Commit 8f573b31 authored by Benoit Mortier's avatar Benoit Mortier
Browse files

Fixes: #4114 remove slapd.conf from contrib/openldap as no one use slapd.conf...

Fixes: #4114

 remove slapd.conf from contrib/openldap as no one use slapd.conf anymore and there is error in it
Signed-off-by: default avatarBenoit Mortier <benoit.mortier@opensides.be>
parent 8eed512c
# This is the main ldapd configuration file. See slapd.conf(5) for more
# info on the configuration options.
##
## NOTE: This is an example. You should use the template shipped
## with your distribution and adapt it to your needs.
##
# Schema and objectClass definitions, depending on your
# LDAP setup
include /etc/ldap/schema/core.schema
include /etc/ldap/schema/cosine.schema
include /etc/ldap/schema/inetorgperson.schema
include /etc/ldap/schema/openldap.schema
include /etc/ldap/schema/nis.schema
include /etc/ldap/schema/misc.schema
# These should be present for FusionDirectory.
include /etc/ldap/schema/samba.schema
include /etc/ldap/schema/fusiondirectory/core-fd.schema
include /etc/ldap/schema/fusiondirectory/core-fd-conf.schema
include /etc/ldap/schema/fusiondirectory/recovery-fd.schema
include /etc/ldap/schema/fusiondirectory/ldapns.schema
# Security settings
# Parameters: sasl, ssf, tls, transport, update_sasl, update_ssf,
# update_tls, update_transport
#security update_sasl=128,uptate_tls=128
# Require settings
# Paramters: none, authc, bind, LDAPv3, SASL (strong)
#require authc, LDAPv3
# Allow settings
# Parameters: none, bind_v2, tls_2_anon, bind_anon_cred, bind_anon_dn,
# update_anon
#allow bind_v2
# Disallow settings
# Parameters: bind_anon, bind_simple_unprotected, tls_2_anon,
# bind_simple, bind_krbv4, tls_authc
# Password hash default value
# Parameters: {SHA}, {SMD5}, {MD4}, {CRYPT}, {CLEARTEXT}
password-hash {CRYPT}
# Search base
defaultsearchbase dc=fusiondirectory,dc=org
# Where clients are refered to if no
# match is found locally
#referral ldap://some.other.ldap.server
## TLS setup, needs certificates
#TLSCipherSuite HIGH:MEDIUM:+SSLv2
#TLSCertificateFile /etc/ssl/certs/slapd.pem
#TLSCertificateKeyFile /etc/ssl/certs/slapd.pem
## SASL setup
#sasl-authz-policy
#sasl-host fusiondirectory.fusiondirectory.local
#sasl-realm FUSIONDIRECTORY.LOCAL
#sasl-regexp cn=(.*),ou=(.*) cn=$1,ou=$2,ou=People,dc=fusiondirectory,dc=org
#sasl-secprops noanonymous
## Kerberos setup
#srvtab /etc/krb5.keytab.ldap
# Where the pid file is put. The init.d script
# will not stop the server if you change this.
pidfile /var/run/slapd/slapd.pid
# List of arguments that were passed to the server
argsfile /var/run/slapd/slapd.args
# Read slapd.conf(5) for possible values
loglevel 1024
# Where the dynamically loaded modules are stored
modulepath /usr/lib/ldap
moduleload back_hdb
moduleload back_monitor
#moduleload back_shell
# Some tuning parameters
#threads 64
#concurrency 32
#conn_max_pending 100
#conn_max_pending_auth 250
#reverse-lookup off
#sizelimit 1000
#timelimit 30
#idletimeout 30
# Limits
#limits anonymous size.soft=500 time.soft=5
#limits user size=none time.soft=30
# Speed up member add/mod/delete operations
sortvals member memberUid roleOccupant
access to dn.base=""
by * read
access to dn.subtree=cn=Monitor
by * read
# Access to schema information
#access to dn.subtree=""
# by * read
# The userPassword/shadow Emtries by default can be
# changed by the entry owning it if they are authenticated.
# Others should not be able to see it, except the admin
# entry below
access to attrs=userPassword,sambaPwdLastSet,sambaPwdMustChange,sambaPwdCanChange,shadowMax,shadowExpire
