ALT Linux repositórios
Group :: Sistema/Servidores
RPM: openldap
Main Changelog Spec Patches Sources Download Gear Bugs e FR Repocop
# $OpenLDAP: pkg/ldap/servers/slapd/slapd.conf,v 1.23.2.8 2003/05/24 23:19:14 kurt Exp $
#
# See slapd.conf(5) for details on configuration options.
# This file should NOT be world readable.
#
# [ GLOBAL SETTINGS ]
# Default schemas
include /etc/openldap/schema/core.schema
include /etc/openldap/schema/cosine.schema
include /etc/openldap/schema/inetorgperson.schema
include /etc/openldap/schema/openldap.schema
include /etc/openldap/schema/nis.schema
#include /etc/openldap/schema/misc.schema
#include /etc/openldap/schema/rfc822-MailMember.schema
#include /etc/openldap/schema/kerberosobject.schema
#include /etc/openldap/schema/corba.schema
#include /etc/openldap/schema/java.schema
# Addon schemas
#include /etc/openldap/schema/autofs.schema
#include /etc/openldap/schema/courier.schema
#include /etc/openldap/schema/dnszone.schema
#include /etc/openldap/schema/freeradius.schema
#include /etc/openldap/schema/qmail.schema
#include /etc/openldap/schema/qmailControl.schema
#include /etc/openldap/schema/samba2.schema
#include /etc/openldap/schema/samba3.schema
# Experementel schemas
#include /etc/openldap/schema/cron.schema
#include /etc/openldap/schema/trust.schema
#include /etc/openldap/schema/turbo.schema
# Netscape roaming
#include /etc/openldap/schema/mull.schema
#include /etc/openldap/schema/netscape-profile.schema
# Local schema
#include /etc/openldap/schema/local.schema
# Specify a set of features (separated by white space) to allow.
allow bind_v2
# Do not enable referrals until AFTER you have a working directory
# service AND an understanding of referrals.
#referral ldap://root.openldap.org
# Specify a desired level of concurrency. Provided to the underlying thread
# system as a hint. The default is not to provide any hint.
concurrency 20
# Specify the maximum number of pending requests for an anonymous session. If
# requests are submitted faster than the server can process them, they will
# be queued up to this limit. If the limit is exceeded, the session is closed.
#conn_max_pending 100
# Specify the maximum number of pending requests for an
# authenticated session.
#conn_max_pending_auth 1000
# Specify a default search base to use when client submits a non-base search
# request with an empty base DN.
#defaultsearchbase "dc=example, dc=com"
