openldap/tests/data/slapd-idassert.conf
2004-06-19 15:46:38 +00:00

121 lines
3.3 KiB
Plaintext

# master slapd config -- for testing
# $OpenLDAP: pkg/ldap/tests/data/slapd-pw.conf,v 1.19.2.4 2003/12/15 22:05:29
kurt Exp $
## This work is part of OpenLDAP Software <http://www.openldap.org/>.
##
## Copyright 1998-2003 The OpenLDAP Foundation.
## All rights reserved.
##
## Redistribution and use in source and binary forms, with or without
## modification, are permitted only as authorized by the OpenLDAP
## Public License.
##
## A copy of this license is available in the file LICENSE in the
## top-level directory of the distribution or, alternatively, at
## <http://www.OpenLDAP.org/license.html>.
#ucdata-path ./ucdata
include ./schema/core.schema
include ./schema/cosine.schema
include ./schema/inetorgperson.schema
include ./schema/openldap.schema
include ./schema/nis.schema
pidfile ./testrun/slapd.1.pid
argsfile ./testrun/slapd.1.args
# password-hash {md5}
#mod#modulepath ../servers/slapd/back-@BACKEND@/
#mod#moduleload back_@BACKEND@.la
#######################################################################
# ldbm database definitions
#######################################################################
authz-policy both
authz-regexp "^uid=admin/([^,]+),.*" "ldap:///ou=Admin,dc=example,dc=com??sub?cn=$1"
authz-regexp "^uid=it/([^,]+),.*" "ldap:///ou=People,dc=example,dc=it??sub?uid=$1"
authz-regexp "^uid=(us/)*([^,]+),.*" "ldap:///ou=People,dc=example,dc=com??sub?uid=$2"
#
# normal installations should protect root dse,
# cn=monitor, cn=schema, and cn=config
#
access to attr=userpassword
by self =wx
by anonymous =x
access to dn.exact=""
by * read
access to *
by users read
by * search
database @BACKEND@
#ldbm#cachesize 0
suffix "dc=example,dc=com"
directory ./testrun/db.1.a
rootdn "cn=Manager,dc=example,dc=com"
rootpw secret
index objectClass eq
index cn,sn,uid pres,eq,sub
access to dn.exact="cn=Proxy,ou=Admin,dc=example,dc=com"
attr=authzTo
by dn.exact="cn=Proxy,ou=Admin,dc=example,dc=com" =wx
by * =x
database @BACKEND@
#ldbm#cachesize 0
suffix "dc=example,dc=it"
directory ./testrun/db.2.a
rootdn "cn=Manager,dc=example,dc=it"
rootpw secret
index objectClass eq
index cn,sn,uid pres,eq,sub
database ldap
suffix "o=Example,c=US"
suffixmassage "o=Example,c=US" "dc=example,dc=com"
uri "ldap://:9011/"
#sasl#idassert-method "sasl" "authcDN=cn=Proxy US,ou=Admin,dc=example,dc=com" "authcID=admin/proxy US" "cred=proxy" #SASL_MECH#
#nosasl#idassert-method "simple"
#nosasl#idassert-authcDN "cn=Proxy US,ou=Admin,dc=example,dc=com"
#nosasl#idassert-passwd proxy
idassert-mode self
# authorizes database
idassert-authz "dn.subtree:dc=example,dc=it"
database ldap
suffix "o=Esempio,c=IT"
suffixmassage "o=Esempio,c=IT" "dc=example,dc=com"
uri "ldap://:9011/"
acl-authcDN "cn=Proxy IT,ou=Admin,dc=example,dc=com"
acl-passwd proxy
idassert-method "simple"
idassert-authcDN "cn=Proxy IT,ou=Admin,dc=example,dc=com"
idassert-passwd proxy
idassert-mode "dn:cn=Sandbox,ou=Admin,dc=example,dc=com"
# authorizes database
idassert-authz "dn.subtree:dc=example,dc=com"
# authorizes anonymous
idassert-authz "dn.exact:"
access to attrs=entry,cn,sn,mail
by users read
access to *
by dn.exact="cn=Proxy IT,ou=Admin,o=Esempio,c=IT" read
by group.exact="cn=Authorizable,ou=Groups,o=Esempio,c=IT" read
by dn.exact="cn=Sandbox,ou=Admin,dc=example,dc=com" search
by * none