source: trunk/puppet/modules/puppet-openldap/templates/slapd.conf_slave.erb @ 447

Last change on this file since 447 was 447, checked in by sebas, 14 years ago

inicio del archivo de configuracion slapd.conf_slave
File size: 3.3 KB
Line 
1# This is the main slapd configuration file. See slapd.conf(5) for more
2# ldap slave...
3
4# Features to permit
5# allow bind_v2
6
7# Schema and objectClass definitions
8include         /etc/ldap/schema/core.schema
9include         /etc/ldap/schema/cosine.schema
10include         /etc/ldap/schema/nis.schema
11include         /etc/ldap/schema/inetorgperson.schema
12<% if has_variable?("ldap_smb") -%>
13include         /etc/ldap/schema/samba.schema
14<% end -%>
15include         /etc/ldap/schema/authldap.schema
16
17# Schema check allows for forcing entries to
18# match schemas for their objectClasses's
19schemacheck     on
20
21# Where the pid file is put. The init.d script
22# will not stop the server if you change this.
23pidfile         /var/run/slapd/slapd.pid
24
25# List of arguments that were passed to the server
26argsfile        /var/run/slapd/slapd.args
27
28# Read slapd.conf(5) for possible values
29loglevel        0
30
31# to use ldapsearch
32sizelimit 2000
33
34# Where the dynamically loaded modules are stored
35modulepath      /usr/lib/ldap
36moduleload      back_bdb
37
38# Specific Backend Directives for bdb
39backend           bdb
40checkpoint  512 30
41database    bdb
42
43# The base of your directory in database #1
44suffix          "<%= ldap_base %>"
45
46# rootdn directive for specifying a superuser on the database. This is needed
47# # for syncrepl.
48#rootdn          "cn=admin,<%= ldap_base %>"
49
50# Where the database file are physically stored for database #1
51directory       "/var/lib/ldap"
52
53# Indexing options for database #1
54index         uid,uidNumber,gidNumber,memberUid       eq
55index         cn,mail,surname,givenname               eq,subinitial
56<% if has_variable?("ldap_smb") -%>
57index         sambaSID                                eq
58index         sambaPrimaryGroupSID                    eq
59index         sambaDomainName                         eq
60<% end -%>
61# Save the time that the entry gets modified, for database #1
62lastmod         on
63
64# Where to store the replica logs for database #1
65# replogfile    /var/lib/ldap/replog
66
67# The userPassword by default can be changed
68# by the entry owning it if they are authenticated.
69# Others should not be able to see it, except the
70# admin entry below
71# These access lines apply to database #1 only
72<% if has_variable?("ldap_smb") -%>
73access to attrs=userPassword,sambaNTPassword,sambaLMPassword,sambaPwdCanChange,sambaPwdMustChange,sambaPwdLastSet,sambaAcctFlags
74<% else -%>
75access to attrs=userPassword
76<% end -%>
77        by dn="cn=admin,<%= ldap_base %>" write
78        by anonymous auth
79        by self write
80        by * none
81# Ensure read access to the base for things like
82# # supportedSASLMechanisms.  Without this you may
83# # have problems with SASL not knowing what
84# # mechanisms are available and the like.
85# # Note that this is covered by the 'access to *'
86# # ACL below too but if you change that as people
87# # are wont to do you'll still need this if you
88# # want SASL (and possible other things) to work
89# # happily.
90access to dn.base="" by * read
91
92# The admin dn has full write access, everyone else
93# can read everything.
94access to *
95        by dn="cn=admin,<%= ldap_base %>" write
96        by * read
97
98<% if has_variable?("ldap_ssl") -%>
99TLSCipherSuite HIGH:MEDIUM:-SSLv2
100TLSVerifyClient never
101TLSCertificateFile /etc/ssl/certs/ldap.pem
102TLSCertificateKeyFile /etc/ssl/certs/ldap.pem
103TLSCACertificateFile /etc/ssl/certs/ldap.pem
104<% end -%>
Note: See TracBrowser for help on using the repository browser.