####################################################################### # Modules ####################################################################### include /etc/openldap/schema/core.schema include /etc/openldap/schema/cosine.schema include /etc/openldap/schema/corba.schema include /etc/openldap/schema/inetorgperson.schema include /etc/openldap/schema/nis.schema include /etc/openldap/schema/collective.schema include /etc/openldap/schema/openldap.schema modulepath /usr/lib/openldap moduleload back_mdb moduleload refint moduleload memberof ####################################################################### # Core ####################################################################### pidfile /var/slapd/slapd.pid argsfile /var/slapd/slapd.args loglevel conns serverID 0 ####################################################################### # Security ####################################################################### #TLSCACertificateFile /var/slapd/fullchain.pem TLSCertificateFile /var/slapd/cert.pem TLSCertificateKeyFile /var/slapd/key.pem TLSCipherSuite HIGH # Sample security restrictions # Define global ACLs to disable default read access. # Require integrity protection (prevent hijacking) # Require 112-bit (3DES or better) encryption for updates # Require 63-bit encryption for simple bind security ssf=1 simple_bind=256 update_ssf=256 ####################################################################### # MDB database definitions ####################################################################### database mdb maxsize 1073741824 suffix "dc=unit,dc=macaomilano,dc=org" # Overlays to be loaded for the database. overlay memberof # Cleartext passwords, especially for the rootdn, should # be avoid. See slappasswd(8) and slapd.conf(5) for details. # Use of strong authentication encouraged. rootdn "cn=root,dc=unit,dc=macaomilano,dc=org" rootpw {SHA}3Hbp8MAAbo+RngxRXGbbujmC94U= # The database directory MUST exist prior to running slapd AND # should only be accessible by the slapd and slap tools. # Mode 700 recommended. directory /var/slapd mode 0700 password-hash {CRYPT} password-crypt-salt-format "$6$%.16s" # Indices to maintain index objectClass pres,eq index uid,cn,sn,mail eq,sub index memberof pres,eq ####################################################################### # MemberOf configuration ####################################################################### memberof-group-oc groupOfNames memberof-memberof-ad memberOf memberof-member-ad member memberof-dangling error memberof-refint true ####################################################################### # ACLs ####################################################################### # Sample access control policy: # Root DSE: allow anyone to read it # Subschema (sub)entry DSE: allow anyone to read it # Other DSEs: # Allow self write access # Allow authenticated users read access # Allow anonymous users to authenticate # Directives needed to implement policy: #access to dn.base="" by * read #access to dn.base="cn=Subschema" by * read #access to * # by self write # by users read # by anonymous auth # # if no access controls are present, the default policy # allows anyone and everyone to read anything but restricts # updates to rootdn. (e.g., "access to * by * read") # # rootdn can always read and write EVERYTHING! access to dn.base="" by * read access to attrs=entry by * read access to attrs=userPassword by self write by anonymous auth access to dn.subtree="ou=Hackers,dc=unit,dc=macaomilano,dc=org" by self write by dn.subtree="ou=Services,dc=unit,dc=macaomilano,dc=org" read