Commit df2d5dc3 authored by bmortier's avatar bmortier

Merge branch '1.0.9'

Signed-off-by: bmortier's avatarBenoit Mortier <benoit.mortier@opensides.be>

Releasing FusionDirectory 1.0.9

Conflicts:
	html/logout.php
	include/class_tabs.inc
	plugins/personal/generic/generic.tpl
	plugins/personal/password/class_password.inc
	setup/class_setupStep_Config3.inc
parents b7981808 1b7f1f44
......@@ -2,7 +2,7 @@
host = https://www.transifex.com
type = PO
[FusionDirectory-108.core]
[FusionDirectory-109.core]
file_filter = locale/<lang>/fusiondirectory.po
source_file = locale/en/fusiondirectory.po
source_lang = en
......
......@@ -140,19 +140,19 @@ documentation and additional help.
* Guillaume Chéramy <guillaume@cheramy.name>
Patches for the template system
* Mathias Friman mathias.friman@knorca.se
Translation to swedish
* Alexandre Magnat <alexandre.magnat@mecaprotec.fr>
Snapshot bug reporter
* Guillaume RODRIGUEZ <rodriguez.guillaume@icloud.com>
asterisk plugin error reporter
* Guillard Olivier <fd@guillard.nom.fr>
SSH plugin key storage problem reporter
* Fabien Brachere <fabien.brachere@e-tera.com>
Fix support for special caracters in password
......
This diff is collapsed.
......@@ -129,7 +129,7 @@ if (scalar(@schemas) == 0) {
usage("Missing schema list for -e option\n");
}
# insert the default schemas
@schemas = ("samba","core-fd","core-fd-conf","ldapns","recovery-fd");
@schemas = ("samba","core-fd","core-fd-conf","ldapns","template-fd");
foreach my $schema (@schemas) {
if (system("$schema2ldif $path$schema.schema > $path$schema.ldif") == 0) {
push @gen_files, $path.$schema;
......@@ -412,6 +412,9 @@ but beware that you will not be able to see things like password prompts as the
fusion@catbert$ fusiondirectory-insert-schema -e myschema
Empty the schema myschema
fusion@catbert$ fusiondirectory-insert-schema -o "-H ldap://my.ldap.com -ZZ -D 'cn=admin,cn=config' -w password -x"
Connect to another ldap server to insert the schema
=head1 BUGS
Please report any bugs, or post any suggestions, to the fusiondirectory mailing list fusiondirectory-users or to
......
......@@ -624,7 +624,7 @@ sub add_ldap_admin {
foreach my $entry (@$people_entries) {
my $mesg = $ldap->search(
base => "$entry",
filter => "(&(objectClass=gosaAccount)(uid=$fd_admin_uid))",
filter => "(&(objectClass=inetOrgPerson)(uid=$fd_admin_uid))",
attrs => ['uid']
);
$mesg->code && die $mesg->error;
......@@ -655,7 +655,7 @@ sub add_ldap_admin {
'sn' => 'Administrator',
'uid' => $fd_admin_uid,
'givenname' => 'System',
'objectclass' => [ 'top', 'person', 'gosaAccount', 'organizationalPerson', 'inetOrgPerson' ],
'objectclass' => [ 'top', 'person', 'organizationalPerson', 'inetOrgPerson' ],
'userPassword' => $hashedPasswd
);
if (not defined $obj{$attr}) {
......@@ -876,7 +876,7 @@ sub check_admin {
my $member_node = $ldap->search(
base => $dn,
scope => 'base',
filter => "(objectClass=gosaAccount)"
filter => "(objectClass=inetOrgPerson)"
);
if ($member_node->count == 1) {
print ("$dn is a valid admin\n");
......@@ -893,7 +893,7 @@ sub check_admin {
# Find group members
my $member_entry = $member_node->shift_entry;
my $memberUids = $member_entry->get_value("memberUid", asref => 1);
my $filter = '(&(objectClass=gosaAccount)(|(uid='.join(')(uid=', @$memberUids).')))';
my $filter = '(&(objectClass=inetOrgPerson)(|(uid='.join(')(uid=', @$memberUids).')))';
my $group_members = $ldap->search(
base => $base,
filter => $filter,
......@@ -1108,7 +1108,7 @@ sub migrate_users {
print ("---------------------------------------------\n");
