openldap/servers/slapd/slapd.conf

#
# See slapd.conf(5) for details on configuration options.
# This file should NOT be world readable.
#
include		%SYSCONFDIR%/schema/core.schema

# Define global ACLs to disable default read access.

# Do not enable referrals until AFTER you have a working directory
# service AND an understanding of referrals.
#referral	ldap://root.openldap.org

pidfile		%LOCALSTATEDIR%/run/slapd.pid
argsfile	%LOCALSTATEDIR%/run/slapd.args

# Load dynamic backend modules:
# modulepath	%MODULEDIR%
# moduleload	back_bdb.la
# moduleload	back_hdb.la
# moduleload	back_ldap.la

# Sample security restrictions
#	Require integrity protection (prevent hijacking)
#	Require 112-bit (3DES or better) encryption for updates
#	Require 63-bit encryption for simple bind
# security ssf=1 update_ssf=112 simple_bind=64

# Sample access control policy:
#	Root DSE: allow anyone to read it
#	Subschema (sub)entry DSE: allow anyone to read it
#	Other DSEs:
#		Allow self write access
#		Allow authenticated users read access
#		Allow anonymous users to authenticate
#	Directives needed to implement policy:
# access to dn.base="" by * read
# access to dn.base="cn=Subschema" by * read
# access to *
#	by self write
#	by users read
#	by anonymous auth
#
# if no access controls are present, the default policy
# allows anyone and everyone to read anything but restricts
# updates to rootdn.  (e.g., "access to * by * read")
#
# rootdn can always read and write EVERYTHING!

#######################################################################
# BDB database definitions
#######################################################################

database	bdb
suffix		"dc=my-domain,dc=com"
rootdn		"cn=Manager,dc=my-domain,dc=com"
# Cleartext passwords, especially for the rootdn, should
# be avoid.  See slappasswd(8) and slapd.conf(5) for details.
# Use of strong authentication encouraged.
rootpw		secret
# The database directory MUST exist prior to running slapd AND 
# should only be accessible by the slapd and slap tools.
# Mode 700 recommended.
directory	%LOCALSTATEDIR%/openldap-data
# Indices to maintain
index	objectClass	eq
Add reference to slapd.conf(5) and recommendation to avoid cleartext passwords. 1999-01-15 20:48:26 -05:00			`#`
			`# See slapd.conf(5) for details on configuration options.`
Add 'should not be world readable' comment. 1999-01-15 20:51:02 -05:00			`# This file should NOT be world readable.`
Add reference to slapd.conf(5) and recommendation to avoid cleartext passwords. 1999-01-15 20:48:26 -05:00			`#`
Include core.schema, not old schema files 2000-06-05 13:47:15 -04:00			`include %SYSCONFDIR%/schema/core.schema`
Change referral comment to point to root.openldap.org instead of umich.edu. Both do not return anything useful. 1999-06-12 17:02:11 -04:00
Initial commit of new ACL engine. Engine supports descrete access privs, additive/substractive rules, and rule continuation. Existing rules that use 'defaultaccess none' should be 100% compatible. Rules that rely other defaultaccess settings will require addition of explicit clauses granting the access. Needs additional testing and tuning of logs 1999-10-21 13:53:56 -04:00			`# Define global ACLs to disable default read access.`
Change the defaultaccess to 'auth' Set defaultaccess to 'read' in distribution slapd.conf and add warnings Set schemacheck to 'on' in distribution slapd.conf and add warnings 1999-10-15 16:34:42 -04:00
			`# Do not enable referrals until AFTER you have a working directory`
			`# service AND an understanding of referrals.`
Change referral comment to point to root.openldap.org instead of umich.edu. Both do not return anything useful. 1999-06-12 17:02:11 -04:00			`#referral ldap://root.openldap.org`
Initial revision 1998-08-08 20:43:13 -04:00
Move pid/args files into $(RUNDIR)/run Move ldapi into $(RUNDIR)/run/openldap 2003-12-18 21:18:29 -05:00			`pidfile %LOCALSTATEDIR%/run/slapd.pid`
			`argsfile %LOCALSTATEDIR%/run/slapd.args`
Add pidfile/argsfile options to default slapd.conf. 1999-01-24 16:20:00 -05:00
Add "index objectClass eq" Add additional comments. Trim modules 2000-08-24 21:16:32 -04:00			`# Load dynamic backend modules:`
Added example 'moduleload' lines to slapd.conf 2000-04-30 11:01:32 -04:00			`# modulepath %MODULEDIR%`
Add back_bdb to modules 2002-08-11 17:06:03 -04:00			`# moduleload back_bdb.la`
s/ldbm/hdb/ 2006-04-08 00:21:03 -04:00			`# moduleload back_hdb.la`
Added example 'moduleload' lines to slapd.conf 2000-04-30 11:01:32 -04:00			`# moduleload back_ldap.la`

