openldap/servers/slapd/slapd.conf

#
# See slapd.conf(5) for details on configuration options.
# This file should NOT be world readable.
#
include		%SYSCONFDIR%/schema/core.schema

# Define global ACLs to disable default read access.

# Do not enable referrals until AFTER you have a working directory
# service AND an understanding of referrals.
#referral	ldap://root.openldap.org

pidfile		%LOCALSTATEDIR%/run/slapd.pid
argsfile	%LOCALSTATEDIR%/run/slapd.args

# Load dynamic backend modules:
# modulepath	%MODULEDIR%
# moduleload	back_mdb.la
# moduleload	back_ldap.la

# Sample security restrictions
#	Require integrity protection (prevent hijacking)
#	Require 112-bit (3DES or better) encryption for updates
#	Require 63-bit encryption for simple bind
# security ssf=1 update_ssf=112 simple_bind=64

# Sample access control policy:
#	Root DSE: allow anyone to read it
#	Subschema (sub)entry DSE: allow anyone to read it
#	Other DSEs:
#		Allow self write access
#		Allow authenticated users read access
#		Allow anonymous users to authenticate
#	Directives needed to implement policy:
# access to dn.base="" by * read
# access to dn.base="cn=Subschema" by * read
# access to *
#	by self write
#	by users read
#	by anonymous auth
#
# if no access controls are present, the default policy
# allows anyone and everyone to read anything but restricts
# updates to rootdn.  (e.g., "access to * by * read")
#
# rootdn can always read and write EVERYTHING!

#######################################################################
# MDB database definitions
#######################################################################

database	mdb
maxsize		1073741824
suffix		"dc=my-domain,dc=com"
rootdn		"cn=Manager,dc=my-domain,dc=com"
# Cleartext passwords, especially for the rootdn, should
# be avoid.  See slappasswd(8) and slapd.conf(5) for details.
# Use of strong authentication encouraged.
rootpw		secret
# The database directory MUST exist prior to running slapd AND 
# should only be accessible by the slapd and slap tools.
# Mode 700 recommended.
directory	%LOCALSTATEDIR%/openldap-data
# Indices to maintain
index	objectClass	eq
Add reference to slapd.conf(5) and recommendation to avoid cleartext passwords. 1999-01-16 09:48:26 +08:00			`#`
			`# See slapd.conf(5) for details on configuration options.`
Add 'should not be world readable' comment. 1999-01-16 09:51:02 +08:00			`# This file should NOT be world readable.`
Add reference to slapd.conf(5) and recommendation to avoid cleartext passwords. 1999-01-16 09:48:26 +08:00			`#`
Include core.schema, not old schema files 2000-06-06 01:47:15 +08:00			`include %SYSCONFDIR%/schema/core.schema`
Change referral comment to point to root.openldap.org instead of umich.edu. Both do not return anything useful. 1999-06-13 05:02:11 +08:00
Initial commit of new ACL engine. Engine supports descrete access privs, additive/substractive rules, and rule continuation. Existing rules that use 'defaultaccess none' should be 100% compatible. Rules that rely other defaultaccess settings will require addition of explicit clauses granting the access. Needs additional testing and tuning of logs 1999-10-22 01:53:56 +08:00			`# Define global ACLs to disable default read access.`
Change the defaultaccess to 'auth' Set defaultaccess to 'read' in distribution slapd.conf and add warnings Set schemacheck to 'on' in distribution slapd.conf and add warnings 1999-10-16 04:34:42 +08:00
			`# Do not enable referrals until AFTER you have a working directory`
			`# service AND an understanding of referrals.`
Change referral comment to point to root.openldap.org instead of umich.edu. Both do not return anything useful. 1999-06-13 05:02:11 +08:00			`#referral ldap://root.openldap.org`
Initial revision 1998-08-09 08:43:13 +08:00
Move pid/args files into $(RUNDIR)/run Move ldapi into $(RUNDIR)/run/openldap 2003-12-19 10:18:29 +08:00			`pidfile %LOCALSTATEDIR%/run/slapd.pid`
			`argsfile %LOCALSTATEDIR%/run/slapd.args`
Add pidfile/argsfile options to default slapd.conf. 1999-01-25 05:20:00 +08:00
Add "index objectClass eq" Add additional comments. Trim modules 2000-08-25 09:16:32 +08:00			`# Load dynamic backend modules:`
Added example 'moduleload' lines to slapd.conf 2000-04-30 23:01:32 +08:00			`# modulepath %MODULEDIR%`
Switch example slapd.conf to use mdb instead of bdb 2013-09-20 05:23:11 +08:00			`# moduleload back_mdb.la`
Added example 'moduleload' lines to slapd.conf 2000-04-30 23:01:32 +08:00			`# moduleload back_ldap.la`