my $mesg = $ldap->search(
filter => "(|(!(objectClass~=gosaAccount))(!(objectClass~=organizationalPerson))(!(objectClass~=Person)))",
filter => "(|(!(objectClass~=inetOrgPerson))(!(objectClass~=organizationalPerson))(!(objectClass~=Person)))",
base => "$peopleou,$base",
scope => $scope
);
......@@ -1116,7 +1116,7 @@ sub migrate_users {
my @entries = $mesg->entries;
foreach my $entry (@entries) {
$mesg = $ldap->modify($entry->dn(), add => { "ObjectClass" => "gosaAccount"});
$mesg = $ldap->modify($entry->dn(), add => { "ObjectClass" => "inetOrgPerson"});
$mesg = $ldap->modify($entry->dn(), add => { "ObjectClass" => "organizationalPerson"});
$mesg = $ldap->modify($entry->dn(), add => { "ObjectClass" => "Person"});
print $entry->dn();
......@@ -1310,7 +1310,6 @@ sub check_deprecated {
my ($obsolete_attrs, $obsolete_classes) = get_deprecated();
my $filterAttrs = '(|'.join('', (map{ '('.$_->{'name'}.'=*)' } @$obsolete_attrs)).')';
my $filterClasses = '(|'.join('', (map{ '(objectClass='.$_->{'name'}.')' } @$obsolete_classes)).')';
# initiate the LDAP connexion
my %hash_ldap_param = get_ldap_connexion();
......@@ -1333,17 +1332,23 @@ sub check_deprecated {
print "There are no entries in the LDAP using obsolete attributes\n";
}
$entries = $ldap->search(
base => "$base",
filter => "$filterClasses",
);
$entries->code && die $entries->error;
my $useobsoletes = 0;
foreach my $class (@$obsolete_classes) {
$entries = $ldap->search(
base => "$base",
filter => '(objectClass='.$class->{'name'}.')',
);
$entries->code && die $entries->error;
if ($entries->count > 0) {
while (my $entry = $entries->shift_entry) {
print $entry->dn." uses an obsolete object class\n";
if ($entries->count > 0) {
$useobsoletes = 1;
while (my $entry = $entries->shift_entry) {
print $entry->dn." uses the obsolete object class ".$class->{'name'}."\n";
}
}
} else {
}
if (!$useobsoletes) {
print "There are no entries in the LDAP using obsolete classes\n";
}
}
......@@ -1353,6 +1358,7 @@ sub ldif_deprecated {
my ($obsolete_attrs, $obsolete_classes) = get_deprecated();
my $filterAttrs = '(|'.join('', (map{ '('.$_->{'name'}.'=*)' } @$obsolete_attrs)).')';
my $filterClasses = '(|'.join('', (map{ '(objectClass='.$_->{'name'}.')' } @$obsolete_classes)).')';
# initiate the LDAP connexion
my %hash_ldap_param = get_ldap_connexion();
......@@ -1381,6 +1387,18 @@ sub ldif_deprecated {
} else {
print "# There are no entries in the LDAP using obsolete attributes\n";
}
$entries = $ldap->search(
base => "$base",
filter => "$filterClasses",
);
$entries->code && die $entries->error;
if ($entries->count > 0) {
print "# WARNING: There are entries in the LDAP using obsolete classes, you need to edit them manually\n";
} else {
print "# There are no entries in the LDAP using obsolete classes\n";
}
}
sub show_version {
......
......@@ -4,15 +4,7 @@ LDAP TREE MIGRATION
To migrate an existing LDAP tree, you've to do all steps from above,
plus some modifications:
- FusionDirectory only shows users that have the objectClass gosaAccount
This one has been introduced for several reasons. First, there are
cases you want to hide special accounts from regular admins (i.e.
a samba admin account which is used to log windows machines into
their domain, where changing a password by accident has bad consequences).
Secondly the gosaAccount keeps the lm/nt password hashes and the
attributes for the last password change - with the consequence that
adding a samba account "later" will not require the user to reset
the password.
