source: branches/2.4/INSTALL/rhel/6/etc/openldap/slapd.conf @ 6730

Revision 6730, 4.3 KB checked in by eduardow, 9 years ago (diff)

Ticket #2937 - Adicionando os novos schemas do OpenLDAP.

  • Property svn:executable set to *
Line 
1#
2# See slapd.conf(5) for details on configuration options.
3# This file should NOT be world readable.
4#
5
6#######################################################################
7# Global Directives:
8sizelimit -1
9timelimit -1
10threads 2
11
12# Schema and objectClass definitions
13include         /etc/openldap/schema/core.schema
14include         /etc/openldap/schema/cosine.schema
15include         /etc/openldap/schema/inetorgperson.schema
16include         /etc/openldap/schema/nis.schema
17# Necessario para o Expresso Livre
18include         /etc/ldap/schema/expressolivre.schema
19include         /etc/ldap/schema/qmailuser.schema
20include         /etc/ldap/schema/phpgwaccount.schema
21include         /etc/ldap/schema/samba.schema
22include         /etc/ldap/schema/phpgwcontact.schema
23include         /etc/ldap/schema/phpgwquotacontrolled.schema
24
25# Read slapd.conf(5) for possible values
26loglevel        256
27
28# Allow LDAPv2 client connections.  This is NOT the default.
29# Necessario para o Expresso
30allow bind_v2
31
32# Do not enable referrals until AFTER you have a working directory
33# service AND an understanding of referrals.
34#referral       ldap://root.openldap.org
35
36pidfile         /var/run/openldap/slapd.pid
37argsfile        /var/run/openldap/slapd.args
38
39# Load dynamic backend modules:
40# modulepath    /usr/lib/openldap
41# moduleload    back_bdb.la
42# moduleload    back_ldap.la
43# moduleload    back_ldbm.la
44# moduleload    back_passwd.la
45# moduleload    back_shell.la
46
47# The next three lines allow use of TLS for encrypting connections using a
48# dummy test certificate which you can generate by changing to
49# /etc/pki/tls/certs, running "make slapd.pem", and fixing permissions on
50# slapd.pem so that the ldap user or group can read it.  Your client software
51# may balk at self-signed certificates, however.
52# TLSCACertificateFile /etc/pki/tls/certs/ca-bundle.crt
53# TLSCertificateFile /etc/pki/tls/certs/slapd.pem
54# TLSCertificateKeyFile /etc/pki/tls/certs/slapd.pem
55
56# Sample security restrictions
57#       Require integrity protection (prevent hijacking)
58#       Require 112-bit (3DES or better) encryption for updates
59#       Require 63-bit encryption for simple bind
60# security ssf=1 update_ssf=112 simple_bind=64
61
62# Sample access control policy:
63#       Root DSE: allow anyone to read it
64#       Subschema (sub)entry DSE: allow anyone to read it
65#       Other DSEs:
66#               Allow self write access
67#               Allow authenticated users read access
68#               Allow anonymous users to authenticate
69#       Directives needed to implement policy:
70# access to dn.base="" by * read
71# access to dn.base="cn=Subschema" by * read
72# access to *
73#       by self write
74#       by users read
75#       by anonymous auth
76#
77# if no access controls are present, the default policy
78# allows anyone and everyone to read anything but restricts
79# updates to rootdn.  (e.g., "access to * by * read")
80#
81# rootdn can always read and write EVERYTHING!
82
83#######################################################################
84# ldbm and/or bdb database definitions
85#######################################################################
86
87database        hdb
88suffix          "LDAP_DN"
89rootdn          "cn=admin,LDAP_DN"
90rootpw          LDAP_PWD_MD5
91
92checkpoint      1024 10
93# Save the time that the entry gets modified, for database #1
94lastmod         on
95
96# The database directory MUST exist prior to running slapd AND
97# should only be accessible by the slapd and slap tools.
98# Mode 700 recommended.
99directory       /var/lib/ldap
100
101# Indices to maintain for this database
102index      default                                                    sub
103index      entryCSN,accountStatus                                     eq
104index      objectClass,uidNumber,gidNumber,entryUUID                  eq,pres
105index      sambaSID,sambaPrimaryGroupSID,sambaAcctFlags               eq,pres
106index      sambaDomainName,sambaSIDList,sambaGroupType                eq,pres
107index      cn,displayName                                             eq,pres,subany,approx
108index      sn,ou,givenName,uid,employeeNumber                         eq,pres,subany
109index      memberUid,mail,mailAlternateAddress,mailForwardingAddress  eq,pres,subany
110index      phpgwContactOwner,phpgwAccountType,phpgwAccountStatus      eq,pres
111index      uniqueMember                                               pres
112
113# ACLs basicas
114access to attrs=userPassword
115        by dn="cn=admin,LDAP_DN" write
116        by anonymous auth
117        by self write
118        by * none
119
120access to dn.base="" by * read
121
122access to *
123        by dn="cn=admin,LDAP_DN" write
124        by * read
125
Note: See TracBrowser for help on using the repository browser.