OSS-LDAPops
view release on metacpan or search on metacpan
examples/slapd.conf view on Meta::CPAN
access to *
by dn.base="uid=replicant,ou=repl,dc=auth,dc=example,dc=net" read
by * break
access to dn.one="uid=maxUid,dc=auth,dc=example,dc=net"
by dn="uid=webportal, ou=writeaccess, dc=auth,dc=example, dc=net" write
by * none
access to attrs=userPassword,gidNumber,homeDirectory,loginShell,uidNumber
by self write
by dn="uid=webportal, ou=writeaccess, dc=auth,dc=example, dc=net" write
by dn="uid=binduser,ou=bindclients,dc=auth,dc=example, dc=net" read
by anonymous auth
by * none
access to dn.subtree="ou=netgroups, dc=auth, dc=example, dc=net"
by dn="uid=webportal, ou=writeaccess, dc=auth, dc=example, dc=net" write
by dn="uid=binduser, ou=bindclients, dc=auth, dc=example, dc=net" read
access to dn.subtree="ou=unixgroups, dc=auth, dc=example, dc=net"
by dn="uid=webportal, ou=writeaccess, dc=auth, dc=example, dc=net" write
by dn="uid=binduser, ou=bindclients, dc=auth, dc=example, dc=net" read
access to dn.subtree="ou=people, dc=auth, dc=example, dc=net"
by self write
by dn="uid=webportal, ou=writeaccess, dc=auth, dc=example, dc=net" write
by dn="uid=binduser, ou=bindclients, dc=auth, dc=example, dc=net" read
by users read
by anonymous auth
access to dn.subtree="ou=writeaccess, dc=auth, dc=example, dc=net"
by anonymous auth
access to dn.subtree="ou=bindclients, dc=auth, dc=example, dc=net"
by anonymous auth
access to dn.children="dc=auth, dc=example, dc=net"
by users read
#
# if no access controls are present, the default policy
# allows anyone and everyone to read anything but restricts
# updates to rootdn. (e.g., "access to * by * read")
#
# rootdn can always read and write EVERYTHING!
#Accesslog database definitions
database hdb
suffix cn=accesslog
directory /var/lib/openldap-accesslog
rootdn cn=accesslog
index default eq
index entryCSN,objectClass,reqEnd,reqResult,reqStart
overlay syncprov
syncprov-nopresent TRUE
syncprov-reloadhint TRUE
# Let the replica DN have limitless searches
limits dn.exact="uid=replicant,ou=repl,dc=auth,dc=example,dc=net" time.soft=unlimited time.hard=unlimited size.soft=unlimited size.hard=unlimited
#######################################################################
# BDB database definitions
#######################################################################
database hdb
suffix "dc=auth,dc=example, dc=net"
# <kbyte> <min>
#checkpoint 32 30
rootdn "cn=Manager,dc=auth,dc=example, dc=net"
# Cleartext passwords, especially for the rootdn, should
# be avoid. See slappasswd(8) and slapd.conf(5) for details.
# Use of strong authentication encouraged.
rootpw secret
# The database directory MUST exist prior to running slapd AND
# should only be accessible by the slapd and slap tools.
# Mode 700 recommended.
directory /var/lib/openldap-data
# Indices to maintain
index objectClass eq
index uid eq
index memberUid eq
index uniqueMember eq
index entryCSN eq
index entryUUID eq
overlay syncprov
syncprov-checkpoint 1000 60
# accesslog overlay definitions for primary db
overlay accesslog
logdb cn=accesslog
logops writes
logsuccess TRUE
# scan the accesslog DB every day, and purge entries older than 7 days
logpurge 07+00:00 01+00:00
# Let the replica DN have limitless searches
limits dn.exact="uid=replicant,ou=repl,dc=auth,dc=example,dc=net" time.soft=unlimited time.hard=unlimited size.soft=unlimited size.hard=unlimited
( run in 0.850 second using v1.01-cache-2.11-cpan-39bf76dae61 )