Psst.. new poll here.
Psst.. new forums here.
Microsoft is blocking us again (TY IP Reputation!) so just use oauth login instead. :)
Paste
Pasted as Apache by snolahc ( 15 years ago )
# This is the main slapd configuration file. See slapd.conf(5) for more
# info on the configuration options.
# Designed on Debian from OpenLDAP 2.3 or greater
###################################################################
#Variables for packaging Redhat,Debian
# /etc/ldap/schema
#Debian : /etc/ldap/schema
#Redhat : /etc/openldap/schema
#
#/var/run/slapd
#Debian : /var/run/slapd
#Redhat : /var/run/openldap
#
##/var/run/slapd
#Debian : /var/run/slapd
#Redhat : /var/run/openldap
#
#
#Dedian Need modulepath and moduleload, whereas Redhat no.
#
#
###################################################################
# Global Directives:
# Features to permit
#allow bind_v2
# Schema and objectClass definitions
#include /etc/ldap/schema/gofax.schema
#include /etc/ldap/schema/gofon.schema
#include /etc/ldap/schema/gosa-samba3.schema
#include /etc/ldap/schema/goserver.schema
#include /etc/ldap/schema/gosystem.schema
#include /etc/ldap/schema/goto-mime.schema
#include /etc/ldap/schema/goto.schema
#include /etc/ldap/schema/rfc2307bis.schema
#include /etc/ldap/schema/samba3.schema
include /etc/ldap/schema/trust.schema
include /etc/ldap/schema/core.schema
include /etc/ldap/schema/cosine.schema
include /etc/ldap/schema/nis.schema
include /etc/ldap/schema/inetorgperson.schema
include /etc/ldap/schema/obm.schema
include /etc/ldap/schema/samba.schema
# Where the pid file is put. The init.d script
# will not stop the server if you change this.
pidfile /var/run/slapd/slapd.pid
# List of arguments that were passed to the server
argsfile /var/run/slapd/slapd.args
# Read slapd.conf(5) for possible values
loglevel 0
# Where the dynamically loaded modules are stored
modulepath /usr/lib/ldap
moduleload back_bdb
#module pour syncrepl en MASTER
#moduleload syncprov
# The maximum number of entries that is returned for a search operation
# You can put no limit for authenticated user - see below
# Default 500
sizelimit unlimited
# The tool-threads parameter sets the actual amount of cpu's that is used
# for indexing.
tool-threads 1
## BEGIN TLS
#TLSCACertificateFile /var/lib/obm-ca/cacert.pem
#TLSCertificateFile /etc/obm/certs/obm_cert.pem
#TLSCertificateKeyFile /etc/obm/certs/obm_cert.pem
## End TLS
#
# Default database
defaultsearchbase "dc=snolahc,dc=fr"
#######################################################################
# Specific Backend Directives for bdb:
# Backend specific directives apply to this backend until another
# 'backend' directive occurs
backend bdb
#######################################################################
# Specific Directives for database #1, of type bdb:
# Database specific directives apply to this databasse until another
# 'database' directive occurs
database bdb
# The base of your directory in database #1
suffix "dc=snolahc,dc=fr"
overlay glue
# rootdn directive for specifying a superuser on the database. This is needed
# for syncrepl.
rootdn "cn=admin,dc=snolahc,dc=fr"
#PLEASE, change password, cf /usr/share/doc/obm-ldap/
#rootpw {SSHA}K29nVEh+rsnr6dcDCr/sWVp+BNtby795
rootpw {SSHA}i/OTdPTcRixwT6OoxcWsyzNxOTSPQ+vD
# Where the database file are physically stored for database #1
directory "/var/lib/ldap"
