# See slapd.conf(5) for details on configuration options. # This file should NOT be world readable. # include /usr/local/etc/openldap/schema/core.schema include /usr/local/etc/openldap/schema/corba.schema include /usr/local/etc/openldap/schema/cosine.schema include /usr/local/etc/openldap/schema/dyngroup.schema include /usr/local/etc/openldap/schema/inetorgperson.schema include /usr/local/etc/openldap/schema/java.schema include /usr/local/etc/openldap/schema/misc.schema include /usr/local/etc/openldap/schema/nis.schema include /usr/local/etc/openldap/schema/openldap.schema include /usr/local/etc/openldap/schema/ppolicy.schema include /usr/local/etc/openldap/schema/sudo.schema include /usr/local/etc/openldap/schema/samba.schema include /usr/local/etc/openldap/schema/spamassassin.schema include /usr/local/etc/openldap/schema/openssh-lpk.schema include /usr/local/etc/openldap/schema/asterisk.schema # Define global ACLs to disable default read access. # Do not enable referrals until AFTER you have a working directory # service AND an understanding of referrals. #referral ldap://root.openldap.org pidfile /var/run/openldap/slapd.pid argsfile /var/run/openldap/slapd.args loglevel sync stats # Load dynamic backend modules: modulepath /usr/local/libexec/openldap moduleload back_bdb moduleload back_hdb # moduleload back_ldap #moduleload back_perl sizelimit 5000 # Sample access control policy: # Root DSE: allow anyone to read it # Subschema (sub)entry DSE: allow anyone to read it # Other DSEs: # Allow self write access # Allow authenticated users read access # Allow anonymous users to authenticate # Directives needed to implement policy: #access to dn.base="" by * read #access to dn.base="cn=Subschema" by * read #access to dn="" by * read #access to dn="cn=Subschema" by * read # # if no access controls are present, the default policy # allows anyone and everyone to read anything but restricts # updates to rootdn. (e.g., "access to * by * read") # # rootdn can always read and write EVERYTHING! # Enable TLS TLSCACertificatePath /etc/ssl/certs TLSCertificateFile /etc/ssl/certs/ro.devel.ldap.hostcomm.ru.crt TLSCertificateKeyFile /etc/ssl/private/ro.devel.ldap.hostcomm.ru.key # Here, ssf=128 tells OpenLDAP to require 128-bit encryption for all connections, both search and update. security ssf=128 require bind LDAPv3 ####################################################################### # BDB database definitions ####################################################################### database hdb suffix "o=company" rootdn "cn=ldapadm,o=company" rootpw password directory /var/db/openldap-data/o=company index mailLocalAddress pres,eq index mail pres,eq,sub index objectClass eq index uid eq,sub index entryUUID eq index cn eq syncrepl rid=001 provider=ldap://ro1.devel.ldap.hostcomm.ru:389 type=refreshAndPersist retry="5 10 300 +" searchbase="o=company" scope=sub schemachecking=off starttls=critical bindmethod=simple tls_reqcert=never binddn="uid=replica,ou=users,o=company" credentials="password" database config rootpw PASSW_FOR_CN=CONFIG