Add security restrictions examples 2002-10-07 21:15:20 -04:00			`# Sample security restrictions`
			`# Require integrity protection (prevent hijacking)`
correct security sample 2002-10-12 01:10:41 -04:00			`# Require 112-bit (3DES or better) encryption for updates`
			`# Require 63-bit encryption for simple bind`
			`# security ssf=1 update_ssf=112 simple_bind=64`
Add security restrictions examples 2002-10-07 21:15:20 -04:00
use BDB and other updates 2002-02-02 01:23:12 -05:00			`# Sample access control policy:`
Clean up examples 2002-11-26 12:56:51 -05:00			`# Root DSE: allow anyone to read it`
Add comment about subschema ACLs 2003-02-25 14:00:59 -05:00			`# Subschema (sub)entry DSE: allow anyone to read it`
Clean up examples 2002-11-26 12:56:51 -05:00			`# Other DSEs:`
			`# Allow self write access`
			`# Allow authenticated users read access`
			`# Allow anonymous users to authenticate`
			`# Directives needed to implement policy:`
			`# access to dn.base="" by * read`
Add comment about subschema ACLs 2003-02-25 14:00:59 -05:00			`# access to dn.base="cn=Subschema" by * read`
Clean up examples 2002-11-26 12:56:51 -05:00			`# access to *`
Add a sample ACL 2001-09-25 16:30:51 -04:00			`# by self write`
			`# by users read`
			`# by anonymous auth`
			`#`
clarify default access control policy 2003-12-18 12:32:30 -05:00			`# if no access controls are present, the default policy`
			`# allows anyone and everyone to read anything but restricts`
			`# updates to rootdn. (e.g., "access to * by * read")`
Add a sample ACL 2001-09-25 16:30:51 -04:00			`#`
clarify default access control policy 2003-12-18 12:32:30 -05:00			`# rootdn can always read and write EVERYTHING!`
Add a sample ACL 2001-09-25 16:30:51 -04:00
Initial revision 1998-08-08 20:43:13 -04:00			`#######################################################################`
A very basic DB_CONFIG example 2004-06-18 00:49:08 -04:00			`# BDB database definitions`
Initial revision 1998-08-08 20:43:13 -04:00			`#######################################################################`

use BDB and other updates 2002-02-02 01:23:12 -05:00			`database bdb`
Normalize DN 2001-03-14 22:04:51 -05:00			`suffix "dc=my-domain,dc=com"`
			`rootdn "cn=Manager,dc=my-domain,dc=com"`
Add "index objectClass eq" Add additional comments. Trim modules 2000-08-24 21:16:32 -04:00			`# Cleartext passwords, especially for the rootdn, should`
Add references to slappasswd(8) 2000-06-18 15:38:01 -04:00			`# be avoid. See slappasswd(8) and slapd.conf(5) for details.`
Add "index objectClass eq" Add additional comments. Trim modules 2000-08-24 21:16:32 -04:00			`# Use of strong authentication encouraged.`
Move default LDBM directory from /usr/tmp to $(localstatedir) 2000-05-03 06:07:21 -04:00			`rootpw secret`
Add "index objectClass eq" Add additional comments. Trim modules 2000-08-24 21:16:32 -04:00			`# The database directory MUST exist prior to running slapd AND`
Clarify comment 2003-03-23 21:11:16 -05:00			`# should only be accessible by the slapd and slap tools.`
			`# Mode 700 recommended.`
use BDB and other updates 2002-02-02 01:23:12 -05:00			`directory %LOCALSTATEDIR%/openldap-data`
Add "index objectClass eq" Add additional comments. Trim modules 2000-08-24 21:16:32 -04:00			`# Indices to maintain`
			`index objectClass eq`