# Global config: dn: cn=config objectClass: olcGlobal cn: config # Where the pid file is put. The init.d script # will not stop the server if you change this. olcPidFile: /var/run/slapd/slapd.pid # List of arguments that were passed to the server olcArgsFile: /var/run/slapd/slapd.args # Read slapd-config(5) for possible values olcLogLevel: none # The tool-threads parameter sets the actual amount of cpu's that is used # for indexing. olcToolThreads: 1 # Frontend settings dn: olcDatabase={-1}frontend,cn=config objectClass: olcDatabaseConfig objectClass: olcFrontendConfig olcDatabase: {-1}frontend # The maximum number of entries that is returned for a search operation olcSizeLimit: 500 # Allow unlimited access to local connection from the local root user olcAccess: {0}to * by dn.exact=gidNumber=0+uidNumber=0,cn=peercred,cn=external,cn=auth manage by * break # Allow unauthenticated read access for schema and base DN autodiscovery olcAccess: {1}to dn.exact="" by * read olcAccess: {2}to dn.base="cn=Subschema" by * read # Config db settings dn: olcDatabase=config,cn=config objectClass: olcDatabaseConfig olcDatabase: config # Allow unlimited access to local connection from the local root user olcAccess: to * by dn.exact=gidNumber=0+uidNumber=0,cn=peercred,cn=external,cn=auth manage by * break olcRootDN: cn=admin,cn=config # Load schemas dn: cn=schema,cn=config objectClass: olcSchemaConfig cn: schema include: file:///etc/ldap/schema/core.ldif include: file:///etc/ldap/schema/cosine.ldif include: file:///etc/ldap/schema/nis.ldif include: file:///etc/ldap/schema/inetorgperson.ldif # Load module dn: cn=module{0},cn=config objectClass: olcModuleList cn: module{0} # Where the dynamically loaded modules are stored olcModulePath: /usr/lib/ldap olcModuleLoad: back_@BACKEND@ # Set defaults for the backend dn: olcBackend=@BACKEND@,cn=config objectClass: olcBackendConfig olcBackend: @BACKEND@ # The database definition. dn: olcDatabase=@BACKEND@,cn=config objectClass: olcDatabaseConfig objectClass: @BACKENDOBJECTCLASS@ olcDatabase: @BACKEND@ # Checkpoint the database periodically in case of system # failure and to speed slapd shutdown. olcDbCheckpoint: 512 30 @BACKENDOPTIONS@ # Save the time that the entry gets modified, for database #1 olcLastMod: TRUE # The base of your directory in database #1 olcSuffix: @SUFFIX@ # Where the database file are physically stored for database #1 olcDbDirectory: /var/lib/ldap # olcRootDN directive for specifying a superuser on the database. This # is needed for syncrepl. olcRootDN: cn=admin,@SUFFIX@ olcRootPW: @PASSWORD@ # Indexing options for database #1 olcDbIndex: objectClass eq olcDbIndex: cn,uid eq olcDbIndex: uidNumber,gidNumber eq olcDbIndex: member,memberUid eq # The userPassword by default can be changed by the entry owning it if # they are authenticated. Others should not be able to see it, except # the admin entry above. olcAccess: to attrs=userPassword by self write by anonymous auth by * none # Allow update of authenticated user's shadowLastChange attribute. # Updating it on password change is implemented at least by libpam-ldap, # libpam-ldapd, and the slapo-smbk5pwd overlay. olcAccess: to attrs=shadowLastChange by self write by * read # The admin dn (olcRootDN) bypasses ACLs and so has total access, # everyone else can read everything. olcAccess: to * by * read