[selinux-policy: 875/3172] adding ldap configuration files and README.

Daniel J Walsh dwalsh at fedoraproject.org
Thu Oct 7 20:20:42 UTC 2010 

commit 689417687caa918da9b078fca5de08e3c6ceadfc
Author: Ryan Haggerty <rhaggerty at tresys.com>
Date:   Thu Oct 27 18:56:20 2005 +0000

    adding ldap configuration files and README.

 testing/ldap_config_files/README.etc.openldap    |   23 +++++
 testing/ldap_config_files/etc.openldap.slap.conf |   98 ++++++++++++++++++++++
 testing/ldap_config_files/remove_all.ldif        |    8 ++
 testing/ldap_config_files/root.ldif              |    5 +
 testing/ldap_config_files/users.ldif             |   23 +++++
 5 files changed, 157 insertions(+), 0 deletions(-)
---
diff --git a/testing/ldap_config_files/README.etc.openldap b/testing/ldap_config_files/README.etc.openldap
new file mode 100644
index 0000000..f2d0d09
--- /dev/null
+++ b/testing/ldap_config_files/README.etc.openldap
@@ -0,0 +1,23 @@
+The most important file is slapd.conf. it has some quick configs necisarry for testing.
+the file etc.openldap.slapd.conf belongs at /etc/openldap/slapd.conf
+
+install the packages if they are not already
+	yum -y install openldap-server openldap-clients
+
+add the root dn
+	slapadd -v -l root.ldif
+
+start the service
+	/etc/init.d/ldap start
+
+add some test entries (service must be running)
+	ldapmodify -D "cn=Manager,dc=plainjoe,dc=org" -w secret -x -a -v -f users.ldif
+
+remove them
+	ldapmodify -D "cn=Manager,dc=plainjoe,dc=org" -w secret -x -v -f remove_all.ldif
+
+read them with slapcat
+	slapcat
+
+or read them with a client tool
+	ldapsearch -x -b "dc=plainjoe,dc=org" "(objectclass=*)"
diff --git a/testing/ldap_config_files/etc.openldap.slap.conf b/testing/ldap_config_files/etc.openldap.slap.conf
new file mode 100644
index 0000000..96a0177
--- /dev/null
+++ b/testing/ldap_config_files/etc.openldap.slap.conf
@@ -0,0 +1,98 @@
+#
+# See slapd.conf(5) for details on configuration options.
+# This file should NOT be world readable.
+#
+include		/etc/openldap/schema/core.schema
+include		/etc/openldap/schema/cosine.schema
+include		/etc/openldap/schema/inetorgperson.schema
+include		/etc/openldap/schema/nis.schema
+
+# Allow LDAPv2 client connections.  This is NOT the default.
+allow bind_v2
+
+# Do not enable referrals until AFTER you have a working directory
+# service AND an understanding of referrals.
+#referral	ldap://root.openldap.org
+
+pidfile		/var/run/slapd.pid
+argsfile	/var/run/slapd.args
+
+# Load dynamic backend modules:
+# modulepath	/usr/sbin/openldap
+# moduleload	back_bdb.la
+# moduleload	back_ldap.la
+# moduleload	back_ldbm.la
+# moduleload	back_passwd.la
+# moduleload	back_shell.la
+
+# The next three lines allow use of TLS for encrypting connections using a
+# dummy test certificate which you can generate by changing to
+# /etc/pki/tls/certs, running "make slapd.pem", and fixing permissions on
+# slapd.pem so that the ldap user or group can read it.  Your client software
+# may balk at self-signed certificates, however.
+# TLSCACertificateFile /etc/pki/tls/certs/ca-bundle.crt
+# TLSCertificateFile /etc/pki/tls/certs/slapd.pem
+# TLSCertificateKeyFile /etc/pki/tls/certs/slapd.pem
+
+# Sample security restrictions
+#	Require integrity protection (prevent hijacking)
+#	Require 112-bit (3DES or better) encryption for updates
+#	Require 63-bit encryption for simple bind
+# security ssf=1 update_ssf=112 simple_bind=64
+
+# Sample access control policy:
+#	Root DSE: allow anyone to read it
