mirror of
https://git.openldap.org/openldap/openldap.git
synced 2025-12-30 03:29:35 -05:00
Add missing olcFrontendConfig to example
This commit is contained in:
Ondřej Kuzník
parent
82cee8f57a
commit
602c794287
1 changed files with 59 additions and 58 deletions
|
|
@ -1045,102 +1045,103 @@ to all the other databases.
|
|||
E: 15. # global database parameters
|
||||
E: 16. dn: olcDatabase=frontend,cn=config
|
||||
E: 17. objectClass: olcDatabaseConfig
|
||||
E: 18. olcDatabase: frontend
|
||||
E: 19. olcAccess: to * by * read
|
||||
E: 20.
|
||||
E: 18. objectClass: olcFrontendConfig
|
||||
E: 19. olcDatabase: frontend
|
||||
E: 20. olcAccess: to * by * read
|
||||
E: 21.
|
||||
|
||||
Line 15 is a comment. Lines 16-18 identify this entry as the global
|
||||
database entry. Line 19 is a global access control. It applies to all
|
||||
database entry. Line 20 is a global access control. It applies to all
|
||||
entries (after any applicable database-specific access controls).
|
||||
Line 20 is a blank line.
|
||||
Line 21 is a blank line.
|
||||
|
||||
The next entry defines the config backend.
|
||||
|
||||
E: 21. # set a rootpw for the config database so we can bind.
|
||||
E: 22. # deny access to everyone else.
|
||||
E: 23. dn: olcDatabase=config,cn=config
|
||||
E: 24. objectClass: olcDatabaseConfig
|
||||
E: 25. olcDatabase: config
|
||||
E: 26. olcRootPW: {SSHA}XKYnrjvGT3wZFQrDD5040US592LxsdLy
|
||||
E: 27. olcAccess: to * by * none
|
||||
E: 28.
|
||||
E: 22. # set a rootpw for the config database so we can bind.
|
||||
E: 23. # deny access to everyone else.
|
||||
E: 24. dn: olcDatabase=config,cn=config
|
||||
E: 25. objectClass: olcDatabaseConfig
|
||||
E: 26. olcDatabase: config
|
||||
E: 27. olcRootPW: {SSHA}XKYnrjvGT3wZFQrDD5040US592LxsdLy
|
||||
E: 28. olcAccess: to * by * none
|
||||
E: 29.
|
||||
|
||||
Lines 21-22 are comments. Lines 23-25 identify this entry as the config
|
||||
database entry. Line 26 defines the {{super-user}} password for this
|
||||
database. (The DN defaults to {{"cn=config"}}.) Line 27 denies all access
|
||||
Lines 22-23 are comments. Lines 24-26 identify this entry as the config
|
||||
database entry. Line 27 defines the {{super-user}} password for this
|
||||
database. (The DN defaults to {{"cn=config"}}.) Line 28 denies all access
|
||||
to this database, so only the super-user will be able to access it. (This
|
||||
is already the default access on the config database. It is just listed
|
||||
here for illustration, and to reiterate that unless a means to authenticate
|
||||
as the super-user is explicitly configured, the config database will be
|
||||
inaccessible.)
|
||||
|
||||
Line 28 is a blank line.
|
||||
Line 29 is a blank line.
|
||||
|
||||
The next entry defines an MDB backend that will handle queries for things
|
||||
in the "dc=example,dc=com" portion of the tree. Indices are to be maintained
|
||||
for several attributes, and the {{EX:userPassword}} attribute is to be
|
||||
protected from unauthorized access.
|
||||
|
||||
E: 29. # MDB definition for example.com
|
||||
E: 30. dn: olcDatabase=mdb,cn=config
|
||||
E: 31. objectClass: olcDatabaseConfig
|
||||
E: 32. objectClass: olcMdbConfig
|
||||
E: 33. olcDatabase: mdb
|
||||
E: 34. olcSuffix: dc=example,dc=com
|
||||
E: 35. olcDbDirectory: /usr/local/var/openldap-data
|
||||
E: 36. olcRootDN: cn=Manager,dc=example,dc=com
|
||||
E: 37. olcRootPW: secret
|
||||
E: 38. olcDbIndex: uid pres,eq
|
||||
E: 39. olcDbIndex: cn,sn pres,eq,approx,sub
|
||||
E: 40. olcDbIndex: objectClass eq
|
||||
E: 41. olcAccess: to attrs=userPassword
|
||||
E: 42. by self write
|
||||
E: 43. by anonymous auth
|
||||
E: 44. by dn.base="cn=Admin,dc=example,dc=com" write
|
||||
E: 45. by * none
|
||||
E: 46. olcAccess: to *
|
||||
E: 47. by self write
|
||||
E: 48. by dn.base="cn=Admin,dc=example,dc=com" write
|
||||
E: 49. by * read
|
||||
E: 50.
