serverID 001 allow bind_v2 disallow bind_anon require authc include /etc/ldap/schema/core.schema include /etc/ldap/schema/cosine.schema include /etc/ldap/schema/nis.schema include /etc/ldap/schema/inetorgperson.schema include /etc/ldap/schema/samba.schema include /etc/ldap/schema/eduperson.schema include /etc/ldap/schema/breduperson.0.0.6.schema include /etc/ldap/schema/postfix.schema include /etc/ldap/schema/ns-mail.schema include /etc/ldap/schema/rfc2739-turba.schema pidfile /var/run/slapd/slapd.pid argsfile /var/run/slapd/slapd.args loglevel stats trace args shell modulepath /usr/lib/ldap moduleload back_mdb moduleload back_monitor moduleload syncprov moduleload accesslog moduleload memberof moduleload refint sizelimit 500 TLSCACertificateFile /etc/ssl/root+intermediate.pem TLSCertificateKeyFile /etc/ssl/my-ldap-box.key TLSCertificateFile /etc/ssl/my-ldap-box.cer # Database #0: config database config rootdn "cn=manager,cn=config" rootpw {SSHA}xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx # Database #1: main base database mdb suffix "dc=mydomain,dc=local" rootdn "cn=manager,dc=mydomain,dc=local" rootpw {SSHA}xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx directory "/var/lib/ldap" maxsize 7516192768 idletimeout 7 writetimeout 7 index objectClass,uidNumber,gidNumber eq index memberUid,memberOf eq index cn,sn,uid,ou,displayName pres,sub,eq index mail,givenname eq,subinitial index entryCSN,entryUUID eq index mailAlternateAddress eq index mailAcceptingGeneralId eq index o eq limits dn.exact="cn=replica,dc=mydomain,dc=loca" time.soft=unlimited time.hard=unlimited size.soft=unlimited size.hard=unlimited # here a lot of ACLs overlay syncprov syncprov-checkpoint 1000 60 # I disabled replication after the first errors #syncrepl rid=001 # provider=ldaps://my-ldap-02 # bindmethod=simple # binddn="cn=replica,dc=mydomain,dc=local" # credentials=xxxxxxxxxxxxxxxxxxxx # searchbase="dc=mydomain,dc=local" # schemachecking=on # type=refreshAndPersist # retry="60 +" #mirrormode on overlay refint overlay memberof memberof-refint true overlay accesslog logdb cn=log logops writes logold (&(objectclass=posixAccount)(uid=*)) logsuccess TRUE logpurge 00+00:10 00+00:10 # Database #2: log database mdb suffix cn=log index default eq index objectClass,reqStart,reqType eq index reqMod sub # more ACLs # Database #3: monitor database monitor access to * by dn.exact="cn=manager,dc=mydomain,dc=local" read by * none