[openldap] update config files
jvcelak
jvcelak at fedoraproject.org
Wed Nov 30 18:00:02 UTC 2011
commit 617e584701b9c2c01b87c59398472a275565b630
Author: Jan Vcelak <jvcelak at redhat.com>
Date: Fri Nov 25 23:50:39 2011 +0100
update config files
slapd.conf.obsolete | 12 ++++-
slapd.ldif | 105 ++++++++++++++++++++++++++++++++++++++-------------
2 files changed, 88 insertions(+), 29 deletions(-)
---
diff --git a/slapd.conf.obsolete b/slapd.conf.obsolete
index 6def6d2..d8220b5 100644
--- a/slapd.conf.obsolete
+++ b/slapd.conf.obsolete
@@ -36,8 +36,15 @@ argsfile /var/run/openldap/slapd.args
# moduleload accesslog.la
# moduleload auditlog.la
-# moduleload back_sql.la
-# moduleload chain.la
+# moduleload back_dnssrv.la
+# moduleload back_ldap.la
+# moduleload back_mdb.la
+# moduleload back_meta.la
+# moduleload back_null.la
+# moduleload back_passwd.la
+# moduleload back_relay.la
+# moduleload back_shell.la
+# moduleload back_sock.la
# moduleload collect.la
# moduleload constraint.la
# moduleload dds.la
@@ -45,7 +52,6 @@ argsfile /var/run/openldap/slapd.args
# moduleload dyngroup.la
# moduleload dynlist.la
# moduleload memberof.la
-# moduleload pbind.la
# moduleload pcache.la
# moduleload ppolicy.la
# moduleload refint.la
diff --git a/slapd.ldif b/slapd.ldif
index 9904767..a016384 100644
--- a/slapd.ldif
+++ b/slapd.ldif
@@ -2,49 +2,90 @@
# See slapd-config(5) for details on configuration options.
# This file should NOT be world readable.
#
+
dn: cn=config
objectClass: olcGlobal
cn: config
+olcArgsFile: /var/run/openldap/slapd.args
+olcPidFile: /var/run/openldap/slapd.pid
#
+# TLS settings
#
-# Define global ACLs to disable default read access.
-#
-olcArgsFile: /var/run/slapd.args
-olcPidFile: /var/run/slapd.pid
+#olcTLSCACertificateFile: /etc/pki/tls/certs/ca-bundle.crt
+#olcTLSCertificateFile: /etc/pki/tls/certs/slapd.pem
+#olcTLSCertificateKeyFile: /etc/pki/tls/certs/slapd.pem
#
# Do not enable referrals until AFTER you have a working directory
# service AND an understanding of referrals.
-#olcReferral: ldap://root.openldap.org
+#
+#olcReferral: ldap://root.openldap.org
#
# Sample security restrictions
# Require integrity protection (prevent hijacking)
# Require 112-bit (3DES or better) encryption for updates
# Require 64-bit encryption for simple bind
+#
#olcSecurity: ssf=1 update_ssf=112 simple_bind=64
#
# Load dynamic backend modules:
+# - modulepath is architecture dependent value (32/64-bit system)
+# - back_sql.la backend requires openldap-servers-sql package
+# - dyngroup.la and dynlist.la cannot be used at the same time
#
+
#dn: cn=module,cn=config
#objectClass: olcModuleList
#cn: module
+#olcModulepath: /usr/lib/openldap
#olcModulepath: /usr/lib64/openldap
-#olcModuleload: back_bdb.la
-#olcModuleload: back_hdb.la
-#olcModuleload: back_ldap.la
-#olcModuleload: back_passwd.la
-#olcModuleload: back_shell.la
+#olcModuleload: accesslog.la
+#olcModuleload: auditlog.la
+#olcModuleload: back_dnssrv.la
+#olcModuleload: back_ldap.la
+#olcModuleload: back_mdb.la
+#olcModuleload: back_meta.la
+#olcModuleload: back_null.la
+#olcModuleload: back_passwd.la
+#olcModuleload: back_relay.la
+#olcModuleload: back_shell.la
+#olcModuleload: back_sock.la
+#olcModuleload: collect.la
+#olcModuleload: constraint.la
+#olcModuleload: dds.la
+#olcModuleload: deref.la
+#olcModuleload: dyngroup.la
+#olcModuleload: dynlist.la
+#olcModuleload: memberof.la
+#olcModuleload: pcache.la
+#olcModuleload: ppolicy.la
+#olcModuleload: refint.la
+#olcModuleload: retcode.la
+#olcModuleload: rwm.la
+#olcModuleload: seqmod.la
+#olcModuleload: smbk5pwd.la
+#olcModuleload: sssvlv.la
+#olcModuleload: syncprov.la
+#olcModuleload: translucent.la
+#olcModuleload: unique.la
+#olcModuleload: valsort.la
+#
+# Schema settings
+#
+
dn: cn=schema,cn=config
objectClass: olcSchemaConfig
cn: schema
include: file:///etc/openldap/schema/core.ldif
+#
# Frontend settings
#
+
dn: olcDatabase=frontend,cn=config
objectClass: olcDatabaseConfig
olcDatabase: frontend
@@ -71,24 +112,36 @@ olcDatabase: frontend
# rootdn can always read and write EVERYTHING!
#
+#
+# Configuration database
+#
+
+dn: olcDatabase=config,cn=config
+objectClass: olcDatabaseConfig
+olcDatabase: config
+olcAccess: to * by dn.base="gidNumber=0+uidNumber=0,cn=peercred,cn=external,c
+ n=auth" manage by * none
+
+#
+# Server status monitoring
+#
+
+dn: olcDatabase=monitor,cn=config
+objectClass: olcDatabaseConfig
+olcDatabase: monitor
+olcAccess: to * by dn.base="gidNumber=0+uidNumber=0,cn=peercred,cn=external,c
+ n=auth" read by dn.base="cn=Manager,dc=my-domain,dc=com" read by * none
-#######################################################################
-# BDB database definitions
-#######################################################################
#
-dn: olcDatabase=bdb,cn=config
+# Backend database definitions
+#
+
+dn: olcDatabase=hdb,cn=config
objectClass: olcDatabaseConfig
-objectClass: olcBdbConfig
-olcDatabase: bdb
+objectClass: olcHdbConfig
+olcDatabase: hdb
olcSuffix: dc=my-domain,dc=com
olcRootDN: cn=Manager,dc=my-domain,dc=com
-# Cleartext passwords, especially for the rootdn, should
-# be avoided. See slappasswd(8) and slapd-config(5) for details.
-# Use of strong authentication encouraged.
-olcRootPW: secret
-# The database directory MUST exist prior to running slapd AND
-# should only be accessible by the slapd and slap tools.
-# Mode 700 recommended.
-olcDbDirectory: /var/openldap-data
-# Indices to maintain
-olcDbIndex: objectClass eq
+olcDbDirectory: /var/lib/ldap
+olcDbIndex: objectClass eq,pres
+olcDbIndex: ou,cn,mail,surname,givenname eq,pres,sub
More information about the scm-commits
mailing list