# A SIGHUP signal will only cause a 'gentle' shutdown-attempt: Slapd will
# stop listening for new connections, but will not close the connections to
# the current clients.
gentlehup on
# Specify the number of seconds to wait before forcibly closing an idle client
# connection. A idletimeout of 0 disables this feature.
#idletimeout 0
# Specify time and size limits based on who initiated an operation.
sizelimit -1
#sizelimit 500
#timelimit 60
#limits anonymous time.soft=60 time.hard=120
#limits anonymous size.soft=1000 size.hard=1100 size.unchecked=1000
#limits users time.soft=60 time.hard=120
#limits users size=1000
#limits dn.base="ou=People,dc=example,dc=com" size=100
# Specify the level at which debugging statements and operation statistics
# should be syslogged (currently logged to the syslogd(8) LOG_LOCAL4 facility).
# Log levels are additive, and available levels are:
# -1 full
# 0 none
# 1 trace function calls
# 2 debug packet handling
# 4 heavy trace debugging
# 8 connection management
# 16 print out packets sent and received
# 32 search filter processing
# 64 configuration file processing
# 128 access control list processing
# 256 stats log connections/operations/results
# 512 stats log entries sent
# 1024 print communication with shell backends
# 2048 entry parsing
loglevel 0
# This option sets the hash to be used in generation of user passwords, stored
# in userPassword, during processing of LDAP Password Modify Extended
# Operations (RFC 3062). The <hash> must be one of {SSHA}, {SHA}, {SMD5},
# {MD5}, {CRYPT}, and {CLEARTEXT}. The default is {SSHA}.
#password-hash {SSHA}
# The ( absolute ) name of a file that will hold the server's process ID
# if started without the debugging command line option.
pidfile /var/run/slapd.pid
argsfile /var/run/slapd.args
# Specify the name of the replication log file to log changes to.
# This one is a global replogfile for all configured databases.
# Path to file is relative to chroot dir.
#replogfile /replica/replica.data
# Specify a set of conditions (separated by white space) to require (default
# none). The directive may be specified globally and/or per-database. bind
# requires bind operation prior to directory operations. LDAPv3 requires
# session to be using LDAP version 3. authc requires authentication prior to
# directory operations. SASL requires SASL authentication prior to directory
# operations. strong requires strong authentication prior to directory
# operations. The strong keyword allows protected "simple" authentication as
# well as SASL authentication. none may be used to require no conditions
# (useful for clearly globally set conditions within a particular database).
#require none
# Specify the name of an LDIF(5) file containing user defined attributes for
# the root DSE. These attributes are returned in addition to the attributes
# normally produced by slapd.
rootDSE /etc/openldap/rootdse.ldif
# Specify a set of factors (separated by white space) to require. An integer
# value is associated with each factor and is roughly equivalent of the
# encryption key length to require. A value of 112 is equivalent to 3DES, 128
# to Blowfish, etc..
# Require integrity protection (prevent hijacking)
# Require 112-bit (3DES or better) encryption for updates
# Require 63-bit encryption for simple bind
#security ssf=1 update_ssf=112 simple_bind=64
# Specify the maximum size of the primary thread pool. The default is 16.
#threads 16
#
# [ TLS OPTIONS ]
#
# Permits configuring what ciphers will be accepted and the preference order.
# <cipher-suite-spec> should be a cipher specification for OpenSSL.
#TLSCipherSuite HIGH:MEDIUM:+SSLv2
# Specifies the path of a directory that contains Certificate Authority
# certificates in separate individual files. Usually only one of this or the
# TLSCACertificateFile is used.
#TLSCACertificateFile /var/lib/ssl/cert.pem
#TLSCACertificatePath /var/lib/ssl/certs
# Specifies the file that contains the slapd server certificate.
#TLSCertificateFile /var/lib/ssl/certs/slapd.cert
# Specifies the file that contains the slapd server private key that matches
# the certificate stored in the TLSCertificateFile file. Currently, the private
# key must not be protected with a password, so it is of critical importance
# that it is protected carefully.
#TLSCertificateKeyFile /var/lib/ssl/private/slapd.key
# Specifies what checks to perform on client certificates in an incoming TLS
# session, if any.
#TLSVerifyClient never
#
# [ GLOBAL ACCESS CONTROL ]
#
# See slapd.access(5) for details
# The root DIT should be accessible to all clients
access to dn.exact=""
by * read
# Allow read access to schemas
access to dn.subtree="cn=Subschema"
by * read
access to attrs=userPassword
by self write
by anonymous auth
by * none
#
# [ BACKEND OPTIONS ]
#
# Load dynamic backend modules:
modulepath /usr/lib/openldap
## Backends
#moduleload back_dnssrv.la
#moduleload back_ldap.la
moduleload back_hdb.la
#moduleload back_bdb.la
#moduleload back_ldbm.la
#moduleload back_meta.la
moduleload back_monitor.la
moduleload back_null.la
#moduleload back_passwd.la
#moduleload back_shell.la
#moduleload back_perl.la
#moduleload back_sql.la
## Overlays
# Known overlays are documented in slapo-accesslog(5), slapo-auditlog(5),
# slapo-chain(5), slapo-dynlist(5), slapo-lastmod(5), slapo-pcache(5),
# slapo-ppolicy(5), slapo-refint(5), slapo-retcode(5), slapo-rwm(5),
# slapo-syncprov(5), slapo-translucent(5), slapo-unique(5).
#moduleload accesslog.la
#moduleload denyop.la
#moduleload dyngroup.la
#moduleload dynlist.la
#moduleload lastmod.la
#moduleload pcache.la
#moduleload ppolicy.la
#moduleload refint.la
#moduleload retcode.la
#moduleload rwm.la
#moduleload syncprov.la
#moduleload translucent.la
#moduleload unique.la
#moduleload valsort.la
#
# [ DATABASE OPTIONS ]
#
# First database definition
include /etc/openldap/slapd-hdb-db01.conf
# Second database definition
include /etc/openldap/slapd-hdb-db02.conf
#
# [END OF SLAPD.CONF]