- FusionDirectory only shows users that have the objectClass inetOrgPerson
- FusionDirectory only recognizes subtrees (or departments in FusionDirectory's
view of things) that have the objectClass gosaDepartment. You can hide subtrees
......
This diff is collapsed.
{literal}<?xml version="1.0"?>{/literal}
<conf>
<!-- Services **************************************************************
Old services that are not based on simpleService needs to be listed here
-->
<serverservice>
<tab class="serviceDHCP" />
<tab class="serviceDNS" />
</serverservice>
<!-- Main section **********************************************************
The main section defines global settings, which might be overridden by
each location definition inside.
......@@ -17,23 +8,23 @@
the FusionDirectory.conf(5) manual page.
-->
<main default="{$cv.location}"
{if $cv.optional.logging}
{if $cv.fdLogging}
logging="TRUE"
{else}
logging="FALSE"
{/if}
{if $cv.errorlvl}
{if $cv.fdDisplayErrors}
displayErrors="TRUE"
{else}
displayErrors="FALSE"
{/if}
{if $cv.optional.forcessl}
{if $cv.fdForceSSL}
forceSSL="TRUE"
{else}
forceSSL="FALSE"
{/if}
templateCompileDirectory="{$cv.optional.compile}"
debugLevel="{$cv.optional.debuglevel}"
templateCompileDirectory="{$templateCompileDirectory}"
debugLevel="{$cv.debugLevel}"
>
<!-- Location definition -->
......@@ -41,8 +32,7 @@
{if $cv.tls}
ldapTLS="TRUE"
{/if}
config="ou=fusiondirectory,ou=configs,ou=systems,{$cv.base}">
>
<referral URI="{$cv.connection}/{$cv.base}"
adminDn="{$cv.admin}"
adminPassword="{$cv.password}" />
......
......@@ -133,7 +133,7 @@
.\" ========================================================================
.\"
.IX Title "FUSIONDIRECTORY-INSERT-SCHEMA 1"
.TH FUSIONDIRECTORY-INSERT-SCHEMA 1 "2015-06-30" "FusionDirectory 1.0.8.8" "FusionDirectory Documentation"
.TH FUSIONDIRECTORY-INSERT-SCHEMA 1 "2015-09-23" "FusionDirectory 1.0.9" "FusionDirectory Documentation"
.\" For nroff, turn off justification. Always turn off hyphenation; it makes
.\" way too many mistakes in technical documents.
.if n .ad l
......@@ -194,6 +194,9 @@ but beware that you will not be able to see things like password prompts as the
\&
\& fusion@catbert$ fusiondirectory\-insert\-schema \-e myschema
\& Empty the schema myschema
\&
\& fusion@catbert$ fusiondirectory\-insert\-schema \-o "\-H ldap://my.ldap.com \-ZZ \-D \*(Aqcn=admin,cn=config\*(Aq \-w password \-x"
\& Connect to another ldap server to insert the schema
.Ve
.SH "BUGS"
.IX Header "BUGS"
......
......@@ -133,7 +133,7 @@
.\" ========================================================================
.\"
.IX Title "FUSIONDIRECTORY-SETUP 1"
.TH FUSIONDIRECTORY-SETUP 1 "2015-06-30" "FusionDirectory 1.0.8.8" "FusionDirectory Documentation"
.TH FUSIONDIRECTORY-SETUP 1 "2015-09-22" "FusionDirectory 1.0.9" "FusionDirectory Documentation"
.\" For nroff, turn off justification. Always turn off hyphenation; it makes
.\" way too many mistakes in technical documents.
.if n .ad l
......
......@@ -133,7 +133,7 @@
.\" ========================================================================
.\"
.IX Title "FUSIONDIRECTORY.CONF 1"
.TH FUSIONDIRECTORY.CONF 1 "2015-06-12" "FusionDirectory 1.0.8.8" "FusionDirectory Documentation"
.TH FUSIONDIRECTORY.CONF 1 "2015-06-30" "FusionDirectory 1.0.9" "FusionDirectory Documentation"
.\" For nroff, turn off justification. Always turn off hyphenation; it makes
.\" way too many mistakes in technical documents.
