source: main/linuxmuster-base/branches/testing/var/config-dynamic/15_ldap/slapd.conf @ 1246

Revision 1246, 4.1 KB checked in by tschmitt, 4 months ago (diff)
  • linuxmuster-setup: weitere Abstimmungen mit sophomorix.
  • Property svn:keywords set to Id
Line 
1##### @@message1@@
2##### @@message2@@
3##### @@message3@@
4# $Id$
5#######################################################################
6#
7# Global Directives:
8
9# Features to permit
10#allow bind_v2
11
12# Schema and objectClass definitions
13include         /etc/ldap/schema/core.schema
14include         /etc/ldap/schema/cosine.schema
15include         /etc/ldap/schema/misc.schema
16include         /etc/ldap/schema/nis.schema
17include         /etc/ldap/schema/inetorgperson.schema
18include         /etc/ldap/schema/samba.schema
19include         /etc/ldap/schema/sophomorix.schema
20
21# Schema check allows for forcing entries to
22# match schemas for their objectClasses's
23#schemacheck     on
24
25# Where the pid file is put. The init.d script
26# will not stop the server if you change this.
27pidfile         /var/run/slapd/slapd.pid
28
29# List of arguments that were passed to the server
30argsfile        /var/run/slapd/slapd.args
31
32# Read slapd.conf(5) for possible values
33loglevel        0
34
35# Where the dynamically loaded modules are stored
36modulepath      /usr/lib/ldap
37moduleload      back_hdb
38
39# The maximum number of entries that is returned for a search operation
40sizelimit       unlimited
41
42# use passwords encrypted with ssha
43password-hash {SSHA}
44
45#######################################################################
46# Specific Backend Directives for bdb:
47# Backend specific directives apply to this backend until another
48# 'backend' directive occurs
49backend         hdb
50
51#######################################################################
52# Specific Directives for database #1, of type sql:
53# Database specific directives apply to this databasse until another
54# 'database' directive occurs
55database        hdb
56
57#LDAP Suffix
58suffix          "@@basedn@@"
59
60#LDAP Admin
61rootdn          "cn=admin,@@basedn@@"
62rootpw          @@ldappassword@@
63
64# Where the database file are physically stored for database #1
65directory       "/var/lib/ldap"
66
67# The dbconfig settings are used to generate a DB_CONFIG file the first
68# time slapd starts.  They do NOT override existing an existing DB_CONFIG
69# file.  You should therefore change these settings in DB_CONFIG directly
70# or remove DB_CONFIG and restart slapd for changes to take effect.
71
72# For the Debian package we use 2MB as default but be sure to update this
73# value if you have plenty of RAM
74dbconfig set_cachesize 0 2097152 0
75
76# Sven Hartge reported that he had to set this value incredibly high
77# to get slapd running at all. See http://bugs.debian.org/303057 for more
78# information.
79
80# Number of objects that can be locked at the same time.
81dbconfig set_lk_max_objects 1500
82# Number of locks (both requested and granted)
83dbconfig set_lk_max_locks 1500
84# Number of lockers
85dbconfig set_lk_max_lockers 1500
86
87# Indexing options for database #1
88index   objectClass,uid,uidNumber,gidNumber,memberUid   eq
89index   cn,mail,surname,givenname                       eq,subinitial
90index   sambaSID                                        eq
91index   sambaPrimaryGroupSID                            eq
92index   sambaDomainName                                 eq
93
94# Save the time that the entry gets modified, for database #1
95lastmod         on
96
97# Checkpoint the BerkeleyDB database periodically in case of system
98# failure and to speed slapd shutdown.
99checkpoint      512 30
100
101#######################################################################
102#Limits Access:
103access to attrs=sambaLMPassword,sambaNTPassword,sambaPwdLastSet,sambaPwdMustChange,sambaAcctFlags,userPassword
104       by anonymous peername.ip=@@ipcopip@@ auth
105       by anonymous peername.ip=@@serverip@@ auth
106       by anonymous peername.ip=127.0.0.1 auth
107       by anonymous ssf=56 auth
108       by self peername.ip=127.0.0.1 write
109       by self ssf=56 write
110       by * none
111
112access to *
113       by * read
114
115#######################################################################
116# TLS:
117#TLSCipherSuite HIGH:MEDIUM:+SSLv2
118TLSCACertificateFile /etc/ssl/private/server.pem
119TLSCertificateFile /etc/ssl/private/server.pem
120TLSCertificateKeyFile /etc/ssl/private/server.pem
121
122# Use the following if client authentication is required
123#TLSVerifyClient demand
124# ... or not desired at all
125#TLSVerifyClient never
126
127#The cachesize directive defines the number of entries that the LDAP backend will maintain in memory
128#cachesize 10000
129
Note: See TracBrowser for help on using the repository browser.