######################################### # Slapd configuration # Owner: Rocky ######################################### # Include schema definitions include /software/openldap2.4.22/etc/openldap/schema-new/Attributes.schema include /software/openldap2.4.22/etc/openldap/schema-new/ObjClass.schema include /software/openldap2.4.22/etc/openldap/schema-new/ppolicy.schema # Global Definitions serverID 2 threads 20 concurrency 20 gentlehup on idletimeout 300 sizelimit 4000 timelimit 3600 readonly off lastmod on loglevel 16384 # PID and argument file pidfile /software/openldap2.4.22/var/run/slapd.pid argsfile /software/openldap2.4.22/var/run/slapd.args # openldap2.4.22 Database Definitions database monitor #Primary DB Definition database bdb suffix "o=BT" rootdn "o=BT" password-hash {SHA} rootpw {SSHA}q9guM8+feXAC06F8Yqjkg5uK+oZvXJYS directory /software/openldap2.4.22/var/openldap-data # Mirrror Mode replication overlay syncprov syncprov-checkpoint 100 5 syncprov-sessionlog 100 sync_use_subentry TRUE syncrepl rid=001 provider=ldap://tardis03.nat.bt.com:489 bindmethod=simple binddn="o=BT" credentials=secret searchbase="o=BT" schemachecking=on type=refreshAndPersist retry="60 +" syncrepl rid=002 provider=ldap://tardis01.nat.bt.com:489 bindmethod=simple binddn="o=BT" credentials=secret searchbase="o=BT" schemachecking=on type=refreshAndPersist retry="60 +" mirrormode on # Auditlog Definition overlay auditlog auditlog /software/openldap2.4.22/etc/openldap/logs/ldapaudit.log # Password Policy Definition overlay ppolicy ppolicy_hash_cleartext #ppolicy_default "cn=default,ou=pwpolicies,o=BT" # Index Definition index aci pres index entryUUID eq index entryCSN eq index changenumber eq index cn pres,eq,sub index dncomp eq index givenName pres,eq,sub index mail pres,eq,sub index mailAlternateAddress eq index mailHost eq index member eq index mvaccountid pres,eq,sub index mvaccountname pres,eq,sub index mvproductset pres,eq index mvrole pres,eq index mvserviceofferinglist pres,eq index mvuserproduct pres,eq index objectclass eq index ou pres,eq,sub index owner eq index seeAlso eq index sn pres,eq,sub index telephoneNumber pres,eq,sub index uid pres,eq,sub index uniquemember eq ############################# ###### ACL definitions ###### ############################# # Top level defined Access Controls access to attrs=userpassword by self write by anonymous auth by * none access to * by self write by users read by * none access to * by dn.subtree="ou=Directory Administrators, o=BT" write ###### People Level Access Controls ##### access to attrs=userpassword,telephonenumber,facsimiletelephonenumber,cn,sn,uid by self write by * none access to * filter="ou=Accounting" by group.exact="cn=Accounting Managers,ou=groups,o=BT" write access to * filter="ou=Human Resources" by group.exact="cn=HR Managers,ou=groups,o=BT" write access to * filter="ou=Product Testing" by group.exact="cn=QA Managers,ou=groups,o=BT" write access to * filter="ou=Product Development" by group.exact="cn=PD Managers,ou=groups,o=BT" write ############################## ######## End Of ACLs ######### ##############################