Репозитории ALT
| S: | 2.6.4-alt1 |
| 5.1: | 2.3.43-alt2.3 |
| 4.1: | 2.3.41-alt3.M41.3 |
| 4.0: | 2.3.35-alt1.M40.1 |
| 3.0: | 2.2.27-alt1.1 |
Группа :: Система/Серверы
Пакет: openldap
навигация по пакетам
Главная Изменения Спек Патчи Исходники Загрузить Gear Bugs and FR Repocop
# $OpenLDAP: pkg/ldap/servers/slapd/slapd.conf,v 1.23.2.8 2003/05/24 23:19:14 kurt Exp $
#
# See slapd.conf(5) for details on configuration options.
# This file should NOT be world readable.
#
# [ GLOBAL SETTINGS ]
# Default schemas
include /etc/openldap/schema/core.schema
include /etc/openldap/schema/cosine.schema
include /etc/openldap/schema/inetorgperson.schema
include /etc/openldap/schema/openldap.schema
include /etc/openldap/schema/nis.schema
#include /etc/openldap/schema/misc.schema
#include /etc/openldap/schema/rfc822-MailMember.schema
#include /etc/openldap/schema/kerberosobject.schema
#include /etc/openldap/schema/corba.schema
#include /etc/openldap/schema/java.schema
# Addon schemas
#include /etc/openldap/schema/autofs.schema
#include /etc/openldap/schema/courier.schema
#include /etc/openldap/schema/dnszone.schema
#include /etc/openldap/schema/qmail.schema
#include /etc/openldap/schema/qmailControl.schema
#include /etc/openldap/schema/samba2.schema
#include /etc/openldap/schema/samba3.schema
# Experementel schemas
#include /etc/openldap/schema/cron.schema
#include /etc/openldap/schema/trust.schema
#include /etc/openldap/schema/turbo.schema
# Netscape roaming
#include /etc/openldap/schema/mull.schema
#include /etc/openldap/schema/netscape-profile.schema
# Local schema
#include /etc/openldap/schema/local.schema
# Specify a set of features (separated by white space) to allow.
allow bind_v2
# Do not enable referrals until AFTER you have a working directory
# service AND an understanding of referrals.
#referral ldap://root.openldap.org
# Specify a desired level of concurrency. Provided to the underlying thread
# system as a hint. The default is not to provide any hint.
concurrency 20
# Specify the maximum number of pending requests for an anonymous session. If
# requests are submitted faster than the server can process them, they will
# be queued up to this limit. If the limit is exceeded, the session is closed.
#conn_max_pending 100
# Specify the maximum number of pending requests for an
# authenticated session.
#conn_max_pending_auth 1000
# Specify a default search base to use when client submits a non-base search
# request with an empty base DN.
defaultsearchbase "dc=example, dc=com"
