1# 2# See slapd.conf(5) for details on configuration options. 3# This file should NOT be world readable. 4# 5include %SYSCONFDIR%/schema/core.schema 6 7# Define global ACLs to disable default read access. 8 9# Do not enable referrals until AFTER you have a working directory 10# service AND an understanding of referrals. 11#referral ldap://root.openldap.org 12 13pidfile %LOCALSTATEDIR%/run/slapd.pid 14argsfile %LOCALSTATEDIR%/run/slapd.args 15 16# Load dynamic backend modules: 17# modulepath %MODULEDIR% 18# moduleload back_mdb.la 19# moduleload back_ldap.la 20 21# Sample security restrictions 22# Require integrity protection (prevent hijacking) 23# Require 112-bit (3DES or better) encryption for updates 24# Require 63-bit encryption for simple bind 25# security ssf=1 update_ssf=112 simple_bind=64 26 27# Sample access control policy: 28# Root DSE: allow anyone to read it 29# Subschema (sub)entry DSE: allow anyone to read it 30# Other DSEs: 31# Allow self write access 32# Allow authenticated users read access 33# Allow anonymous users to authenticate 34# Directives needed to implement policy: 35# access to dn.base="" by * read 36# access to dn.base="cn=Subschema" by * read 37# access to * 38# by self write 39# by users read 40# by anonymous auth 41# 42# if no access controls are present, the default policy 43# allows anyone and everyone to read anything but restricts 44# updates to rootdn. (e.g., "access to * by * read") 45# 46# rootdn can always read and write EVERYTHING! 47 48####################################################################### 49# config database definitions 50####################################################################### 51database config 52# Uncomment the rootpw line to allow binding as the cn=config 53# rootdn so that temporary modifications to the configuration can be made 54# while slapd is running. They will not persist across a restart. 55# rootpw secret 56 57####################################################################### 58# MDB database definitions 59####################################################################### 60 61database mdb 62maxsize 1073741824 63suffix "dc=my-domain,dc=com" 64rootdn "cn=Manager,dc=my-domain,dc=com" 65# Cleartext passwords, especially for the rootdn, should 66# be avoid. See slappasswd(8) and slapd.conf(5) for details. 67# Use of strong authentication encouraged. 68rootpw secret 69# The database directory MUST exist prior to running slapd AND 70# should only be accessible by the slapd and slap tools. 71# Mode 700 recommended. 72directory %LOCALSTATEDIR%/openldap-data 73# Indices to maintain 74index objectClass eq 75 76####################################################################### 77# monitor database definitions 78####################################################################### 79database monitor 80