+#	Subschema (sub)entry DSE: allow anyone to read it
+#	Other DSEs:
+#		Allow self write access
+#		Allow authenticated users read access
+#		Allow anonymous users to authenticate
+#	Directives needed to implement policy:
+# access to dn.base="" by * read
+# access to dn.base="cn=Subschema" by * read
+# access to *
+#	by self write
+#	by users read
+#	by anonymous auth
+#
+# if no access controls are present, the default policy
+# allows anyone and everyone to read anything but restricts
+# updates to rootdn.  (e.g., "access to * by * read")
+#
+# rootdn can always read and write EVERYTHING!
+
+#just allow anyone to do whatever for testing purposes
+access to *
+	by * write
+
+#######################################################################
+# ldbm and/or bdb database definitions
+#######################################################################
+
+database	bdb
+suffix		"dc=plainjoe,dc=org"
+rootdn		"cn=Manager,dc=plainjoe,dc=org"
+# Cleartext passwords, especially for the rootdn, should
+# be avoided.  See slappasswd(8) and slapd.conf(5) for details.
+# Use of strong authentication encouraged.
+# rootpw		secret
+# rootpw		{crypt}ijFYNcSNctBYg
+rootpw			{SSHA}3Q3i+6viSPu3ZIso9ta6cYtNS4TEAXuO
+
+# The database directory MUST exist prior to running slapd AND 
+# should only be accessible by the slapd and slap tools.
+# Mode 700 recommended.
+directory	/var/lib/ldap
+
+# Indices to maintain for this database
+index objectClass                       eq,pres
+index ou,cn,mail,surname,givenname      eq,pres,sub
+index uidNumber,gidNumber,loginShell    eq,pres
+index uid,memberUid                     eq,pres,sub
+index nisMapName,nisMapEntry            eq,pres,sub
+
+# Replicas of this database
+#replogfile /var/lib/ldap/openldap-master-replog
+#replica host=ldap-1.example.com:389 starttls=critical
+#     bindmethod=sasl saslmech=GSSAPI
+#     authcId=host/ldap-master.example.com at EXAMPLE.COM
diff --git a/testing/ldap_config_files/remove_all.ldif b/testing/ldap_config_files/remove_all.ldif
new file mode 100644
index 0000000..499713e
--- /dev/null
+++ b/testing/ldap_config_files/remove_all.ldif
@@ -0,0 +1,8 @@
+dn: cn=Other Guy,ou=people,dc=plainjoe,dc=org
+changetype: delete
+
+dn: cn=Some Guy,ou=people,dc=plainjoe,dc=org
+changetype: delete
+
+dn: ou=people,dc=plainjoe,dc=org
+changetype: delete
diff --git a/testing/ldap_config_files/root.ldif b/testing/ldap_config_files/root.ldif
new file mode 100644
index 0000000..a376ce8
--- /dev/null
+++ b/testing/ldap_config_files/root.ldif
@@ -0,0 +1,5 @@
+dn: dc=plainjoe,dc=org
+dc: plainjoe
+objectClass: dcObject
+objectClass: organizationalUnit
+ou: PlainJoe Dot Org
diff --git a/testing/ldap_config_files/users.ldif b/testing/ldap_config_files/users.ldif
new file mode 100644
index 0000000..3ac0e27
--- /dev/null
+++ b/testing/ldap_config_files/users.ldif
@@ -0,0 +1,23 @@
+dn: ou=people,dc=plainjoe,dc=org
+ou: people
+objectClass: organizationalUnit
+
+dn: cn=Some Guy,ou=people,dc=plainjoe,dc=org
+cn: Some Guy
+sn: Guy
+mail: sguy at place.com
+mail: sguy at otherplace.com
+labeledURI: http://www.place.com/sguy/index.php
+roomNumber: 1234 his room
+departmentNumber: sw devel
+pager: 555-666-7777
+mobile: 898-898-8989
+objectClass: inetOrgPerson
+
+dn: cn=Other Guy,ou=people,dc=plainjoe,dc=org
+cn: Other Guy
+sn: Guy
+mail: oguy at place.com
+departmentNumber: hw devel
+mobile: 898-898-9999
+objectClass: inetOrgPerson

More information about the scm-commits mailing list