.if n .ad l
......
This diff is collapsed.
......@@ -6,6 +6,7 @@
# Attributes
attributetype ( 1.3.6.1.4.1.10098.1.1.12.1 NAME 'gosaSubtreeACL'
DESC 'GOsa - ACL entry'
OBSOLETE
EQUALITY caseIgnoreMatch
SUBSTR caseIgnoreSubstringsMatch
SYNTAX 1.3.6.1.4.1.1466.115.121.1.15)
......@@ -24,6 +25,7 @@ attributetype ( 1.3.6.1.4.1.10098.1.1.12.3 NAME 'gosaObject'
attributetype ( 1.3.6.1.4.1.10098.1.1.12.14 NAME 'gosaDefaultLanguage'
DESC 'GOsa - Defines the default language for a user'
OBSOLETE
EQUALITY caseIgnoreIA5Match
SUBSTR caseIgnoreIA5SubstringsMatch
SYNTAX 1.3.6.1.4.1.1466.115.121.1.26 SINGLE-VALUE)
......@@ -34,13 +36,6 @@ attributetype ( 1.3.6.1.4.1.10098.1.1.12.30 NAME 'gosaGroupObjects'
SUBSTR caseIgnoreIA5SubstringsMatch
SYNTAX 1.3.6.1.4.1.1466.115.121.1.26 SINGLE-VALUE)
attributetype ( 1.3.6.1.4.1.10098.1.1.12.33 NAME 'gosaUnitTag'
DESC 'GOsa - Takes a list of relevant mime-type|priority settings'
OBSOLETE
EQUALITY caseIgnoreIA5Match
SUBSTR caseIgnoreIA5SubstringsMatch
SYNTAX 1.3.6.1.4.1.1466.115.121.1.26 SINGLE-VALUE)
attributetype ( 1.3.6.1.4.1.10098.1.1.12.34 NAME 'gosaAclTemplate'
DESC 'GOsa - ACL entries for ACL roles'
EQUALITY caseIgnoreIA5Match
......@@ -53,12 +48,6 @@ attributetype ( 1.3.6.1.4.1.10098.1.1.12.35 NAME 'gosaAclEntry'
SUBSTR caseIgnoreIA5SubstringsMatch
SYNTAX 1.3.6.1.4.1.1466.115.121.1.26)
attributetype ( 1.3.6.1.4.1.10098.1.1.12.36 NAME 'gosaSnapshotType'
DESC 'GOsa - Takes either undo or snapshot'
OBSOLETE
EQUALITY caseIgnoreMatch
SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 SINGLE-VALUE)
attributetype ( 1.3.6.1.4.1.10098.1.1.12.37 NAME 'gosaSnapshotTimestamp'
DESC 'GOsa - Unix timestamp of snapshot'
EQUALITY caseIgnoreMatch
......@@ -77,10 +66,12 @@ attributetype ( 1.3.6.1.4.1.10098.1.1.12.39 NAME 'gosaSnapshotData'
attributetype ( 1.3.6.1.4.1.10098.1.1.12.46 NAME 'gosaLoginRestriction'
DESC 'GOsa - Multivalue attribute to carry a number of allowed ips/subnets'
OBSOLETE
SUP name)
attributetype ( 1.3.6.1.4.1.10098.1.1.6.2 NAME 'academicTitle'
DESC 'Field to represent the academic title'
OBSOLETE
EQUALITY caseIgnoreMatch
SUBSTR caseIgnoreSubstringsMatch
SYNTAX 1.3.6.1.4.1.1466.115.121.1.15)
......@@ -98,72 +89,60 @@ attributetype ( 1.3.6.1.4.1.15305.2.2 NAME ( 'dateOfBirth' 'dob' )
SINGLE-VALUE )
# Classes
objectclass ( 1.3.6.1.4.1.10098.1.2.1.19.1 NAME 'gosaObject'
DESC 'GOsa - Class for GOsa settings (v2.6.1)'
SUP top AUXILIARY
MUST ( gosaSubtreeACL ))
objectclass ( 1.3.6.1.4.1.10098.1.2.1.19.1 NAME 'gosaObject' SUP top AUXILIARY
DESC 'GOsa - Class for GOsa settings'
OBSOLETE
MUST ( )
MAY ( gosaSubtreeACL ))
objectclass ( 1.3.6.1.4.1.10098.1.2.1.19.2 NAME 'gosaLockEntry'
DESC 'GOsa - Class for GOsa locking (v2.6.1)'
SUP top STRUCTURAL
objectclass ( 1.3.6.1.4.1.10098.1.2.1.19.2 NAME 'gosaLockEntry' SUP top STRUCTURAL
