1# 2# See slapd-config(5) for details on configuration options. 3# This file should NOT be world readable. 4# 5dn: cn=config 6objectClass: olcGlobal 7cn: config 8# 9# 10# Define global ACLs to disable default read access. 11# 12olcArgsFile: %LOCALSTATEDIR%/run/slapd.args 13olcPidFile: %LOCALSTATEDIR%/run/slapd.pid 14# 15# Do not enable referrals until AFTER you have a working directory 16# service AND an understanding of referrals. 17#olcReferral: ldap://root.openldap.org 18# 19# Sample security restrictions 20# Require integrity protection (prevent hijacking) 21# Require 112-bit (3DES or better) encryption for updates 22# Require 64-bit encryption for simple bind 23#olcSecurity: ssf=1 update_ssf=112 simple_bind=64 24 25 26# 27# Load dynamic backend modules: 28# 29#dn: cn=module,cn=config 30#objectClass: olcModuleList 31#cn: module 32#olcModulepath: %MODULEDIR% 33#olcModuleload: back_bdb.la 34#olcModuleload: back_hdb.la 35#olcModuleload: back_ldap.la 36#olcModuleload: back_passwd.la 37#olcModuleload: back_shell.la 38 39 40dn: cn=schema,cn=config 41objectClass: olcSchemaConfig 42cn: schema 43 44include: file://%SYSCONFDIR%/schema/core.ldif 45 46# Frontend settings 47# 48dn: olcDatabase=frontend,cn=config 49objectClass: olcDatabaseConfig 50objectClass: olcFrontendConfig 51olcDatabase: frontend 52# 53# Sample global access control policy: 54# Root DSE: allow anyone to read it 55# Subschema (sub)entry DSE: allow anyone to read it 56# Other DSEs: 57# Allow self write access 58# Allow authenticated users read access 59# Allow anonymous users to authenticate 60# 61#olcAccess: to dn.base="" by * read 62#olcAccess: to dn.base="cn=Subschema" by * read 63#olcAccess: to * 64# by self write 65# by users read 66# by anonymous auth 67# 68# if no access controls are present, the default policy 69# allows anyone and everyone to read anything but restricts 70# updates to rootdn. (e.g., "access to * by * read") 71# 72# rootdn can always read and write EVERYTHING! 73# 74 75 76####################################################################### 77# LMDB database definitions 78####################################################################### 79# 80dn: olcDatabase=mdb,cn=config 81objectClass: olcDatabaseConfig 82objectClass: olcMdbConfig 83olcDatabase: mdb 84olcSuffix: dc=my-domain,dc=com 85olcRootDN: cn=Manager,dc=my-domain,dc=com 86# Cleartext passwords, especially for the rootdn, should 87# be avoided. See slappasswd(8) and slapd-config(5) for details. 88# Use of strong authentication encouraged. 89olcRootPW: secret 90# The database directory MUST exist prior to running slapd AND 91# should only be accessible by the slapd and slap tools. 92# Mode 700 recommended. 93olcDbDirectory: %LOCALSTATEDIR%/openldap-data 94# Indices to maintain 95olcDbIndex: objectClass eq 96