1# 2# See slapd.conf(5) for details on configuration options. 3# This file should NOT be world readable. 4# 5include /private/etc/openldap/schema/core.schema 6 7# Define global ACLs to disable default read access. 8 9# Do not enable referrals until AFTER you have a working directory 10# service AND an understanding of referrals. 11#referral ldap://root.openldap.org 12 13pidfile /private/var/db/openldap/run/slapd.pid 14argsfile /private/var/db/openldap/run/slapd.args 15 16# Load dynamic backend modules: 17# modulepath /usr/libexec/openldap 18# moduleload back_bdb.la 19# moduleload back_hdb.la 20# moduleload back_ldap.la 21 22# Sample security restrictions 23# Require integrity protection (prevent hijacking) 24# Require 112-bit (3DES or better) encryption for updates 25# Require 63-bit encryption for simple bind 26# security ssf=1 update_ssf=112 simple_bind=64 27 28# Sample access control policy: 29# Root DSE: allow anyone to read it 30# Subschema (sub)entry DSE: allow anyone to read it 31# Other DSEs: 32# Allow self write access 33# Allow authenticated users read access 34# Allow anonymous users to authenticate 35# Directives needed to implement policy: 36# access to dn.base="" by * read 37# access to dn.base="cn=Subschema" by * read 38# access to * 39# by self write 40# by users read 41# by anonymous auth 42# 43# if no access controls are present, the default policy 44# allows anyone and everyone to read anything but restricts 45# updates to rootdn. (e.g., "access to * by * read") 46# 47# rootdn can always read and write EVERYTHING! 48 49####################################################################### 50# BDB database definitions 51####################################################################### 52 53database bdb 54suffix "dc=my-domain,dc=com" 55rootdn "cn=Manager,dc=my-domain,dc=com" 56# Cleartext passwords, especially for the rootdn, should 57# be avoid. See slappasswd(8) and slapd.conf(5) for details. 58# Use of strong authentication encouraged. 59rootpw secret 60# The database directory MUST exist prior to running slapd AND 61# should only be accessible by the slapd and slap tools. 62# Mode 700 recommended. 63directory /private/var/db/openldap/openldap-data 64# Indices to maintain 65index objectClass eq 66