DESC 'GOsa - Class for GOsa locking'
MUST ( gosaUser $ gosaObject $ cn ))
objectclass ( 1.3.6.1.4.1.10098.1.2.1.19.3 NAME 'gosaCacheEntry'
DESC 'GOsa - Class for GOsa caching (v2.6.1)'
SUP top STRUCTURAL
MAY ( gosaUser )
MUST ( cn ))
objectclass ( 1.3.6.1.4.1.10098.1.2.1.19.3 NAME 'gosaCacheEntry' SUP top STRUCTURAL
DESC 'GOsa - Class for GOsa caching'
OBSOLETE
MAY ( )
MUST ( cn $ gosaUser ))
objectclass ( 1.3.6.1.4.1.10098.1.2.1.19.4 NAME 'gosaDepartment'
DESC 'GOsa - Class to mark Departments for GOsa (v2.6.1)'
SUP top AUXILIARY
objectclass ( 1.3.6.1.4.1.10098.1.2.1.19.4 NAME 'gosaDepartment' SUP top AUXILIARY
DESC 'GOsa - Class to mark Departments for GOsa'
MUST ( ou $ description )
MAY ( manager ))
objectclass ( 1.3.6.1.4.1.10098.1.2.1.19.6 NAME 'gosaAccount'
DESC 'GOsa - Class for GOsa Accounts (v2.6.6)'
SUP top AUXILIARY
MUST ( uid )
MAY ( sambaLMPassword $ sambaNTPassword $ sambaPwdLastSet $
gosaDefaultLanguage $ academicTitle $ personalTitle $ dateOfBirth $
sambaBadPasswordCount $ sambaBadPasswordTime $ gender $ gosaLoginRestriction ))
objectclass ( 1.3.6.1.4.1.10098.1.2.1.19.11 NAME 'gosaUserTemplate'
DESC 'GOsa - Class for GOsa User Templates (v2.6.1)'
SUP top AUXILIARY
objectclass ( 1.3.6.1.4.1.10098.1.2.1.19.6 NAME 'gosaAccount' SUP top AUXILIARY
DESC 'GOsa - Class for GOsa Accounts'
OBSOLETE
MUST ( )
MAY (
gosaLoginRestriction $
gosaDefaultLanguage $ academicTitle $ personalTitle $ dateOfBirth $ gender
) )
objectclass ( 1.3.6.1.4.1.10098.1.2.1.19.11 NAME 'gosaUserTemplate' SUP top AUXILIARY
DESC 'GOsa - Class for GOsa User Templates'
OBSOLETE
MUST ( cn ))
objectclass ( 1.3.6.1.4.1.10098.1.2.1.19.12 NAME 'gosaGroupOfNames'
DESC 'GOsa - Adds the gosaGroupObjects field to groupOfNames (v2.6.1)'
SUP top STRUCTURAL
MUST ( cn $ gosaGroupObjects ) MAY ( member $ description ) )
objectclass ( 1.3.6.1.4.1.10098.1.2.1.19.15 NAME 'gosaAdministrativeUnit'
DESC 'Marker for administrational units (v2.6.1)'
OBSOLETE
SUP top AUXILIARY
MUST ( gosaUnitTag ))
objectclass ( 1.3.6.1.4.1.10098.1.2.1.19.16 NAME 'gosaAdministrativeUnitTag'
DESC 'Marker for objects below administrational units (v2.6.1)'
OBSOLETE
DESC 'GOsa - Adds the gosaGroupObjects field to groupOfNames'
SUP top AUXILIARY
MUST ( gosaUnitTag ))
MUST ( cn $ gosaGroupObjects ) MAY ( member $ description ) )
objectclass ( 1.3.6.1.4.1.10098.1.2.1.19.17 NAME 'gosaRole'
DESC 'GOsa - ACL container to define ACL roles (v2.6.1)'
SUP top STRUCTURAL
DESC 'GOsa - ACL container to define ACL roles'
SUP top STRUCTURAL
MUST ( gosaAclTemplate $ cn )
MAY ( description ) )
objectclass ( 1.3.6.1.4.1.10098.1.2.1.19.18 NAME 'gosaAcl'
DESC 'GOsa - ACL container to define single ACLs (v2.6.1)'
DESC 'GOsa - ACL container to define single ACLs'
SUP top AUXILIARY
MUST ( gosaAclEntry ))
objectclass ( 1.3.6.1.4.1.10098.1.2.1.19.19 NAME 'gosaSnapshotObject'
