diff options
author | Daniel Baumann <daniel.baumann@progress-linux.org> | 2024-04-07 16:35:33 +0000 |
---|---|---|
committer | Daniel Baumann <daniel.baumann@progress-linux.org> | 2024-04-07 16:35:33 +0000 |
commit | 1f641814b2bfbbf2dc3347e11a3fe901bfdf1efc (patch) | |
tree | 77094b19bf9091ceb6f6ab7d0267f70fef9c8323 /debian/slapd.init.ldif | |
parent | Adding upstream version 2.5.13+dfsg. (diff) | |
download | openldap-debian.tar.xz openldap-debian.zip |
Adding debian version 2.5.13+dfsg-5.debian/2.5.13+dfsg-5debian
Signed-off-by: Daniel Baumann <daniel.baumann@progress-linux.org>
Diffstat (limited to 'debian/slapd.init.ldif')
-rw-r--r-- | debian/slapd.init.ldif | 96 |
1 files changed, 96 insertions, 0 deletions
diff --git a/debian/slapd.init.ldif b/debian/slapd.init.ldif new file mode 100644 index 0000000..eacb116 --- /dev/null +++ b/debian/slapd.init.ldif @@ -0,0 +1,96 @@ +# Global config: +dn: cn=config +objectClass: olcGlobal +cn: config +# Where the pid file is put. The init.d script +# will not stop the server if you change this. +olcPidFile: /var/run/slapd/slapd.pid +# List of arguments that were passed to the server +olcArgsFile: /var/run/slapd/slapd.args +# Read slapd-config(5) for possible values +olcLogLevel: none +# The tool-threads parameter sets the actual amount of cpu's that is used +# for indexing. +olcToolThreads: 1 + +# Frontend settings +dn: olcDatabase={-1}frontend,cn=config +objectClass: olcDatabaseConfig +objectClass: olcFrontendConfig +olcDatabase: {-1}frontend +# The maximum number of entries that is returned for a search operation +olcSizeLimit: 500 +# Allow unlimited access to local connection from the local root user +olcAccess: {0}to * by dn.exact=gidNumber=0+uidNumber=0,cn=peercred,cn=external,cn=auth manage by * break +# Allow unauthenticated read access for schema and base DN autodiscovery +olcAccess: {1}to dn.exact="" by * read +olcAccess: {2}to dn.base="cn=Subschema" by * read + +# Config db settings +dn: olcDatabase=config,cn=config +objectClass: olcDatabaseConfig +olcDatabase: config +# Allow unlimited access to local connection from the local root user +olcAccess: to * by dn.exact=gidNumber=0+uidNumber=0,cn=peercred,cn=external,cn=auth manage by * break +olcRootDN: cn=admin,cn=config + +# Load schemas +dn: cn=schema,cn=config +objectClass: olcSchemaConfig +cn: schema + +include: file:///etc/ldap/schema/core.ldif +include: file:///etc/ldap/schema/cosine.ldif +include: file:///etc/ldap/schema/nis.ldif +include: file:///etc/ldap/schema/inetorgperson.ldif + +# Load module +dn: cn=module{0},cn=config +objectClass: olcModuleList +cn: module{0} +# Where the dynamically loaded modules are stored +olcModulePath: /usr/lib/ldap +olcModuleLoad: back_mdb + +# The database definition. +dn: olcDatabase=mdb,cn=config +objectClass: olcDatabaseConfig +objectClass: olcMdbConfig +olcDatabase: mdb +# Default to a 1 GiB database for compatibility with 32-bit systems. +olcDbMaxSize: 1073741824 +# Checkpoint the database periodically in case of system +# failure and to speed slapd shutdown. +olcDbCheckpoint: 512 30 +# Save the time that the entry gets modified, for database #1 +olcLastMod: TRUE +# The base of your directory in database #1 +olcSuffix: @SUFFIX@ +# Where the database file are physically stored for database #1 +olcDbDirectory: /var/lib/ldap +# Database superuser credentials +olcRootDN: cn=admin,@SUFFIX@ +olcRootPW: @PASSWORD@ +# Indexing options for database #1 +olcDbIndex: objectClass eq +olcDbIndex: cn,uid eq +olcDbIndex: uidNumber,gidNumber eq +olcDbIndex: member,memberUid eq +# The userPassword by default can be changed by the entry owning it if +# they are authenticated. Others should not be able to see it, except +# the admin entry above. +olcAccess: to attrs=userPassword + by self write + by anonymous auth + by * none +# Allow update of authenticated user's shadowLastChange attribute. +# Updating it on password change is implemented at least by libpam-ldap, +# libpam-ldapd, and the slapo-smbk5pwd overlay. +olcAccess: to attrs=shadowLastChange + by self write + by * read +# The admin dn (olcRootDN) bypasses ACLs and so has total access, +# everyone else can read everything. +olcAccess: to * + by * read + |