Add security restrictions examples 2002-10-08 09:15:20 +08:00			`# Sample security restrictions`
			`# Require integrity protection (prevent hijacking)`
correct security sample 2002-10-12 13:10:41 +08:00			`# Require 112-bit (3DES or better) encryption for updates`
			`# Require 63-bit encryption for simple bind`
			`# security ssf=1 update_ssf=112 simple_bind=64`
Add security restrictions examples 2002-10-08 09:15:20 +08:00
use BDB and other updates 2002-02-02 14:23:12 +08:00			`# Sample access control policy:`
Clean up examples 2002-11-27 01:56:51 +08:00			`# Root DSE: allow anyone to read it`
Add comment about subschema ACLs 2003-02-26 03:00:59 +08:00			`# Subschema (sub)entry DSE: allow anyone to read it`
Clean up examples 2002-11-27 01:56:51 +08:00			`# Other DSEs:`
			`# Allow self write access`
			`# Allow authenticated users read access`
			`# Allow anonymous users to authenticate`
			`# Directives needed to implement policy:`
			`# access to dn.base="" by * read`
Add comment about subschema ACLs 2003-02-26 03:00:59 +08:00			`# access to dn.base="cn=Subschema" by * read`
Clean up examples 2002-11-27 01:56:51 +08:00			`# access to *`
Add a sample ACL 2001-09-26 04:30:51 +08:00			`# by self write`
			`# by users read`
			`# by anonymous auth`
			`#`
clarify default access control policy 2003-12-19 01:32:30 +08:00			`# if no access controls are present, the default policy`
			`# allows anyone and everyone to read anything but restricts`
			`# updates to rootdn. (e.g., "access to * by * read")`
Add a sample ACL 2001-09-26 04:30:51 +08:00			`#`
clarify default access control policy 2003-12-19 01:32:30 +08:00			`# rootdn can always read and write EVERYTHING!`
Add a sample ACL 2001-09-26 04:30:51 +08:00
Initial revision 1998-08-09 08:43:13 +08:00			`#######################################################################`
Minor fix BDB -> MDB 2016-01-30 03:21:55 +08:00			`# MDB database definitions`
Initial revision 1998-08-09 08:43:13 +08:00			`#######################################################################`

Switch example slapd.conf to use mdb instead of bdb 2013-09-20 05:23:11 +08:00			`database mdb`
Add maxsize parameter for mdb examples 2013-09-20 06:03:53 +08:00			`maxsize 1073741824`
Normalize DN 2001-03-15 11:04:51 +08:00			`suffix "dc=my-domain,dc=com"`
			`rootdn "cn=Manager,dc=my-domain,dc=com"`
Add "index objectClass eq" Add additional comments. Trim modules 2000-08-25 09:16:32 +08:00			`# Cleartext passwords, especially for the rootdn, should`
Add references to slappasswd(8) 2000-06-19 03:38:01 +08:00			`# be avoid. See slappasswd(8) and slapd.conf(5) for details.`
Add "index objectClass eq" Add additional comments. Trim modules 2000-08-25 09:16:32 +08:00			`# Use of strong authentication encouraged.`
Move default LDBM directory from /usr/tmp to $(localstatedir) 2000-05-03 18:07:21 +08:00			`rootpw secret`
Add "index objectClass eq" Add additional comments. Trim modules 2000-08-25 09:16:32 +08:00			`# The database directory MUST exist prior to running slapd AND`
Clarify comment 2003-03-24 10:11:16 +08:00			`# should only be accessible by the slapd and slap tools.`
			`# Mode 700 recommended.`
use BDB and other updates 2002-02-02 14:23:12 +08:00			`directory %LOCALSTATEDIR%/openldap-data`
Add "index objectClass eq" Add additional comments. Trim modules 2000-08-25 09:16:32 +08:00			`# Indices to maintain`
			`index objectClass eq`