DESC 'GOsa - Container object for undo and snapshot data (v2.6.1)'
DESC 'GOsa - Container object for undo and snapshot data'
SUP top STRUCTURAL
MUST ( gosaSnapshotTimestamp $ gosaSnapshotDN $ gosaSnapshotData )
MAY ( description $
gosaSnapshotType ) )
MAY ( description ) )
##
## recovery.schema - Needed by Fusion Directory for managing password recovery
##
## Maintained by the FusionDirectory Project <contact@fusiondirectory.org>
##
# Attributes
attributetype ( 1.3.6.1.4.1.38414.1.1.1 NAME 'passwordRecoveryActivated'
DESC 'Fusion Directory - Password recovery enabled/disabled'
EQUALITY booleanMatch
SYNTAX 1.3.6.1.4.1.1466.115.121.1.7
SINGLE-VALUE )
attributetype ( 1.3.6.1.4.1.38414.1.1.2 NAME 'passwordRecoveryEmail'
DESC 'Fusion Directory - Password recovery sender email'
EQUALITY caseExactIA5Match
SYNTAX 1.3.6.1.4.1.1466.115.121.1.26
SINGLE-VALUE )
attributetype ( 1.3.6.1.4.1.38414.1.1.3 NAME 'passwordRecoveryMailSubject'
DESC 'Fusion Directory - Password recovery first email subject'
EQUALITY caseExactMatch
SYNTAX 1.3.6.1.4.1.1466.115.121.1.15
SINGLE-VALUE )
attributetype ( 1.3.6.1.4.1.38414.1.1.4 NAME 'passwordRecoveryMailBody'
DESC 'Fusion Directory - Password recovery first email body'
EQUALITY caseExactMatch
SYNTAX 1.3.6.1.4.1.1466.115.121.1.15
SINGLE-VALUE )
attributetype ( 1.3.6.1.4.1.38414.1.1.5 NAME 'passwordRecoveryMail2Subject'
DESC 'Fusion Directory - Password recovery second email subject'
EQUALITY caseExactMatch
SYNTAX 1.3.6.1.4.1.1466.115.121.1.15
SINGLE-VALUE )
attributetype ( 1.3.6.1.4.1.38414.1.1.6 NAME 'passwordRecoveryMail2Body'
DESC 'Fusion Directory - Password recovery second email body'
EQUALITY caseExactMatch
SYNTAX 1.3.6.1.4.1.1466.115.121.1.15
SINGLE-VALUE )
attributetype ( 1.3.6.1.4.1.38414.1.1.7 NAME 'passwordRecoveryValidity'
DESC 'Fusion Directory - Password recovery link validity in minutes'
EQUALITY integerMatch
ORDERING integerOrderingMatch
SYNTAX 1.3.6.1.4.1.1466.115.121.1.27
SINGLE-VALUE )
attributetype ( 1.3.6.1.4.1.38414.1.1.8 NAME 'passwordRecoverySalt'
DESC 'Fusion Directory - Password recovery token salt'
EQUALITY caseExactIA5Match
SYNTAX 1.3.6.1.4.1.1466.115.121.1.26
SINGLE-VALUE )
attributetype ( 1.3.6.1.4.1.38414.1.1.9 NAME 'passwordRecoveryUseAlternate'
DESC 'Fusion Directory - Allow/disallow the use of alternate addresses for password recovery'
EQUALITY booleanMatch
SYNTAX 1.3.6.1.4.1.1466.115.121.1.7
SINGLE-VALUE )
# Object Class
objectclass ( 1.3.6.1.4.1.38414.1.2.1 NAME 'recoveryConfig'
DESC 'Password recovery settings'
MUST ( cn $ passwordRecoveryActivated $ passwordRecoveryEmail $
passwordRecoveryMailSubject $ passwordRecoveryMailBody $
passwordRecoveryMail2Subject $ passwordRecoveryMail2Body $
passwordRecoveryValidity $ passwordRecoverySalt $
passwordRecoveryUseAlternate) )