# BEGIN DBD file environment setings
# Modify this options need to recover DB_CONFIG file and BDB file environment
# which need to stop 'slapd' and recover BDB files(1) if done on hot LDAP database.
# Else you can simply remove database files before starting 'slapd'.
#
# 1) to recover BDB file environment :
# Debian : db_recover -cev -h 'directory'
# RedHat : slap_db_recover -cev -h 'directory'
# For the Debian package we use 2MB as default but be sure to update this
# value if you have plenty of RAM
dbconfig set_cachesize 0 52428800 0
# Sven Hartge reported that he had to set this value incredibly high
# to get slapd running at all. See http://bugs.debian.org/303057
# for more information.
dbconfig set_flags DB_LOG_AUTOREMOVE
dbconfig set_lg_bsize 1048576
# Number of objects that can be locked at the same time.
dbconfig set_lk_max_objects 2000
# Number of locks (both requested and granted)
dbconfig set_lk_max_locks 2000
# Number of lockers
dbconfig set_lk_max_lockers 2000
# END DBD file environment setings
# BEGIN DBD LDAP database tuning
# Modify this options need 'slapd' restart
# Sync BDB cache every 1024 Kb write or 30s
checkpoint 1024 30
## Maintain n entries in cache memory - default 1000
#cachesize 1000
## Free n cache entries when reach 'cachesize' - default 1
#cachefree 1
## Maintain n DN entries in DN cache memory - default 2*'cachesize' - ideal as of
## real DN database entries
#dncachesize 2000
# END DBD LDAP database tuning
# BEGIN index definition
# Database Index
index default pres
index uidNumber,gidNumber eq,pres
index loginShell eq,pres
index objectClass pres,eq
# Mail
index mailBox eq
index mailAccess eq
index mailBoxServer eq
index mail,mailAlias eq,pres,sub
# Group
index member eq,pres
index memberUid eq,pres
# Without Samba
index cn,sn,uid pres,sub,eq
# With Samba
#index cn,sn,uid,displayName pres,sub,eq
#index sambaSID eq,pres
#index sambaPrimaryGroupSID eq,pres
#index sambaSIDList eq,pres
#index sambaDomainName eq
## Index pour SyncRepl MASTER
#index entryCSN,entryUUID eq
# BEGIN index definition
#
## Replication SyncRepl en MASTER
#overlay syncprov
#syncprov-checkpoint 100 10
#syncprov-sessionlog 100
# Save the time that the entry gets modified, for database #1
lastmod on
# Where to store the replica logs for database #1
#replogfile /var/lib/ldap/replog
# BEGIN Common ACLs
# Allow obmSatellite athenticated requests without response limits
limits dn.exact="uid=obmsatellite,ou=sysusers,dc=snolahc,dc=fr" size=unlimited
# ACL sample to limit access on entries in relation to 'hiddenUser'
# attribute
# This ACL can be tuned to get more flexibility (see 'man slapd.access')
access to filter=(hiddenUser=TRUE)
by dn="cn=admin,dc=snolahc,dc=fr" write
by dn="uid=obmsatellite,ou=sysusers,dc=snolahc,dc=fr" read
by anonymous auth
by self write
by * none
# END Common ACLs
# BEGIN without SAMBA ACLs
# The userPassword by default can be changed
# by the entry owning it if they are authenticated.
# Others should not be able to see it, except the
# admin entry below
access to attrs=userPassword,shadowLastChange
by dn="uid=admin,dc=snolahc,dc=fr" write
by anonymous auth
by self write
by * none
# Ensure read access to the base for things like
# supportedSASLMechanisms. Without this you may
# have problems with SASL not knowing what
# mechanisms are available and the like.
# Note that this is covered by the 'access to *'
# ACL below too but if you change that as people
# are wont to do you'll still need this if you
# want SASL (and possible other things) to work
# happily.
access to dn.base=""
by dn="cn=admin,dc=snolahc,dc=fr" write
by * read
# The admin dn has full write access, everyone else
# can read everything.
access to *
by dn="cn=admin,dc=snolahc,dc=fr" write
by * read
## For Netscape Roaming support, each user gets a roaming
## profile for which they have write access to
#access to dn=".*,ou=Roaming,o=morsnet"
# by dn="cn=admin,dc=aliacom,dc=local" write
# by dnattr=owner write
#
# END without SAMBA ACLs
## BEGIN with SAMBA ACLs
## The userPassword by default can be changed
## by the entry owning it if they are authenticated.
## Others should not be able to see it, except the
## admin entry below
#access to attrs=userPassword,shadowLastChange
# by anonymous auth
# by self write
# by dn="uid=ldapadmin,ou=sysusers,dc=local" write
# by dn="uid=samba,ou=sysusers,dc=local" write
# by * none
#
#access to dn.base=""
# by dn="uid=ldapadmin,ou=sysusers,dc=local" write
# by * read
#
#access to attrs=sambaLMPassword,sambaNTPassword,sambaPwdLastSet,sambaPwdMustChange,sambaPwdCanChange,sambaPasswordHistory
# by dn="uid=ldapadmin,ou=sysusers,dc=local" write
# by dn="uid=samba,ou=sysusers,dc=local" write
# by anonymous auth
# by self write
# by * none
#
#access to *
# by dn="uid=ldapadmin,ou=sysusers,dc=local" write
# by dn="uid=samba,ou=sysusers,dc=local" write
# by * read
#
## END with SAMBA ACLs
Revise this Paste