# Load dynamic backend modules dn: cn=module,cn=config objectClass: olcModuleList cn: module olcModulepath: /usr/lib/ldap olcModuleload: back_hdb olcModuleLoad: back_monitor # Database settings dn: olcDatabase=hdb,cn=config objectClass: olcDatabaseConfig objectClass: olcHdbConfig olcDatabase: {1}hdb olcSuffix: dc=test,dc=intra olcDbDirectory: /var/lib/ldap olcRootDN: cn=admin,dc=test,dc=intra olcRootPW: secret olcDbConfig: set_cachesize 0 2097152 0 olcDbConfig: set_lk_max_objects 1500 olcDbConfig: set_lk_max_locks 1500 olcDbConfig: set_lk_max_lockers 1500 olcDbIndex: objectClass eq olcDbIndex: uid eq olcDbIndex: cn eq olcDbIndex: ou eq olcDbIndex: uidNumber eq olcDbIndex: gidNumber eq olcDbIndex: memberUid eq olcDbIndex: uniqueMember eq olcLastMod: TRUE olcMonitoring: TRUE olcDbCheckpoint: 512 30 # Van http://doc.ubuntu.com/ubuntu/serverguide/C/openldap-server.html #olcAccess: to attrs=userPassword by dn="cn=admin,dc=example,dc=com" write by anonymous auth by self write by * none #olcAccess: to attrs=shadowLastChange by self write by * read #olcAccess: to dn.base="" by * read #olcAccess: to * by dn="cn=admin,dc=example,dc=com" write by * read # Van http://blogger.ziesemer.com/2010/05/openldap-ubuntu-linux.html olcAccess: to dn.subtree="ou=People,dc=test,dc=intra" attrs=userPassword,shadowLastChange by dn="cn=admin,dc=example,dc=com" write by anonymous auth by self write by * auth olcAccess: to attrs=userPassword,shadowLastChange by dn="cn=admin,dc=test,dc=intra" write by anonymous auth by * none # Below line should already exist by default in frontend # Idd, zie file /etc/ldap/slapd.d/cn=config/olcDatabase={-1}frontend.ldif #olcAccess: to dn.base="" by * read # Below line modified from "*" to "users" to prevent anonymous access. olcAccess: to * by dn="cn=admin,dc=test,dc=intra" write by users read