# Module modulepath /usr/lib64/openldap/ moduleload back_ldap.la moduleload back_mdb.la moduleload ppolicy.la moduleload back_monitor.la moduleload accesslog.la moduleload dynlist.la moduleload back_meta.la # Schemata include /etc/openldap/schema/core.schema include /etc/openldap/schema/cosine.schema include /etc/openldap/schema/inetorgperson.schema include /etc/openldap/schema/dyngroup.schema include /etc/openldap/schema/openldap.schema include /etc/openldap/schema/nis.schema # linux include /etc/openldap/schema/ppolicy.schema # Define global ACLs # Manager ..... # "" access to dn.base="" by * read # subschema access to dn.base=cn=subschema by * read pidfile /var/run/slapd/slapd.pid argsfile /var/run/slapd/slapd.args # Defaultsearchbase defaultsearchbase "ou=humans,o=example,c=org" # Keine Begrenzung der Antwortgroessen und Antwortzeiten sizelimit -1 timelimit 200 # max. number of threads - defaults to 16 # should be number of replicas plus x # threads 16 # Der voreingestellte Loglevel muss ueberschrieben werden: # 1 liefert Funktionsaufrufe, speziell Malloc... loglevel config stats stats2 sync # Sample security restrictions # Require integrity protection (prevent hijacking) # Require 112-bit (3DES or better) encryption for updates # Require 63-bit encryption for simple bind # security ssf=1 update_ssf=112 simple_bind=64 TLSCACertificateFile /etc/openldap/ssl/ca.pem TLSCertificateFile /etc/openldap/ssl/cert.pem TLSCertificateKeyFile /etc/openldap/ssl/key.pem # So funktioniert das chaining nur für alle DB-Backends overlay chain ########################################################################### # Database definitions ########################################################################### ############################ Start DB Meta ########################### database meta suffix "ou=META,o=example,c=org" subordinate uri "ldap://SERVER/ou=META,o=example,c=org" conn-ttl 30 idle-timeout 1m30s # -------------------------------- INDEX -------------------------------- # # ------------------------------- OVERLAY ------------------------------- # # -------------------------------- SYNC -------------------------------- # # -------------------------------- ACL -------------------------------- # ..... ############################ Ende DB META ############################ ############################ Start DB Humans ############################ database mdb suffix "ou=humans,o=example,c=org" subordinate directory /var/lib/ldap/human-data rootdn "cn=gen.man,ou=mgr,o=example,c=org" checkpoint 4096 2 maxsize 10737418240 # -------------------------------- INDEX -------------------------------- # index entryCSN eq index entryUUID eq ..... # ------------------------------- OVERLAY ------------------------------- # # -------------------------------- SYNC -------------------------------- # syncrepl rid=401 provider=ldap://SERVER type=refreshAndPersist retry="60 10 300 10 3600 +" searchbase="ou=humans,o=example,c=org" bindmethod=simple binddn="cn=gen.man,ou=mgr,o=example,c=org" credentials=*** updateref ldap://SERVER # -------------------------------- ACL -------------------------------- # ..... ############################ Ende DB Humans ############################# ############################ Start DB Linux ############################# database mdb suffix "ou=linux,o=example,c=org" subordinate rootdn "cn=gen.man,ou=mgr,o=example,c=org" directory /var/lib/ldap/linux-data checkpoint 4096 2 maxsize 10737418240 # -------------------------------- INDEX -------------------------------- # index entryCSN eq index entryUUID eq ..... # ------------------------------- OVERLAY ------------------------------- # chain-uri "ldap://SERVER" chain-idassert-bind bindmethod="simple" binddn="cn=linux,ou=mgr,o=example,c=org" credentials=somethingsecret mode="self" #chain-tls start chain-return-error TRUE overlay ppolicy ppolicy_default "cn=default,ou=ppolicy,ou=linux,o=example,c=org" ppolicy_forward_updates ppolicy_use_lockout # -------------------------------- SYNC -------------------------------- # syncrepl rid=402 provider=ldap://SERVER searchbase="ou=linux,o=example,c=org" type=refreshAndPersist retry="60 10 300 10 3600 +" bindmethod=simple binddn="cn=gen.man,ou=mgr,o=example,c=org" credentials=*** updateref ldap://SERVER # -------------------------------- ACL -------------------------------- # ..... ############################ Ende DB Linux ############################## ############################ Start DB Steuer ############################ database mdb suffix "o=example,c=org" rootdn "cn=gen.man,ou=mgr,o=example,c=org" directory /var/lib/ldap/main-data checkpoint 4096 2 maxsize 10737418240 # -------------------------------- INDEX -------------------------------- # index entryCSN eq index entryUUID eq ..... # ------------------------------- OVERLAY ------------------------------- # overlay glue # -------------------------------- SYNC -------------------------------- # # -------------------------------- ACL -------------------------------- # ..... ############################ Ende DB Steuer ############################# ############################ Start DB Monitor ########################### database monitor # -------------------------------- INDEX -------------------------------- # # ------------------------------- OVERLAY ------------------------------- # # -------------------------------- SYNC -------------------------------- # # -------------------------------- ACL -------------------------------- # ..... ############################ Ende DB Monitor ############################ ############################ Start DB Config ############################ database config rootdn "cn=gen.man,ou=mgr,o=example,c=org" # -------------------------------- INDEX -------------------------------- # # ------------------------------- OVERLAY ------------------------------- # # -------------------------------- SYNC -------------------------------- # # -------------------------------- ACL -------------------------------- # ..... ############################ Ende DB Config #############################