by dn.regex="uid=[^/]+/admin\+(realm=FUSIONDIRECTORY.LOCAL)?" write
by anonymous auth
by self write
by * none
# Deny access to imap/fax/kerberos admin passwords stored
# in ldap tree
access to attrs=goImapPassword
by dn.regex="uid=[^/]+/admin\+(realm=FUSIONDIRECTORY.LOCAL)?" write
by * none
access to attrs=goKrbPassword
by dn.regex="uid=[^/]+/admin\+(realm=FUSIONDIRECTORY.LOCAL)?" write
by * none
access to attrs=goFaxPassword
by dn.regex="uid=[^/]+/admin\+(realm=FUSIONDIRECTORY.LOCAL)?" write
by * none
# Let servers write last user attribute
access to attrs=gotoLastUser
by * write
# Samba passwords by default can be changed
# by the entry owning it if they are authenticated.
# Others should not be able to see it, except the
# admin entry below
access to attrs=sambaLmPassword,sambaNtPassword
by dn.regex="uid=[^/]+/admin\+(realm=FUSIONDIRECTORY.LOCAL)?" write
by anonymous auth
by self write
by * none
# What trees should be readable, depends on your policy. Either
# use this entry and specify what should be readable, or leave
# the access to * => by * read below untouched
#access to dn="ou=(people|groups)"
# by * read
# The admin dn has full write access
access to *
by dn.regex="uid=[^/]+/admin\+(realm=FUSIONDIRECTORY.LOCAL)?" =wrscx
by * read
# by peername="ip=127\.0\.0\.1" read
# by * none
#######################################################################
# database definitions
#######################################################################
# Monitor backend
database monitor
# The backend type, ldbm, is the default standard
database hdb
cachesize 5000
mode 0600
# The base of your directory
suffix "dc=fusiondirectory,dc=org"
checkpoint 512 720
# Sample password is "tester", generate a new one using the mkpasswd
# utility and put the string after {crypt}
rootdn "cn=ldapadmin,dc=fusiondirectory,dc=org"
rootpw {crypt}OuorOLd3VqvC2
# Indexing
index default sub
index uid,mail eq
index gosaSnapshotDN eq
index gosaSnapshotTimestamp eq,sub
index gosaMailAlternateAddress,gosaMailForwardingAddress eq
index cn,sn,givenName,ou pres,eq,sub
index objectClass pres,eq
index uidNumber,gidNumber,memberuid eq
index roleOccupant eq
index gosaSubtreeACL,gosaObject,gosaUser pres,eq
# Indexing for Kolab
#index alias eq,sub
#index kolabDeleteflag eq
#index kolabHomeServer eq
#index member pres,eq
# Indexing for Samba 3
index sambaSID eq
index sambaPrimaryGroupSID eq
index sambaDomainName eq
# Indexing for DHCP
#index dhcpHWAddress eq
#index dhcpClassData eq
# Indexing for DNS
#index zoneName eq
#index relativeDomainName eq
# Where the database file are physically stored
directory "/var/lib/ldap"
# Log modifications and write entryUUID
lastmod on
# Example replication using admin account. This will require taking the
# out put of this database using slapcat(8C), and then importing that into
# the replica using slapadd(8C).
# Replication setup
#replogfile /var/log/ldap-replicalog
#replica host=ldap-2.fusiondirectory.local
# binddn="cn=replicator,dc=fusiondirectory,dc=org" bindmethod=simple credentials=secret
# Dummy database for config replication
#database shell
#suffix "dc=fusiondirectory,dc=shell"
#search /etc/ldap/shell/process.pl
#add /etc/ldap/shell/process.pl
# End of ldapd configuration file
Markdown is supported
0% or .
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment