# This is the main slapd configuration file. See slapd.conf(5) for more # info on the configuration options. ####################################################################### # Global Directives: ServerID 1 # Features to permit #@allow_v2@ # Schema and objectClass definitions include /etc/openldap/schema/core.schema include /etc/openldap/schema/cosine.schema include /etc/openldap/schema/nis.schema include /etc/openldap/schema/inetorgperson.schema # Schema check allows for forcing entries to # match schemas for their objectClasses's #schemacheck off # Where the pid file is put. The init.d script # will not stop the server if you change this. pidfile /var/openldap/run/slapd.pid # List of arguments that were passed to the server #argsfile /var/openldap/run/slapd.args # Read slapd.conf(5) for possible values #loglevel 0 # Where the dynamically loaded modules are stored modulepath /usr/lib/ldap moduleload back_@backend@ sizelimit 500 ####################################################################### # Specific Backend Directives for bdb: # Backend specific directives apply to this backend until another # 'backend' directive occurs backend @backend@ ####################################################################### # Specific Backend Directives for 'other': # Backend specific directives apply to this backend until another # 'backend' directive occurs #backend ####################################################################### # Specific Directives for database #1, of type bdb: # Database specific directives apply to this databasse until another # 'database' directive occurs database @backend@ # The base of your directory in database #1 suffix "@SUFFIX@" rootdn "@ADMIN@" # Where the database file are physically stored for database #1 directory "/var/openldap/openldap-data" # Indexing options for database #1 index objectClass eq index userPassword eq,pres index entryUUID eq,pres index entryCSN eq,pres cachesize 1000000 #dbcachesize 100000 # Save the time that the entry gets modified, for database #1 lastmod on rootdn "@ADMIN@" rootpw @RootPW@ # The userPassword by default can be changed # by the entry owning it if they are authenticated. # Others should not be able to see it, except the # admin entry below # These access lines apply to database #1 only access to attrs=userPassword by dn.regex="@ADMIN@" write by anonymous auth by self write by * none # Ensure read access to the base for things like # supportedSASLMechanisms. Without this you may # have problems with SASL not knowing what # mechanisms are available and the like. # Note that this is covered by the 'access to *' # ACL below too but if you change that as people # are wont to do you'll still need this if you # want SASL (and possible other things) to work # happily. access to dn.base="" by * read # The admin dn has full write access, everyone else # can read everything. access to * by dn.regex="@ADMIN@" write by * read