# This is the main ldapd configuration file. See slapd.conf(5) for more
# info on the configuration options.
##
## NOTE: This is an example. You should use the template shipped
## with your distribution and adapt it to your needs.
##
# Schema and objectClass definitions, depending on your
# LDAP setup
include /etc/ldap/schema/core.schema
include /etc/ldap/schema/cosine.schema
include /etc/ldap/schema/inetorgperson.schema
include /etc/ldap/schema/openldap.schema
include /etc/ldap/schema/nis.schema
include /etc/ldap/schema/misc.schema
# These should be present for FusionDirectory.
include /etc/ldap/schema/samba.schema
include /etc/ldap/schema/fusiondirectory/core-fd.schema
include /etc/ldap/schema/fusiondirectory/core-fd-conf.schema
include /etc/ldap/schema/fusiondirectory/recovery-fd.schema
include /etc/ldap/schema/fusiondirectory/ldapns.schema
# Security settings
# Parameters: sasl, ssf, tls, transport, update_sasl, update_ssf,
# update_tls, update_transport
#security update_sasl=128,uptate_tls=128
# Require settings
# Paramters: none, authc, bind, LDAPv3, SASL (strong)
#require authc, LDAPv3
# Allow settings
# Parameters: none, bind_v2, tls_2_anon, bind_anon_cred, bind_anon_dn,
# update_anon
#allow bind_v2
# Disallow settings
# Parameters: bind_anon, bind_simple_unprotected, tls_2_anon,
# bind_simple, bind_krbv4, tls_authc
# Password hash default value
# Parameters: {SHA}, {SMD5}, {MD4}, {CRYPT}, {CLEARTEXT}
password-hash {CRYPT}
# Search base
defaultsearchbase dc=fusiondirectory,dc=org
# Where clients are refered to if no
# match is found locally
#referral ldap://some.other.ldap.server
## TLS setup, needs certificates
#TLSCipherSuite HIGH:MEDIUM:+SSLv2
#TLSCertificateFile /etc/ssl/certs/slapd.pem
#TLSCertificateKeyFile /etc/ssl/certs/slapd.pem
## SASL setup
#sasl-authz-policy
#sasl-host fusiondirectory.fusiondirectory.local
#sasl-realm FUSIONDIRECTORY.LOCAL
#sasl-regexp cn=(.*),ou=(.*) cn=$1,ou=$2,ou=People,dc=fusiondirectory,dc=org
#sasl-secprops noanonymous
## Kerberos setup
#srvtab /etc/krb5.keytab.ldap
# Where the pid file is put. The init.d script
# will not stop the server if you change this.
pidfile /var/run/slapd/slapd.pid
# List of arguments that were passed to the server
argsfile /var/run/slapd/slapd.args
# Read slapd.conf(5) for possible values
loglevel 1024
# Where the dynamically loaded modules are stored
modulepath /usr/lib/ldap
moduleload back_hdb
moduleload back_monitor
#moduleload back_shell
# Some tuning parameters
#threads 64
#concurrency 32
#conn_max_pending 100
#conn_max_pending_auth 250
#reverse-lookup off
#sizelimit 1000
#timelimit 30
#idletimeout 30
# Limits
#limits anonymous size.soft=500 time.soft=5
#limits user size=none time.soft=30
# Speed up member add/mod/delete operations
sortvals member memberUid roleOccupant
access to dn.base=""
by * read
access to dn.subtree=cn=Monitor
by * read