlay pcache
159.  
160. # The directive enables proxy caching
161. # See slapo-pcache
162.  
163. # pcache <database> <max_entries> <numattrsets> <entry_limit> <cc_period>
164. # Parameters:
165. #
166. # <database> for cached entries.
167. # <max_entries> when reached - cache replacement is invoked
168. # <numattrsets> = pcacheAttrset
169. # <entry_limit> limit to the number of entries returned
170. # <cc_period> Consistency check time to wait
171. #pcache hdb 100000 1 1000 100
172.  
173. # pcachePersist { TRUE | FALSE }
174. # Write cached results into the database
175. # Results remain in database after restart
176. #pcachePersist TRUE
177.  
178. # Where the database files are physically stored for database #1
179. #directory "/var/lib/ldap"
180.  
181. # Caching templates for general search
182.  
183. # pcacheTemplate <template_string> <attrset_index> <ttl>
184. # First define the query sting to cache
185. # Then reference the Attrset
186. # Last set the time-to-live
187. #pcacheAttrset 0 objectCategory sAMAccountName l cn
188. #pcacheTemplate (&(objectCategory=)(sAMAccountName=)) 0 3600
189. #pcacheTemplate (sn=) 0 3600
190. #pcacheTemplate (dn=) 0 3600
191. #pcacheTemplate (&(objectCategory=)(samaccountname=)) 0 3600
192.