1# master slapd config -- for testing 2# $OpenLDAP$ 3## This work is part of OpenLDAP Software <http://www.openldap.org/>. 4## 5## Copyright 1998-2011 The OpenLDAP Foundation. 6## All rights reserved. 7## 8## Redistribution and use in source and binary forms, with or without 9## modification, are permitted only as authorized by the OpenLDAP 10## Public License. 11## 12## A copy of this license is available in the file LICENSE in the 13## top-level directory of the distribution or, alternatively, at 14## <http://www.OpenLDAP.org/license.html>. 15 16#ucdata-path ./ucdata 17include @SCHEMADIR@/core.schema 18include @SCHEMADIR@/cosine.schema 19include @SCHEMADIR@/inetorgperson.schema 20include @SCHEMADIR@/openldap.schema 21include @SCHEMADIR@/nis.schema 22pidfile @TESTDIR@/slapd.1.pid 23argsfile @TESTDIR@/slapd.1.args 24 25#mod#modulepath ../servers/slapd/back-@BACKEND@/ 26#mod#moduleload back_@BACKEND@.la 27#ldapmod#modulepath ../servers/slapd/back-ldap/ 28#ldapmod#moduleload back_ldap.la 29#monitormod#modulepath ../servers/slapd/back-monitor/ 30#monitormod#moduleload back_monitor.la 31#rwmmod#modulepath ../servers/slapd/overlays/ 32#rwmmod#moduleload rwm.la 33 34####################################################################### 35# database definitions 36####################################################################### 37 38authz-policy both 39authz-regexp "^uid=admin/([^,]+),.+" "ldap:///ou=Admin,dc=example,dc=com??sub?(cn=$1)" 40authz-regexp "^uid=it/([^,]+),.+" "ldap:///ou=People,dc=example,dc=it??sub?(uid=$1)" 41authz-regexp "^uid=(us/)?([^,]+),.+" "ldap:///ou=People,dc=example,dc=com??sub?(uid=$2)" 42 43# 44# normal installations should protect root dse, 45# cn=monitor, cn=schema, and cn=config 46# 47 48access to attrs=userpassword 49 by self =wx 50 by anonymous =x 51 52access to dn.exact="" 53 by * read 54 55access to * 56 by users read 57 by * search 58 59database @BACKEND@ 60 61suffix "dc=example,dc=com" 62rootdn "cn=Manager,dc=example,dc=com" 63rootpw secret 64#null#bind on 65#~null~#directory @TESTDIR@/db.1.a 66#indexdb#index objectClass eq 67#indexdb#index cn,sn,uid pres,eq,sub 68#ndb#dbname db_1 69#ndb#include @DATADIR@/ndb.conf 70 71access to dn.exact="cn=Proxy,ou=Admin,dc=example,dc=com" 72 attrs=authzTo 73 by dn.exact="cn=Proxy,ou=Admin,dc=example,dc=com" =wx 74 by * =x 75 76database @BACKEND@ 77 78suffix "dc=example,dc=it" 79rootdn "cn=Manager,dc=example,dc=it" 80rootpw secret 81#~null~#directory @TESTDIR@/db.2.a 82#indexdb#index objectClass eq 83#indexdb#index cn,sn,uid pres,eq,sub 84#ndb#dbname db_2 85#ndb#include @DATADIR@/ndb.conf 86 87database ldap 88suffix "o=Example,c=US" 89uri "@URI1@" 90 91#sasl#idassert-bind bindmethod=sasl binddn="cn=Proxy US,ou=Admin,dc=example,dc=com" authcId="admin/proxy US" credentials="proxy" @SASL_MECH@ mode=self 92#nosasl#idassert-bind bindmethod=simple binddn="cn=Proxy US,ou=Admin,dc=example,dc=com" credentials="proxy" mode=self 93 94# authorizes database 95idassert-authzFrom "dn.subtree:dc=example,dc=it" 96 97overlay rwm 98rwm-suffixmassage "dc=example,dc=com" 99 100database ldap 101suffix "o=Esempio,c=IT" 102uri "@URI1@" 103 104acl-authcDN "cn=Proxy IT,ou=Admin,dc=example,dc=com" 105acl-passwd proxy 106 107idassert-bind bindmethod=simple binddn="cn=Proxy IT,ou=Admin,dc=example,dc=com" credentials="proxy" authzId="dn:cn=Sandbox,ou=Admin,dc=example,dc=com" 108 109# authorizes database 110idassert-authzFrom "dn.subtree:dc=example,dc=com" 111# authorizes anonymous 112idassert-authzFrom "dn.exact:" 113 114overlay rwm 115rwm-suffixmassage "dc=example,dc=com" 116 117access to attrs=entry,cn,sn,mail 118 by users read 119 120access to * 121 by dn.exact="cn=Proxy IT,ou=Admin,o=Esempio,c=IT" read 122 by group.exact="cn=Authorizable,ou=Groups,o=Esempio,c=IT" read 123 by dn.exact="cn=Sandbox,ou=Admin,dc=example,dc=com" search 124 by * none 125 126#monitor#database monitor 127#monitor#rootdn "cn=monitor" 128#monitor#rootpw monitor 129