1# 2# See slapd.d(5) for details on configuration options. 3# This file should NOT be world readable. 4# 5dn: cn=config 6objectClass: olcGlobal 7cn: config 8# 9# 10# Define global ACLs to disable default read access. 11# 12olcArgsFile: %LOCALSTATEDIR%/run/slapd.args 13olcPidFile: %LOCALSTATEDIR%/run/slapd.pid 14# 15# Do not enable referrals until AFTER you have a working directory 16# service AND an understanding of referrals. 17#olcReferral: ldap://root.openldap.org 18# 19# Sample security restrictions 20# Require integrity protection (prevent hijacking) 21# Require 112-bit (3DES or better) encryption for updates 22# Require 64-bit encryption for simple bind 23#olcSecurity: ssf=1 update_ssf=112 simple_bind=64 24 25 26# 27# Load dynamic backend modules: 28# 29#dn: cn=module,cn=config 30#objectClass: olcModuleList 31#cn: module 32#olcModulepath: %MODULEDIR% 33#olcModuleload: back_bdb.la 34#olcModuleload: back_hdb.la 35#olcModuleload: back_ldap.la 36#olcModuleload: back_passwd.la 37#olcModuleload: back_shell.la 38 39 40dn: cn=schema,cn=config 41objectClass: olcSchemaConfig 42cn: schema 43 44include: file:///%SYSCONFDIR%/schema/core.ldif 45 46# Frontend settings 47# 48dn: olcDatabase=frontend,cn=config 49objectClass: olcDatabaseConfig 50olcDatabase: frontend 51# 52# Sample global access control policy: 53# Root DSE: allow anyone to read it 54# Subschema (sub)entry DSE: allow anyone to read it 55# Other DSEs: 56# Allow self write access 57# Allow authenticated users read access 58# Allow anonymous users to authenticate 59# 60#olcAccess: to dn.base="" by * read 61#olcAccess: to dn.base="cn=Subschema" by * read 62#olcAccess: to * 63# by self write 64# by users read 65# by anonymous auth 66# 67# if no access controls are present, the default policy 68# allows anyone and everyone to read anything but restricts 69# updates to rootdn. (e.g., "access to * by * read") 70# 71# rootdn can always read and write EVERYTHING! 72# 73 74 75####################################################################### 76# BDB database definitions 77####################################################################### 78# 79dn: olcDatabase=bdb,cn=config 80objectClass: olcDatabaseConfig 81objectClass: olcBdbConfig 82olcDatabase: bdb 83olcSuffix: dc=my-domain,dc=com 84olcRootDN: cn=Manager,dc=my-domain,dc=com 85# Cleartext passwords, especially for the rootdn, should 86# be avoided. See slappasswd(8) and slapd-config(5) for details. 87# Use of strong authentication encouraged. 88olcRootPW: secret 89# The database directory MUST exist prior to running slapd AND 90# should only be accessible by the slapd and slap tools. 91# Mode 700 recommended. 92olcDbDirectory: %LOCALSTATEDIR%/openldap-data 93# Indices to maintain 94olcDbIndex: objectClass eq 95