[Summary view] [Print] [Text view]

   1  # This is the main ldapd configuration file. See slapd.conf(5) for more
   2  # info on the configuration options.
   3  
   4  # Schema and objectClass definitions
   5  include         #SCHEMADIR#/core.schema
   6  include         #SCHEMADIR#/cosine.schema
   7  include         #SCHEMADIR#/nis.schema
   8  include         #SCHEMADIR#/inetorgperson.schema
   9  include         #SCHEMADIR#/ltsp.schema
  10  include         #SCHEMADIR#/samba.schema
  11  include         #SCHEMADIR#/samba3.schema
  12  include         #SCHEMADIR#/printer.schema
  13  
  14  # Schema check allows for forcing entries to
  15  # match schemas for their objectClasses's
  16  schemacheck    off
  17  
  18  # Where clients are refered to if no
  19  # match is found locally
  20  #referral    ldap://some.other.ldap.server
  21  
  22  # Where the pid file is put. The init.d script
  23  # will not stop the server if you change this.
  24  pidfile        /var/run/slapd.pid
  25  
  26  # List of arguments that were passed to the server
  27  argsfile    /var/run/slapd.args
  28  
  29  # Read slapd.conf(5) for possible values
  30  loglevel    0
  31  
  32  #######################################################################
  33  # ldbm database definitions
  34  #######################################################################
  35  
  36  # The backend type, ldbm, is the default standard
  37  database    ldbm
  38  
  39  # The base of your directory
  40  suffix        "#BASEDN#"
  41  rootdn        "#ADMINRDN#,#BASEDN#"
  42  rootpw        #ADMINPW#
  43  
  44  # Where the database file are physically stored
  45  directory    "/var/lib/ldap"
  46  
  47  index   objectClass,sambaSID,uid,uidNumber,gidNumber,memberUid,member       eq
  48  index   cn              eq,subinitial
  49  
  50  # Save the time that the entry gets modified
  51  lastmod on
  52  
  53  # For Netscape Roaming support, each user gets a roaming
  54  # profile for which they have write access to
  55  #access to dn=".*,ou=Roaming,@SUFFIX@"
  56  #    by dnattr=owner write
  57  
  58  # The userPassword by default can be changed
  59  # by the entry owning it if they are authenticated.
  60  # Others should not be able to see it, except the
  61  # admin entry below
  62  access to attr=userPassword
  63      by dn="#ADMINRDN#,#BASEDN#" write
  64      by anonymous auth
  65      by self write
  66      by * none
  67  
  68  # ACLs proposées par Bruno Bzeznic
  69  
  70  access to attr=userpassword
  71          by dn="#ADMINRDN#,#BASEDN#" write
  72          by self write
  73          by users none
  74          by anonymous auth
  75  
  76  access to attr=lmPassword
  77         by dn="#ADMINRDN#,#BASEDN#" write
  78         by self write
  79         by users none
  80         by anonymous auth
  81  
  82  access to attr=ntPassword
  83         by dn="#ADMINRDN#,#BASEDN#" write
  84         by self write
  85         by users none
  86         by anonymous auth
  87  
  88  # The admin dn has full write access
  89  access to *
  90      by dn="#ADMINRDN#,#BASEDN#" write
  91      by * read
  92  
  93  # Example replication using admin account. This will require taking the
  94  # out put of this database using slapcat(8C), and then importing that into
  95  # the replica using slapadd(8C).
  96  #
  97  # replogfile /var/lib/slurp/replog
  98  # replica host=ldap-rep.foo.com bindmethod=simple
  99  #    binddn="@ADMIN@"
 100  #    credentials="XXXXXX"
 101  
 102  # End of ldapd configuration file
 103  sizelimit    3500