|
||||
E: 30. # MDB definition for example.com
|
||||
E: 31. dn: olcDatabase=mdb,cn=config
|
||||
E: 32. objectClass: olcDatabaseConfig
|
||||
E: 33. objectClass: olcMdbConfig
|
||||
E: 34. olcDatabase: mdb
|
||||
E: 35. olcSuffix: dc=example,dc=com
|
||||
E: 36. olcDbDirectory: /usr/local/var/openldap-data
|
||||
E: 37. olcRootDN: cn=Manager,dc=example,dc=com
|
||||
E: 38. olcRootPW: secret
|
||||
E: 39. olcDbIndex: uid pres,eq
|
||||
E: 40. olcDbIndex: cn,sn pres,eq,approx,sub
|
||||
E: 41. olcDbIndex: objectClass eq
|
||||
E: 42. olcAccess: to attrs=userPassword
|
||||
E: 43. by self write
|
||||
E: 44. by anonymous auth
|
||||
E: 45. by dn.base="cn=Admin,dc=example,dc=com" write
|
||||
E: 46. by * none
|
||||
E: 47. olcAccess: to *
|
||||
E: 48. by self write
|
||||
E: 49. by dn.base="cn=Admin,dc=example,dc=com" write
|
||||
E: 50. by * read
|
||||
E: 51.
|
||||
|
||||
Line 29 is a comment. Lines 30-33 identify this entry as a MDB database
|
||||
configuration entry. Line 34 specifies the DN suffix
|
||||
for queries to pass to this database. Line 35 specifies the directory
|
||||
Line 30 is a comment. Lines 31-34 identify this entry as a MDB database
|
||||
configuration entry. Line 35 specifies the DN suffix
|
||||
for queries to pass to this database. Line 36 specifies the directory
|
||||
in which the database files will live.
|
||||
|
||||
Lines 36 and 37 identify the database {{super-user}} entry and associated
|
||||
Lines 37 and 38 identify the database {{super-user}} entry and associated
|
||||
password. This entry is not subject to access control or size or
|
||||
time limit restrictions.
|
||||
|
||||
Lines 38 through 40 indicate the indices to maintain for various
|
||||
Lines 39 through 41 indicate the indices to maintain for various
|
||||
attributes.
|
||||
|
||||
Lines 41 through 49 specify access control for entries in this
|
||||
Lines 42 through 50 specify access control for entries in this
|
||||
database. For all applicable entries, the {{EX:userPassword}} attribute is writable
|
||||
by the entry itself and by the "admin" entry. It may be used for
|
||||
authentication/authorization purposes, but is otherwise not readable.
|
||||
All other attributes are writable by the entry and the "admin"
|
||||
entry, but may be read by all users (authenticated or not).
|
||||
|
||||
Line 50 is a blank line, indicating the end of this entry.
|
||||
Line 51 is a blank line, indicating the end of this entry.
|
||||
|
||||
The next entry defines another
|
||||
MDB database. This one handles queries involving the
|
||||
{{EX:dc=example,dc=net}} subtree but is managed by the same entity
|
||||
as the first database. Note that without line 60, the read access
|
||||
would be allowed due to the global access rule at line 19.
|
||||
as the first database. Note that without line 61, the read access
|
||||
would be allowed due to the global access rule at line 20.
|
||||
|
||||
E: 51. # MDB definition for example.net
|
||||
E: 52. dn: olcDatabase=mdb,cn=config
|
||||
E: 53. objectClass: olcDatabaseConfig
|
||||
E: 54. objectClass: olcMdbConfig
|
||||
E: 55. olcDatabase: mdb
|
||||
E: 56. olcSuffix: dc=example,dc=net
|
||||
E: 57. olcDbDirectory: /usr/local/var/openldap-data-net
|
||||
E: 58. olcRootDN: cn=Manager,dc=example,dc=com
|
||||
E: 59. olcDbIndex: objectClass eq
|
||||
E: 60. olcAccess: to * by users read
|
||||
E: 52. # MDB definition for example.net
|
||||
E: 53. dn: olcDatabase=mdb,cn=config
|
||||
E: 54. objectClass: olcDatabaseConfig
|
||||
E: 55. objectClass: olcMdbConfig
|
||||
E: 56. olcDatabase: mdb
|
||||
E: 57. olcSuffix: dc=example,dc=net
|
||||
E: 58. olcDbDirectory: /usr/local/var/openldap-data-net
|
||||
E: 59. olcRootDN: cn=Manager,dc=example,dc=com
|
||||
E: 60. olcDbIndex: objectClass eq
|
||||
E: 61. olcAccess: to * by users read
|
||||
|
||||
|
||||
H2: Converting old style {{slapd.conf}}(5) file to {{cn=config}} format
|
||||
|
|
|
|||
Loading…
Reference in a new issue