[5797] | 1 | # This is the main slapd configuration file. See slapd.conf(5) for more |
---|
| 2 | # info on the configuration options. |
---|
| 3 | |
---|
| 4 | ####################################################################### |
---|
| 5 | # Global Directives: |
---|
| 6 | sizelimit -1 |
---|
| 7 | timelimit -1 |
---|
| 8 | threads 2 |
---|
| 9 | |
---|
| 10 | # Schema and objectClass definitions |
---|
| 11 | include /etc/ldap/schema/core.schema |
---|
| 12 | include /etc/ldap/schema/cosine.schema |
---|
| 13 | include /etc/ldap/schema/nis.schema |
---|
| 14 | include /etc/ldap/schema/inetorgperson.schema |
---|
[5818] | 15 | # Necessario para o Expresso Livre |
---|
[6710] | 16 | include /etc/ldap/schema/expressolivre.schema |
---|
[5797] | 17 | include /etc/ldap/schema/qmailuser.schema |
---|
| 18 | include /etc/ldap/schema/phpgwaccount.schema |
---|
| 19 | include /etc/ldap/schema/samba.schema |
---|
| 20 | include /etc/ldap/schema/phpgwcontact.schema |
---|
[6710] | 21 | include /etc/ldap/schema/phpgwquotacontrolled.schema |
---|
[5797] | 22 | |
---|
| 23 | # Where the pid file is put. The init.d script |
---|
| 24 | # will not stop the server if you change this. |
---|
| 25 | pidfile /var/run/slapd/slapd.pid |
---|
[5818] | 26 | argsfile /var/run/slapd/slapd.args |
---|
[5797] | 27 | |
---|
| 28 | # Read slapd.conf(5) for possible values |
---|
[5818] | 29 | loglevel 256 |
---|
[5797] | 30 | |
---|
[5818] | 31 | # Allow LDAPv2 client connections. This is NOT the default. |
---|
| 32 | # Necessario para o Expresso |
---|
| 33 | allow bind_v2 |
---|
| 34 | |
---|
| 35 | # Do not enable referrals until AFTER you have a working directory |
---|
| 36 | # service AND an understanding of referrals. |
---|
| 37 | #referral ldap://root.openldap.org |
---|
| 38 | |
---|
| 39 | ####################################################################### |
---|
[5797] | 40 | # Where the dynamically loaded modules are stored |
---|
| 41 | modulepath /usr/lib/ldap |
---|
| 42 | moduleload back_hdb |
---|
| 43 | |
---|
| 44 | # Specific Backend Directives for bdb: |
---|
| 45 | # Backend specific directives apply to this backend until another |
---|
| 46 | # 'backend' directive occurs |
---|
| 47 | backend hdb |
---|
| 48 | ####################################################################### |
---|
| 49 | # Specific Directives for database #1, of type bdb: |
---|
| 50 | # Database specific directives apply to this databasse until another |
---|
| 51 | # 'database' directive occurs |
---|
| 52 | database hdb |
---|
| 53 | |
---|
| 54 | # The base of your directory in database #1 |
---|
| 55 | suffix "LDAP_DN" |
---|
| 56 | rootdn "cn=admin,LDAP_DN" |
---|
| 57 | rootpw LDAP_PWD_MD5 |
---|
| 58 | |
---|
[5818] | 59 | checkpoint 1024 10 |
---|
| 60 | # Save the time that the entry gets modified, for database #1 |
---|
| 61 | lastmod on |
---|
| 62 | |
---|
[5797] | 63 | # Where the database file are physically stored for database #1 |
---|
| 64 | directory "/var/lib/ldap" |
---|
| 65 | |
---|
| 66 | # Indexing options for database #1 |
---|
[5818] | 67 | index default sub |
---|
| 68 | index entryCSN,accountStatus eq |
---|
| 69 | index objectClass,uidNumber,gidNumber,entryUUID eq,pres |
---|
| 70 | index sambaSID,sambaPrimaryGroupSID,sambaAcctFlags eq,pres |
---|
| 71 | index sambaDomainName,sambaSIDList,sambaGroupType eq,pres |
---|
| 72 | index cn,displayName eq,pres,subany,approx |
---|
| 73 | index sn,ou,givenName,uid,employeeNumber eq,pres,subany |
---|
| 74 | index memberUid,mail,mailAlternateAddress,mailForwardingAddress eq,pres,subany |
---|
| 75 | index phpgwContactOwner,phpgwAccountType,phpgwAccountStatus eq,pres |
---|
| 76 | index uniqueMember pres |
---|
[5797] | 77 | |
---|
| 78 | |
---|
| 79 | # Where to store the replica logs for database #1 |
---|
| 80 | # replogfile /var/lib/ldap/replog |
---|
| 81 | |
---|
| 82 | # The userPassword by default can be changed |
---|
| 83 | # by the entry owning it if they are authenticated. |
---|
| 84 | # Others should not be able to see it, except the |
---|
| 85 | # admin entry below |
---|
| 86 | # These access lines apply to database #1 only |
---|
| 87 | access to attrs=userPassword |
---|
| 88 | by dn="cn=admin,LDAP_DN" write |
---|
| 89 | by anonymous auth |
---|
| 90 | by self write |
---|
| 91 | by * none |
---|
| 92 | |
---|
| 93 | # Ensure read access to the base for things like |
---|
| 94 | # supportedSASLMechanisms. Without this you may |
---|
| 95 | # have problems with SASL not knowing what |
---|
| 96 | # mechanisms are available and the like. |
---|
| 97 | # Note that this is covered by the 'access to *' |
---|
| 98 | # ACL below too but if you change that as people |
---|
| 99 | # are wont to do you'll still need this if you |
---|
| 100 | # want SASL (and possible other things) to work |
---|
| 101 | # happily. |
---|
| 102 | access to dn.base="" by * read |
---|
| 103 | |
---|
| 104 | # The admin dn has full write access, everyone else |
---|
| 105 | # can read everything. |
---|
| 106 | access to * |
---|
| 107 | by dn="cn=admin,LDAP_DN" write |
---|
| 108 | by * read |
---|
| 109 | |
---|
| 110 | # For Netscape Roaming support, each user gets a roaming |
---|
| 111 | # profile for which they have write access to |
---|
| 112 | #access to dn=".*,ou=Roaming,o=morsnet" |
---|
| 113 | # by dn="cn=admin,dc=pr,dc=gov,dc=br" write |
---|
| 114 | # by dnattr=owner write |
---|
| 115 | |
---|
| 116 | ####################################################################### |
---|
| 117 | # Specific Directives for database #2, of type 'other' (can be bdb too): |
---|
| 118 | # Database specific directives apply to this databasse until another |
---|
| 119 | # 'database' directive occurs |
---|
| 120 | #database <other> |
---|
| 121 | |
---|
| 122 | # The base of your directory for database #2 |
---|
| 123 | #suffix "dc=debian,dc=org" |
---|