# A SIGHUP signal will only cause a 'gentle' shutdown-attempt: Slapd will
# stop listening for new connections, but will not close the connections to
# the current clients.
gentlehup on
# Specify the number of seconds to wait before forcibly closing an idle client
# connection. A idletimeout of 0 disables this feature.
#idletimeout 0
# Specify time and size limits based on who initiated an operation.
#sizelimit 500
#timelimit 60
#limits anonymous time.soft=60 time.hard=120
#limits anonymous size.soft=1000 size.hard=1100 size.unchecked=1000
#limits users time.soft=60 time.hard=120
#limits users size=1000
#limits dn.base="ou=People,dc=example,dc=com" size=100
# Specify the level at which debugging statements and operation statistics
# should be syslogged (currently logged to the syslogd(8) LOG_LOCAL4 facility).
# Log levels are additive, and available levels are:
# -1 full
# 0 none
# 1 trace function calls
# 2 debug packet handling
# 4 heavy trace debugging
# 8 connection management
# 16 print out packets sent and received
# 32 search filter processing
# 64 configuration file processing
# 128 access control list processing
# 256 stats log connections/operations/results
# 512 stats log entries sent
# 1024 print communication with shell backends
# 2048 entry parsing
#loglevel 256
# This option sets the hash to be used in generation of user passwords, stored
# in userPassword, during processing of LDAP Password Modify Extended
# Operations (RFC 3062). The <hash> must be one of {SSHA}, {SHA}, {SMD5},
# {MD5}, {CRYPT}, and {CLEARTEXT}. The default is {SSHA}.
#password-hash {SSHA}
# The ( absolute ) name of a file that will hold the server's process ID
# if started without the debugging command line option.
pidfile /var/run/slapd.pid
argsfile /var/run/slapd.args
replica-pidfile /var/run/slurpd.pid
replica-argsfile /var/run/slurpd.args
# Specify a set of conditions (separated by white space) to require (default
# none). The directive may be specified globally and/or per-database. bind
# requires bind operation prior to directory operations. LDAPv3 requires
# session to be using LDAP version 3. authc requires authentication prior to
# directory operations. SASL requires SASL authentication prior to directory
# operations. strong requires strong authentication prior to directory
# operations. The strong keyword allows protected "simple" authentication as
# well as SASL authentication. none may be used to require no conditions
# (useful for clearly globally set conditions within a particular database).
#require none
# Specify the name of an LDIF(5) file containing user defined attributes for
# the root DSE. These attributes are returned in addition to the attributes
# normally produced by slapd.
rootDSE /etc/openldap/rootdse.ldif
# Specify a set of factors (separated by white space) to require. An integer
# value is associated with each factor and is roughly equivalent of the
# encryption key length to require. A value of 112 is equivalent to 3DES, 128
# to Blowfish, etc..
# Require integrity protection (prevent hijacking)
# Require 112-bit (3DES or better) encryption for updates
# Require 63-bit encryption for simple bind
#security ssf=1 update_ssf=112 simple_bind=64
# Specify the maximum size of the primary thread pool. The default is 16.
#threads 16
#
# [ TLS OPTIONS ]
#
# Permits configuring what ciphers will be accepted and the preference order.
# <cipher-suite-spec> should be a cipher specification for OpenSSL.
#TLSCipherSuite HIGH:MEDIUM:+SSLv2
# Specifies the path of a directory that contains Certificate Authority
# certificates in separate individual files. Usually only one of this or the
# TLSCACertificateFile is used.
#TLSCACertificateFile /etc/openldap/ssl/slapd.pem
#TLSCACertificatePath /etc/openldap/ssl
# Specifies the file that contains the slapd server certificate.
#TLSCertificateFile /etc/openldap/ssl/slapd.pem
# Specifies the file that contains the slapd server private key that matches
# the certificate stored in the TLSCertificateFile file. Currently, the private
# key must not be protected with a password, so it is of critical importance
# that it is protected carefully.
#TLSCertificateKeyFile /etc/openldap/ssl/slapd.pem
# Specifies what checks to perform on client certificates in an incoming TLS
# session, if any.
#TLSVerifyClient never
#
# [ GLOBAL ACCESS CONTROL ]
#
# See slapd.access(5) for details
access to attrs=userPassword
by self write
by anonymous auth
by * none
#
# [ BACKEND OPTIONS ]
#
# Load dynamic backend modules:
modulepath /usr/lib/openldap
#moduleload back_dnssrv.la
#moduleload back_ldap.la
#moduleload back_bdb.la
moduleload back_ldbm.la
#moduleload back_meta.la
moduleload back_monitor.la
moduleload back_null.la
#moduleload back_passwd.la
#moduleload back_shell.la
#moduleload back_perl.la
#moduleload back_sql.la
# Options in this section only apply to the configuration file section for the
# specified backend. They are supported by every type of backend.
#backend ldbm
#cachesize 1000
#dbcachesize 100000
#dbsync 10 12 5
#
# [ DATABASE OPTIONS ]
#
# Mark the beginning of a new database instance definition.
database ldbm
# Specify the DN suffix of queries that will be passed to this backend
# database. Multiple suffix lines can be given and at least one is required for
# each database definition. If the suffix of one database is "inside" that of
# another, the database with the inner suffix must come first in the
# configuration file.
suffix "dc=example,dc=com"
# Specify the distinguished name that is not subject to access control or
# administrative limit restrictions for operations on this database. An empty
# root DN (the default) specifies no root access is to be granted. It is
# recommended that the rootdn only be specified when needed (such as when
# initially populating a database).
rootdn "cn=admin,dc=example,dc=com"
# Specify a password (or hash of the password) for the rootdn. This option
# accepts all RFC 2307 userPassword formats known to the server (see
# password-hash desription) as well as cleartext.
rootpw secret
# Controls whether slapd will automatically maintain the modifiersName,
# modifyTimestamp, creatorsName, and createTimestamp attributes for entries.
#lastmod on
# Specifies the maximum number of aliases to dereference when trying to resolve
# an entry, used to avoid inifinite alias loops.
#maxderefdepth 1
# This option puts the database into "read-only" mode. Any attempts to modify
# the database will return an "unwilling to perform" error.
#readonly on
# Specify a replication site for this database. Refer to the "OpenLDAP
# Administrator's Guide" for detailed information on setting up a replicated
# slapd directory service.
#replica uri=ldaps://slave.example.com/
# binddn="cn=ldapAdminSlave,dc=domain,dc=tld"
# bindmethod=simple
# credentials=ldapAdminSlave_secret
# see man slapd.conf for full description
# Specify the name of the replication log file to log changes to.
#replogfile /var/lib/ldap/replica/example.com.replog
# Specify that the current backend database is a subordinate of another backend
# database. A subordinate database may have only one suffix. This option may be
# used to glue multiple databases into a single namingContext.
#subordinate
# This option is only applicable in a slave slapd. It specifies the DN allowed
# to make changes to the replica
#updatedn "cn=slave,dc=example,dc=com"
# Specify the referral to pass back when slapd(8) is asked to modify a
# replicated local database. If specified multiple times, each url is provided.
#updateref "uri=ldap://ldap2.example.com"
# Specify the directory where the LDBM files containing this database and
# associated indexes live.
directory /var/lib/ldap/bases/example.com
# Specify the indexes to maintain for the given attribute (or list of
# attributes). Some attributes only support a subset of indexes.Specify the
# indexes to maintain for the given attribute (or list of attributes). Some
# attributes only support a subset of indexes.
index objectClass eq
index uid pres,eq,sub
index cn pres,eq,sub,subany
# [BACKEND ACCESS CONTROL LIST]
access to attrs=userPassword
by self write
by anonymous auth
by * none
#
# Next database instance
#
#database bdb
#suffix "o=org"
#rootdn "cn=admin,o=org"
#rootpw secret
#directory /var/lib/ldap/bases/org
# [BACKEND ACCESS CONTROL LIST]
#access to attrs=userPassword
# by self write
# by anonymous auth
# by * none
#
#
# [END OF SLAPD.CONF]