LogoopenSUSE Build Service > Projects
Sign Up | Log In

View File slapd.conf of Package openldap2 (Project home:poigru:Misc-RHEL7)

# This file (slapd.conf) is the static configuration file of OpenLDAP server daemon.
#
# OpenLDAP daemon (slapd.service) supports two configuration styles:
# - Simple configuration with this file
# - Online configuration (OLC)
#
# You may choose the configuration style by setting it in:
# /etc/sysconfig/openldap OPENLDAP_CONFIG_BACKEND="files|ldap"
# If the value is set to "files", this configuration file will be used.
# If the value is set to "ldap", this configuration file will be entirely ignored, and
# the OLC configuration from /etc/openldap/slapd.d will be loaded.
#
# If you decide to use online configuration, please read the additional instructions in:
# /etc/openldap/slapd.conf.olctemplate
#
# Feel free to customise this file according to your needs, and start OpenLDAP
# server daemon by executing:
# systemctl start slapd.service
#
# To verify that LDAP service is running properly, try the following command:
# ldapsearch -x -D cn=Manager,dc=my-domain,dc=com -w secret -s base namingContexts

#
# See slapd.conf(5) for details on configuration options.
# See /etc/openldap/slapd.conf.example for more examples.
# This file should NOT be world readable.
#

pidfile		/run/slapd/slapd.pid
argsfile	/run/slapd/slapd.args

# The following schema files are often useful
include /etc/openldap/schema/core.schema
include /etc/openldap/schema/cosine.schema
include /etc/openldap/schema/inetorgperson.schema
include /etc/openldap/schema/rfc2307bis.schema
include /etc/openldap/schema/yast.schema

# Load backend modules such as databas engines
modulepath /usr/lib64/openldap
moduleload back_mdb.la
#moduleload back_hdb.la
#moduleload back_bdb.la

# Very important: define ACL to authorise client access
# The default settings permit rootdn to read and write, while other users
# may read the entire database or change their own password.
# If no ACL is present, everyone will be allowed to read the database.
# rootdn can always read and write everything.
access to dn.base=""
        by * read

access to dn.base="cn=Subschema"
        by * read

access to attrs=userPassword,userPKCS12
        by self write
        by * auth

access to attrs=shadowLastChange
        by self write
        by * read

access to *
        by * read

# Define a LDAP database
database     mdb
suffix       "dc=my-domain,dc=com"
rootdn       "cn=Manager,dc=my-domain,dc=com"
# Please avoid using clear text for root password
# See slappasswd(8) for instructions on creating a salted+hashed password
rootpw       secret
# The database directory must exist prior to the start of OpenLDAP daemon
# The directory should be owned by ldap user and permission 0700 is recommended
directory    /var/lib/ldap
# Indices to maintain
index        objectClass eq

# Using TLS to secure communication between LDAP clients and the server is strongly recommended.
# To enable TLS, you will need CA certificate, server certificate, and certificate key, and
# write down their paths below, make sure the files are readable by user "ldap".
# The server will then support StartTLS on standard port 389.
# To also serve LDAPS on port 636, set OPENLDAP_START_LDAPS="yes" in /etc/sysconfig/openldap.
#TLSProtocolMin 3.1
#TLSCipherSuite HIGH:!SSLv3:!SSLv2:!ADH
#TLSCACertificateFile /my/ca.crt
#TLSCertificateFile /my/tls.crt
#TLSCertificateKeyFile /my/tls.key