# # [ DATABASE OPTIONS ] # # Mark the beginning of a new database instance definition. database hdb # Specify the DN suffix of queries that will be passed to this backend # database. Multiple suffix lines can be given and at least one is required for # each database definition. If the suffix of one database is "inside" that of # another, the database with the inner suffix must come first in the # configuration file. suffix "dc=example,dc=com" # Specify the distinguished name that is not subject to access control or # administrative limit restrictions for operations on this database. An empty # root DN (the default) specifies no root access is to be granted. It is # recommended that the rootdn only be specified when needed (such as when # initially populating a database). rootdn "cn=admin,dc=example,dc=com" # Specify a password (or hash of the password) for the rootdn. This option # accepts all RFC 2307 userPassword formats known to the server (see # password-hash desription) as well as cleartext. rootpw secret # Controls whether slapd will automatically maintain the modifiersName, # modifyTimestamp, creatorsName, and createTimestamp attributes for entries. #lastmod on # Specifies the maximum number of aliases to dereference when trying to resolve # an entry, used to avoid inifinite alias loops. #maxderefdepth 1 # This option puts the database into "read-only" mode. Any attempts to modify # the database will return an "unwilling to perform" error. #readonly on # Specify that the current backend database is a subordinate of another backend # database. A subordinate database may have only one suffix. This option may be # used to glue multiple databases into a single namingContext. #subordinate # Specify the directory where the LDBM files containing this database and # associated indexes live. directory /var/lib/ldap/bases/example.com ##### # Replication setup for this database #### ### # # Old method - replicate via slurpd(8). Uncomment 'replogfile /replica/replica.data' # in the [ GLOBAL SETTINGS ] section # ## master server # Specify a replication site for this database. Refer to the "OpenLDAP # Administrator's Guide" for detailed information on setting up a replicated # slapd directory service. See man slapd.conf for full description # #replica uri=ldaps://slave.example.com # binddn="cn=ldapAdminSlave,dc=domain,dc=tld" # bindmethod=simple # credentials=ldapAdminSlave_secret ## slave server # This option is only applicable in a slave slapd. It specifies the DN allowed # to make changes to the replica # #updatedn "cn=slave,dc=example,dc=com" # # Specify the referral to pass back when slapd(8) is asked to modify a # replicated local database. If specified multiple times, each url is provided. # #updateref "uri=ldap://ldap2.example.com" # ### # # NEW method - via syncprov/syncrepl # ## master server # Uncomment 'moduleload syncprov.la' in the slapd.conf, [ Overlays ] section #overlay syncprov #syncprov-checkpoint 100 1 #syncprov-sessionlog 100 #syncprov-reloadhint TRUE # ## slave server # Uncomment 'moduleload syncprov.la' in the slapd.conf, '[ BACKEND OPTIONS ]->Overlays' # section. # See man slapo-syncprov for details. # #syncrepl rid=123 # provider=ldap://syncprov.ldap.server.tld:389 # type=refreshAndPersist # interval=00:01:00:00 # retry="60 +" # searchbase="dc=example,dc=com" # filter="(objectClass=*)" # scope=sub # schemachecking=off # bindmethod=simple # binddn="uid=syncrepluser,dc=example,dc=com" # credentials=syncrepluser-password # ## Replication setup - end ##### # Specify the indexes to maintain for the given attribute (or list of # attributes). Some attributes only support a subset of indexes.Specify the # indexes to maintain for the given attribute (or list of attributes). Some # attributes only support a subset of indexes. index objectClass eq index uid pres,eq,sub index cn pres,eq,sub,subany # [BACKEND ACCESS CONTROL LIST] access to attrs=userPassword by self write by anonymous auth by * none