# USE: Main database. Contains EVERYTHING. # ------------------------------------------------------------------------ # This is the main ldapd configuration file. See slapd.conf(5) for more # info on the configuration options. # # levels are: # 1 (0x1 trace) trace function calls # 2 (0x2 packet) debug packet handling # 4 (0x4 args) heavy trace debugging (function args) # 8 (0x8 conns) connection management # 16 (0x10 BER) print out packets sent and received # 32 (0x20 filter) search filter processing # 64 (0x40 config) configuration file processing # 128 (0x80 ACL) access control list processing # 256 (0x100 stats) stats log connections/operations/results # 512 (0x200 stats2) stats log entries sent # 1024 (0x400 shell) print communication with shell backends # 2048 (0x800 parse) entry parsing # 4096 (0x1000 cache) caching (unused) # 8192 (0x2000 index) data indexing (unused) # 16384 (0x4000 sync) LDAPSync replication # 32768 (0x8000 none) only messages that get logged whatever log level is set loglevel parse sync none #loglevel parse sync none stats # Schema and objectClass definitions include /etc/ldap/schema/core.schema include /etc/ldap/schema/cosine.schema include /etc/ldap/schema/inetorgperson.schema include /etc/ldap/schema/nis.schema # include /etc/ldap/schema.extra/krb5-kdc.schema include /etc/ldap/schema.extra/trust.schema include /etc/ldap/schema.extra/turbo.schema include /etc/ldap/schema.extra/autofs.schema include /etc/ldap/schema.extra/dnszone.schema include /etc/ldap/schema.extra/rfc2377.schema include /etc/ldap/schema.extra/apache.schema include /etc/ldap/schema.extra/samba.schema include /etc/ldap/schema.extra/cacti.schema include /etc/ldap/schema.extra/sudo.schema include /etc/ldap/schema.extra/RADIUS-LDAPv3.schema # Cause a 'gentle' shutdown-attempt: Slapd will stop listening for new # connections, but will not close the connections to the current clients. gentlehup on # Number of seconds to wait before forcibly closing an idle client connection. idletimeout 120 # Maximum size of the primary thread pool. # Limit the number of threads # The default is 16 and that has been reported on the openldap mailing # list to be too many for a machine with < 1 GB of RAM threads 8 #threads 32 # Specify a desired level of concurrency. Provided to the underlying # thread system as a hint. The default is not to provide any hint. #concurrency 100 password-hash {MD5} allow bind_v2 # Additional features to permit: # Error: 'ldap_bind: Inappropriate authentication (48)' #bind_anon_cred bind_anon_dn # Make sure we do reverse lookups, needed for ACL's. reverse-lookup on # Connection limits etc sizelimit unlimited timelimit unlimited # Where the pid file is put. The init.d script # will not stop the server if you change this. pidfile /var/run/slapd/pid-slapd # List of arguments that were passed to the server argsfile /var/run/slapd/args-slapd # Where the dynamically loaded modules are stored modulepath /usr/lib/ldap # What backend modules to load moduleload back_monitor moduleload back_bdb moduleload back_hdb # moduleload accesslog moduleload auditlog moduleload unique # Misc options defaultsearchbase c=SE ####################################################################### # ------- Specific backend directives backend config backend monitor backend bdb backend hdb # ------- Access control #access to * by * write include /etc/ldap/slapd.access access to * by dynacl/aci write ####################################################################### # ------- DB: 'cn=Monitor' database monitor # ------- DB: 'cn=Config' # OpenLDAP v2.3 can't do ACL/ACI in cn=config, hence rootdn here database config rootdn "uid=turbo,ou=People,o=Fredriksson,c=SE" readonly on # ------- DB: 'cn=LOG1' database bdb suffix cn=LOG1 directory "/var/lib/ldap/cn=log1" index reqStart eq rootdn "uid=turbo,ou=People,o=Fredriksson,c=SE" # ------- DB: 'c=SE' (Bayour.COM) database hdb suffix "c=SE" directory "/var/lib/ldap/c=se" # -- Misc database configuration readonly off lastmod on # -- Indexes index uid,uidNumber,gidNumber eq,pres index objectClass,cn,sn,mail,mailAlternateAddress eq index mailForwardingAddress,zoneName,relativeDomainName eq index trustModel,accessTo,krb5PrincipalName,memberUid eq index locals,rcptHosts,administrator,ezmlmAdministrator eq index entryUUID,entryCSN eq # -- HDB backend specific stuff checkpoint 500 10 cachesize 2000 idlcachesize 6000 mode 0600 dbnosync dirtyread # overlay accesslog logdb cn=LOG1 #logops writes bind logops all logold (objectclass=person) # overlay auditlog auditlog /var/lib/ldap/audit.log # overlay unique unique_base c=SE unique_attributes uid mail mailAlternateAddress unique_strict