# # See slapd.conf(5) for details on configuration options. # This file should NOT be world readable. # include /usr/local/openldap/etc/openldap/schema/corba.schema include /usr/local/openldap/etc/openldap/schema/core.schema include /usr/local/openldap/etc/openldap/schema/cosine.schema include /usr/local/openldap/etc/openldap/schema/duaconf.schema include /usr/local/openldap/etc/openldap/schema/dyngroup.schema include /usr/local/openldap/etc/openldap/schema/inetorgperson.schema include /usr/local/openldap/etc/openldap/schema/java.schema include /usr/local/openldap/etc/openldap/schema/misc.schema include /usr/local/openldap/etc/openldap/schema/nis.schema include /usr/local/openldap/etc/openldap/schema/openldap.schema include /usr/local/openldap/etc/openldap/schema/ppolicy.schema include /usr/local/openldap/etc/openldap/schema/collective.schema #add OurOrganization schema include /usr/local/openldap/etc/openldap/schema/OurOrganization.schema # Allow LDAPv2 client connections. This is NOT the default. allow bind_v2 # This is for mirrormode replication serverID 11 # Global ACLs include /usr/local/openldap/etc/openldap/acls/global.acl # Do not enable referrals until AFTER you have a working directory # service AND an understanding of referrals. #referral ldap://root.openldap.org pidfile /usr/local/openldap/var/run/slapd.pid argsfile /usr/local/openldap/var/run/slapd.args # options: none sync parse shell stats2 stats ACL config filter BER conns args packets trace any # https://www.openldap.org/doc/admin24/slapdconfig.html #loglevel none #loglevel stats sync loglevel stats #loglevel none #loglevel any # The next three lines allow use of TLS for encrypting connections using a # dummy test certificate which you can generate by running # /usr/libexec/openldap/generate-server-cert.sh. Your client software may balk # at self-signed certificates, however. TLSCACertificatePath /usr/local/openldap/etc/openldap/certs TLSCACertificateFile /usr/local/openldap/etc/openldap/certs/rootCA.pem TLSCertificateFile /usr/local/openldap/etc/openldap/certs/server.crt TLSCertificateKeyFile /usr/local/openldap/etc/openldap/certs/server.key #TLSCertificateFile /etc/pki/tls/certs/ldap1_pubkey.pem #TLSCertificateKeyFile /etc/pki/tls/certs/ldap1_privkey.pem sizelimit 250000 # Setup the idle timeout to prevent app servers from taking down ldap. # logout idle clients after 30 seconds idletimeout 10 ####################################################################### # database definitions ####################################################################### ####################################################################### # Monitor ####################################################################### database monitor include /usr/local/openldap/etc/openldap/acls/monitor.acl rootdn "uid=monitor,cn=Monitor" rootpw ZZZ ####################################################################### # Database specific directives apply to this databasse until another # 'database' directive occurs ####################################################################### database mdb suffix "o=ourorg" # Where the database file are physically stored for database #directory /usr/local/openldap/var/openldap-data directory /data/openldap-data rootdn "uid=root,cn=special,o=ourorg" rootpw {SSHA}XXX monitoring on maxsize 25769803776 envflags writemap nometasync # Ourorg settings: we want uid,cn, and uniqueMember indexed # Indexing options for database index uid eq index cn eq index objectClass eq index uniqueMember eq index entryCSN,entryUUID eq tool-threads 4 ######################################################################### # FST db specific ACLs ######################################################################### include /usr/local/openldap/etc/openldap/acls/fst.acl # Give unlimited access to search this database for syncrepl limits dn.exact="uid=syncuser,cn=special,o=ourorg" size.hard=unlimited size.soft=unlimited time.hard=unlimited time.soft=unlimited limits dn.exact="uid=slaveuser,cn=special,o=ourorg" size.hard=unlimited size.soft=unlimited time.hard=unlimited time.soft=unlimited # Syncrepl Provider for ourorg db overlay syncprov # update the contextCSN in the database after either # 100 successful write operations OR # more than 10 minutes have elapsed # since the last time the contextCSN was written to the database syncprov-checkpoint 100 10 # Syncrepl provider maintains a record of last 100 successful write operations # The current design of the session log store is memory based syncprov-sessionlog 100 ############################################################################ # Syncrepl consumer directives ############################################################################ syncrepl rid=12 provider=ldaps://ldp-12.ourorg.org tls_reqcert=never bindmethod=simple binddn="uid=syncuser,cn=special,o=ourorg" credentials=YYY searchbase="o=ourorg" schemachecking=on type=refreshAndPersist retry="60 +" ############################################################################# # MirrorMode setup ############################################################################# mirrormode on # The lastmod overlay dynamically generates an entry with RDN "cn=Lastmod", rooted # at the underlying database suffix, that contains the relevant info about the last # modification that occurred in the underlying database. lastmod on