1# master slapd config -- for testing 2# $OpenLDAP: pkg/ldap/tests/data/slapd-idassert.conf,v 1.16.2.5 2008/04/15 00:05:16 quanah Exp $ 3## This work is part of OpenLDAP Software <http://www.openldap.org/>. 4## 5## Copyright 1998-2008 The OpenLDAP Foundation. 6## All rights reserved. 7## 8## Redistribution and use in source and binary forms, with or without 9## modification, are permitted only as authorized by the OpenLDAP 10## Public License. 11## 12## A copy of this license is available in the file LICENSE in the 13## top-level directory of the distribution or, alternatively, at 14## <http://www.OpenLDAP.org/license.html>. 15 16#ucdata-path ./ucdata 17include @SCHEMADIR@/core.schema 18include @SCHEMADIR@/cosine.schema 19include @SCHEMADIR@/inetorgperson.schema 20include @SCHEMADIR@/openldap.schema 21include @SCHEMADIR@/nis.schema 22pidfile @TESTDIR@/slapd.1.pid 23argsfile @TESTDIR@/slapd.1.args 24 25#mod#modulepath ../servers/slapd/back-@BACKEND@/ 26#mod#moduleload back_@BACKEND@.la 27#ldapmod#modulepath ../servers/slapd/back-ldap/ 28#ldapmod#moduleload back_ldap.la 29#monitormod#modulepath ../servers/slapd/back-monitor/ 30#monitormod#moduleload back_monitor.la 31#rwmmod#modulepath ../servers/slapd/overlays/ 32#rwmmod#moduleload rwm.la 33 34####################################################################### 35# database definitions 36####################################################################### 37 38authz-policy both 39authz-regexp "^uid=admin/([^,]+),.+" "ldap:///ou=Admin,dc=example,dc=com??sub?(cn=$1)" 40authz-regexp "^uid=it/([^,]+),.+" "ldap:///ou=People,dc=example,dc=it??sub?(uid=$1)" 41authz-regexp "^uid=(us/)?([^,]+),.+" "ldap:///ou=People,dc=example,dc=com??sub?(uid=$2)" 42 43# 44# normal installations should protect root dse, 45# cn=monitor, cn=schema, and cn=config 46# 47 48access to attrs=userpassword 49 by self =wx 50 by anonymous =x 51 52access to dn.exact="" 53 by * read 54 55access to * 56 by users read 57 by * search 58 59database @BACKEND@ 60 61suffix "dc=example,dc=com" 62directory @TESTDIR@/db.1.a 63rootdn "cn=Manager,dc=example,dc=com" 64rootpw secret 65#bdb#index objectClass eq 66#bdb#index cn,sn,uid pres,eq,sub 67#hdb#index objectClass eq 68#hdb#index cn,sn,uid pres,eq,sub 69 70access to dn.exact="cn=Proxy,ou=Admin,dc=example,dc=com" 71 attrs=authzTo 72 by dn.exact="cn=Proxy,ou=Admin,dc=example,dc=com" =wx 73 by * =x 74 75database @BACKEND@ 76 77suffix "dc=example,dc=it" 78directory @TESTDIR@/db.2.a 79rootdn "cn=Manager,dc=example,dc=it" 80rootpw secret 81#bdb#index objectClass eq 82#bdb#index cn,sn,uid pres,eq,sub 83#hdb#index objectClass eq 84#hdb#index cn,sn,uid pres,eq,sub 85 86database ldap 87suffix "o=Example,c=US" 88uri "@URI1@" 89 90#sasl#idassert-bind bindmethod=sasl binddn="cn=Proxy US,ou=Admin,dc=example,dc=com" authcId="admin/proxy US" credentials="proxy" @SASL_MECH@ mode=self 91#nosasl#idassert-bind bindmethod=simple binddn="cn=Proxy US,ou=Admin,dc=example,dc=com" credentials="proxy" mode=self 92 93# authorizes database 94idassert-authzFrom "dn.subtree:dc=example,dc=it" 95 96overlay rwm 97rwm-suffixmassage "dc=example,dc=com" 98 99database ldap 100suffix "o=Esempio,c=IT" 101uri "@URI1@" 102 103acl-authcDN "cn=Proxy IT,ou=Admin,dc=example,dc=com" 104acl-passwd proxy 105 106idassert-bind bindmethod=simple binddn="cn=Proxy IT,ou=Admin,dc=example,dc=com" credentials="proxy" authzId="dn:cn=Sandbox,ou=Admin,dc=example,dc=com" 107 108# authorizes database 109idassert-authzFrom "dn.subtree:dc=example,dc=com" 110# authorizes anonymous 111idassert-authzFrom "dn.exact:" 112 113overlay rwm 114rwm-suffixmassage "dc=example,dc=com" 115 116access to attrs=entry,cn,sn,mail 117 by users read 118 119access to * 120 by dn.exact="cn=Proxy IT,ou=Admin,o=Esempio,c=IT" read 121 by group.exact="cn=Authorizable,ou=Groups,o=Esempio,c=IT" read 122 by dn.exact="cn=Sandbox,ou=Admin,dc=example,dc=com" search 123 by * none 124 125#monitor#database monitor 126#monitor#rootdn "cn=monitor" 127#monitor#rootpw monitor 128