## See slapd.conf(5) for details on configuration options.# This file should

1. #
2. # See slapd.conf(5) for details on configuration options.
3. # This file should NOT be world readable.
4. #
5. include /etc/openldap/schema/core.schema
6. include /etc/openldap/schema/cosine.schema
7. include /etc/openldap/schema/inetorgperson.schema
8. include /etc/openldap/schema/nis.schema
9. #include /etc/openldap/schema/misc.schema
10.  
11. # Define global ACLs to disable default read access.
12.  
13. # Do not enable referrals until AFTER you have a working directory
14. # service AND an understanding of referrals.
15. #referral ldap://root.openldap.org
16.  
17. pidfile /var/run/openldap/slapd.pid
18. argsfile /var/run/openldap/slapd.args
19.  
20. #serverID 0
21. loglevel 0
22. #logfile /var/log/ldap.log
23.  
24. # Load dynamic backend modules:
25. modulepath /usr/lib64/openldap/openldap
26. # moduleload back_sock.so
27. # moduleload back_shell.so
28. # moduleload back_relay.so
29. # moduleload back_passwd.so
30. # moduleload back_null.so
31. # moduleload back_monitor.so
32. # moduleload back_meta.so
33. # moduleload back_ldap.so
34. # moduleload back_dnssrv.so
35. #moduleload back_hdb.so
36.  
37. # Sample security restrictions
38. # Require integrity protection (prevent hijacking)
39. # Require 112-bit (3DES or better) encryption for updates
40. # Require 63-bit encryption for simple bind
41. # security ssf=1 update_ssf=112 simple_bind=64
42.  
43. # Sample access control policy:
44. # Root DSE: allow anyone to read it
45. # Subschema (sub)entry DSE: allow anyone to read it
46. # Other DSEs:
47. # Allow self write access
48. # Allow authenticated users read access
49. # Allow anonymous users to authenticate
50.  
51. # Directives needed to implement policy:
52. access to dn.base="" by * read
53. access to dn.base="cn=Subschema" by * read
54. access to *
55. by self write
56. by users read
57. by anonymous auth
58. #
59. # if no access controls are present, the default policy
60. # allows anyone and everyone to read anything but restricts
61. # updates to rootdn. (e.g., "access to * by * read")
62. #
63. # rootdn can always read and write EVERYTHING!
64.  
65. #######################################################################
66. # BDB database definitions
67. #######################################################################
68.  
69. database hdb
70. suffix "dc=office,dc=company,dc=de"
71. # <kbyte> <min>
72. checkpoint 32 30
73. rootdn "cn=Manager,dc=office,dc=company,dc=de"
74. # Cleartext passwords, especially for the rootdn, should
75. # be avoid. See slappasswd(8) and slapd.conf(5) for details.
76. # Use of strong authentication encouraged.
77. rootpw "{SSHA}11111111111111111111111111111111"
78. # The database directory MUST exist prior to running slapd AND
79. # should only be accessible by the slapd and slap tools.
80. # Mode 700 recommended.
81. directory /var/lib/openldap-data
82. # Indices to maintain
83. index objectClass eq