source: trunk/INSTALL/rhel/6/etc/openldap/slapd.conf @ 5818

Revision 5818, 4.3 KB checked in by wmerlotto, 9 years ago (diff)

Ticket #2557 - Finalizada as correções para Debian Squeeze e Centos 6

  • Property svn:executable set to *
Line 
1#
2# See slapd.conf(5) for details on configuration options.
3# This file should NOT be world readable.
4#
5
6#######################################################################
7# Global Directives:
8sizelimit -1
9timelimit -1
10threads 2
11
12# Schema and objectClass definitions
13include         /etc/openldap/schema/core.schema
14include         /etc/openldap/schema/cosine.schema
15include         /etc/openldap/schema/inetorgperson.schema
16include         /etc/openldap/schema/nis.schema
17# Necessario para o Expresso Livre
18include         /etc/openldap/schema/qmailuser.schema
19include         /etc/openldap/schema/samba.schema
20include         /etc/openldap/schema/phpgwaccount.schema
21include         /etc/openldap/schema/phpgwcontact.schema
22include         /etc/openldap/schema/phpgwquotacontrolled.schema
23
24# Read slapd.conf(5) for possible values
25loglevel        256
26
27# Allow LDAPv2 client connections.  This is NOT the default.
28# Necessario para o Expresso
29allow bind_v2
30
31# Do not enable referrals until AFTER you have a working directory
32# service AND an understanding of referrals.
33#referral       ldap://root.openldap.org
34
35pidfile         /var/run/openldap/slapd.pid
36argsfile        /var/run/openldap/slapd.args
37
38# Load dynamic backend modules:
39# modulepath    /usr/lib/openldap
40# moduleload    back_bdb.la
41# moduleload    back_ldap.la
42# moduleload    back_ldbm.la
43# moduleload    back_passwd.la
44# moduleload    back_shell.la
45
46# The next three lines allow use of TLS for encrypting connections using a
47# dummy test certificate which you can generate by changing to
48# /etc/pki/tls/certs, running "make slapd.pem", and fixing permissions on
49# slapd.pem so that the ldap user or group can read it.  Your client software
50# may balk at self-signed certificates, however.
51# TLSCACertificateFile /etc/pki/tls/certs/ca-bundle.crt
52# TLSCertificateFile /etc/pki/tls/certs/slapd.pem
53# TLSCertificateKeyFile /etc/pki/tls/certs/slapd.pem
54
55# Sample security restrictions
56#       Require integrity protection (prevent hijacking)
57#       Require 112-bit (3DES or better) encryption for updates
58#       Require 63-bit encryption for simple bind
59# security ssf=1 update_ssf=112 simple_bind=64
60
61# Sample access control policy:
62#       Root DSE: allow anyone to read it
63#       Subschema (sub)entry DSE: allow anyone to read it
64#       Other DSEs:
65#               Allow self write access
66#               Allow authenticated users read access
67#               Allow anonymous users to authenticate
68#       Directives needed to implement policy:
69# access to dn.base="" by * read
70# access to dn.base="cn=Subschema" by * read
71# access to *
72#       by self write
73#       by users read
74#       by anonymous auth
75#
76# if no access controls are present, the default policy
77# allows anyone and everyone to read anything but restricts
78# updates to rootdn.  (e.g., "access to * by * read")
79#
80# rootdn can always read and write EVERYTHING!
81
82#######################################################################
83# ldbm and/or bdb database definitions
84#######################################################################
85
86database        hdb
87suffix          "LDAP_DN"
88rootdn          "cn=admin,LDAP_DN"
89rootpw          LDAP_PWD_MD5
90
91checkpoint      1024 10
92# Save the time that the entry gets modified, for database #1
93lastmod         on
94
95# The database directory MUST exist prior to running slapd AND
96# should only be accessible by the slapd and slap tools.
97# Mode 700 recommended.
98directory       /var/lib/ldap
99
100# Indices to maintain for this database
101index      default                                                    sub
102index      entryCSN,accountStatus                                     eq
103index      objectClass,uidNumber,gidNumber,entryUUID                  eq,pres
104index      sambaSID,sambaPrimaryGroupSID,sambaAcctFlags               eq,pres
105index      sambaDomainName,sambaSIDList,sambaGroupType                eq,pres
106index      cn,displayName                                             eq,pres,subany,approx
107index      sn,ou,givenName,uid,employeeNumber                         eq,pres,subany
108index      memberUid,mail,mailAlternateAddress,mailForwardingAddress  eq,pres,subany
109index      phpgwContactOwner,phpgwAccountType,phpgwAccountStatus      eq,pres
110index      uniqueMember                                               pres
111
112# ACLs basicas
113access to attrs=userPassword
114        by dn="cn=admin,LDAP_DN" write
115        by anonymous auth
116        by self write
117        by * none
118
119access to dn.base="" by * read
120
121access to *
122        by dn="cn=admin,LDAP_DN" write
123        by * read
124
Note: See TracBrowser for help on using the repository browser.