1# provider slapd config -- for testing 2# $OpenLDAP$ 3## This work is part of OpenLDAP Software <http://www.openldap.org/>. 4## 5## Copyright 1998-2021 The OpenLDAP Foundation. 6## All rights reserved. 7## 8## Redistribution and use in source and binary forms, with or without 9## modification, are permitted only as authorized by the OpenLDAP 10## Public License. 11## 12## A copy of this license is available in the file LICENSE in the 13## top-level directory of the distribution or, alternatively, at 14## <http://www.OpenLDAP.org/license.html>. 15 16#ucdata-path ./ucdata 17include @SCHEMADIR@/core.schema 18include @SCHEMADIR@/cosine.schema 19include @SCHEMADIR@/inetorgperson.schema 20include @SCHEMADIR@/openldap.schema 21include @SCHEMADIR@/nis.schema 22pidfile @TESTDIR@/slapd.1.pid 23argsfile @TESTDIR@/slapd.1.args 24 25#mod#modulepath ../servers/slapd/back-@BACKEND@/ 26#mod#moduleload back_@BACKEND@.la 27#ldapmod#modulepath ../servers/slapd/back-ldap/ 28#ldapmod#moduleload back_ldap.la 29#rwmmod#modulepath ../servers/slapd/overlays/ 30#rwmmod#moduleload rwm.la 31 32####################################################################### 33# database definitions 34####################################################################### 35 36authz-policy both 37authz-regexp "^uid=manager,.+" "cn=Manager,dc=example,dc=com" 38authz-regexp "^uid=admin/([^,]+),.+" "ldap:///ou=Admin,dc=example,dc=com??sub?(cn=$1)" 39authz-regexp "^uid=it/([^,]+),.+" "ldap:///ou=People,dc=example,dc=it??sub?(uid=$1)" 40authz-regexp "^uid=(us/)?([^,]+),.+" "ldap:///ou=People,dc=example,dc=com??sub?(uid=$2)" 41 42# 43# normal installations should protect root dse, 44# cn=monitor, cn=schema, and cn=config 45# 46 47access to attrs=userpassword 48 by self =wx 49 by anonymous =x 50 51access to dn.exact="" 52 by * read 53 54access to * 55 by users read 56 by * search 57 58database @BACKEND@ 59 60suffix "dc=example,dc=com" 61rootdn "cn=Manager,dc=example,dc=com" 62rootpw secret 63#null#bind on 64#~null~#directory @TESTDIR@/db.1.a 65#indexdb#index objectClass eq 66#indexdb#index cn,sn,uid pres,eq,sub 67#ndb#dbname db_1 68#ndb#include @DATADIR@/ndb.conf 69 70access to dn.exact="cn=Proxy,ou=Admin,dc=example,dc=com" 71 attrs=authzTo 72 by dn.exact="cn=Proxy,ou=Admin,dc=example,dc=com" =wx 73 by * =x 74 75database @BACKEND@ 76 77suffix "dc=example,dc=it" 78rootdn "cn=Manager,dc=example,dc=it" 79rootpw secret 80#~null~#directory @TESTDIR@/db.2.a 81#indexdb#index objectClass eq 82#indexdb#index cn,sn,uid pres,eq,sub 83#ndb#dbname db_2 84#ndb#include @DATADIR@/ndb.conf 85 86database ldap 87suffix "o=Example,c=US" 88uri "@URI1@" 89 90#sasl#idassert-bind bindmethod=sasl binddn="cn=Proxy US,ou=Admin,dc=example,dc=com" authcId="admin/proxy US" credentials="proxy" @SASL_MECH@ mode=self 91#nosasl#idassert-bind bindmethod=simple binddn="cn=Proxy US,ou=Admin,dc=example,dc=com" credentials="proxy" mode=self 92 93# authorizes database 94idassert-authzFrom "dn.subtree:dc=example,dc=it" 95 96overlay rwm 97rwm-suffixmassage "dc=example,dc=com" 98 99database ldap 100suffix "o=Esempio,c=IT" 101uri "@URI1@" 102 103acl-bind bindmethod=simple binddn="cn=Proxy IT,ou=Admin,dc=example,dc=com" credentials="proxy" 104idassert-bind bindmethod=simple binddn="cn=Proxy IT,ou=Admin,dc=example,dc=com" credentials="proxy" authzId="dn:cn=Sandbox,ou=Admin,dc=example,dc=com" 105 106# authorizes database 107idassert-authzFrom "dn.subtree:dc=example,dc=com" 108# authorizes anonymous 109idassert-authzFrom "dn.exact:" 110 111overlay rwm 112rwm-suffixmassage "dc=example,dc=com" 113 114access to attrs=entry,cn,sn,mail 115 by users read 116 117access to * 118 by dn.exact="cn=Proxy IT,ou=Admin,o=Esempio,c=IT" read 119 by group.exact="cn=Authorizable,ou=Groups,o=Esempio,c=IT" read 120 by dn.exact="cn=Sandbox,ou=Admin,dc=example,dc=com" search 121 by * none 122 123database monitor 124rootdn "cn=monitor" 125rootpw monitor 126