ldap/slapd.ldif

#
# See slapd-config(5) for details on configuration options.
# This file should NOT be world readable.
#
dn: cn=config
objectClass: olcGlobal
cn: config
#
#
# Define global ACLs to disable default read access.
#
# Do not enable referrals until AFTER you have a working directory
# service AND an understanding of referrals.
#olcReferral:	ldap://root.openldap.org
#
# Sample security restrictions
#	Require integrity protection (prevent hijacking)
#	Require 112-bit (3DES or better) encryption for updates
#	Require 64-bit encryption for simple bind
#olcSecurity: ssf=1 update_ssf=112 simple_bind=64


#
# Load dynamic backend modules:
#
dn: cn=z-module,cn=config
objectClass: olcModuleList
cn: z-module
olcModulepath:	/usr/lib/openldap
olcModuleload:	back_mdb.so
#olcModuleload:	back_ldap.so
#olcModuleload:	back_passwd.so

dn: cn=schema,cn=config
objectClass: olcSchemaConfig
cn: schema

include: file:///etc/openldap/schema/core.ldif
include: file:///etc/openldap/schema/cosine.ldif
include: file:///etc/openldap/schema/inetorgperson.ldif
include: file:///etc/openldap/schema/nis.ldif

include: file:///etc/openldap/schema/collective.ldif
include: file:///etc/openldap/schema/corba.ldif
#include: file:///etc/openldap/schema/dsee.ldif
include: file:///etc/openldap/schema/duaconf.ldif
include: file:///etc/openldap/schema/dyngroup.ldif
include: file:///etc/openldap/schema/java.ldif
include: file:///etc/openldap/schema/misc.ldif
include: file:///etc/openldap/schema/msuser.ldif
include: file:///etc/openldap/schema/namedobject.ldif
include: file:///etc/openldap/schema/openldap.ldif
include: file:///etc/openldap/schema/pmi.ldif


# Frontend settings
#
dn: olcDatabase=frontend,cn=config
objectClass: olcDatabaseConfig
objectClass: olcFrontendConfig
olcDatabase: frontend
#
# Sample global access control policy:
#	Root DSE: allow anyone to read it
#	Subschema (sub)entry DSE: allow anyone to read it
#	Other DSEs:
#		Allow self write access
#		Allow authenticated users read access
#		Allow anonymous users to authenticate
#
#olcAccess: to dn.base="" by * read
#olcAccess: to dn.base="cn=Subschema" by * read
#olcAccess: to *
#	by self write
#	by users read
#	by anonymous auth
#
# if no access controls are present, the default policy
# allows anyone and everyone to read anything but restricts
# updates to rootdn.  (e.g., "access to * by * read")
#
# rootdn can always read and write EVERYTHING!
#


#######################################################################
# LMDB database definitions
#######################################################################
#
dn: olcDatabase=mdb,cn=config
objectClass: olcDatabaseConfig
objectClass: olcMdbConfig
olcDatabase: mdb
olcDbMaxSize: 1073741824
olcSuffix: c=AU
olcRootDN: cn=Manager,c=AU
# Cleartext passwords, especially for the rootdn, should
# be avoided.  See slappasswd(8) and slapd-config(5) for details.
# Use of strong authentication encouraged.
olcRootPW: secret
# The database directory MUST exist prior to running slapd AND 
# should only be accessible by the slapd and slap tools.
# Mode 700 recommended.
olcDbDirectory:	/var/lib/openldap/data
# Indices to maintain
olcDbIndex: objectClass eq

dn: olcDatabase=monitor,cn=config
objectClass: olcDatabaseConfig
olcDatabase: monitor
olcRootDN: cn=config
olcMonitoring: FALSE

dn: olcDatabase=mdb,cn=config
objectClass: olcDatabaseConfig
objectClass: olcMdbConfig
olcDbDirectory: /var/lib/openldap/data
olcDatabase: mdb
olcLastMod: TRUE
olcMonitoring: TRUE
olcSuffix: dc=example,dc=com
olcAccess: to dn.base="" by dn="cn=admin,dc=Test" write by * read
olcAccess: to * by dn="cn=admin,dc=example,dc=com" write by dn="cn=admin,dc=Test" write by * read
olcRootDN: cn=admin,dc=example,dc=com
olcRootPW: {SSHA}e8xGdXmL+mSD3u/389YHeM+dpqFCUSyq

dn: olcDatabase=mdb,cn=config
objectClass: olcDatabaseConfig
objectClass: olcMdbConfig
olcDbDirectory: /var/lib/openldap/data
olcDatabase: mdb
olcLastMod: TRUE
olcMonitoring: TRUE
olcSuffix: dc=example.com
olcAccess: to dn.base="" by dn="cn=admin,dc=Test" write by * read
olcAccess: to * by dn="cn=AdminUser,dc=Test" write by anonymous write by * write
olcRootDN: cn=admin,dc=example.com
olcRootPW: {SSHA}e8xGdXmL+mSD3u/389YHeM+dpqFCUSyq

dn: olcDatabase=mdb,cn=config
objectClass: olcDatabaseConfig
objectClass: olcMdbConfig
olcDbDirectory: /var/lib/openldap/data
olcDatabase: mdb
olcLastMod: TRUE
olcMonitoring: TRUE
olcSuffix: o=Flintstones
olcAccess: to dn.base="" by dn="cn=admin,dc=Test" write by * read
olcAccess: to * by dn="cn=admin,o=Flintstones" write by dn="cn=admin,dc=Test" write by * read
olcRootDN: cn=admin,o=Flintstones
olcRootPW: {SSHA}e8xGdXmL+mSD3u/389YHeM+dpqFCUSyq

dn: olcDatabase=mdb,cn=config
objectClass: olcDatabaseConfig
objectClass: olcMdbConfig
olcDbDirectory: /var/lib/openldap/data
olcDatabase: mdb
olcLastMod: TRUE
olcMonitoring: TRUE
olcSuffix: o=Simpsons
olcAccess: to dn.base="" by dn="cn=admin,dc=Test" write by * read
#olcAccess: to attrs=userPassword,shadowLastChange by dn="cn=admin,dc=Test" write by anonymous auth by self =xw by * none
olcAccess: to attrs=userPassword,shadowLastChange by dn="cn=admin,dc=Test" write by anonymous auth by self write by * none
olcAccess: to * by dn="cn=admin,o=Simpsons" write by dn="cn=admin,dc=Test" write by * read
olcRootDN: cn=admin,o=Simpsons
olcRootPW: {SSHA}e8xGdXmL+mSD3u/389YHeM+dpqFCUSyq

dn: olcDatabase=mdb,cn=config
objectClass: olcDatabaseConfig
objectClass: olcMdbConfig
olcDbDirectory: /var/lib/openldap/data
olcDatabase: mdb
olcLastMod: TRUE
olcMonitoring: TRUE
olcSuffix: dc=Test
olcAccess: to dn.base="" by dn="cn=admin,dc=Test" write by * read
olcAccess: to * by dn="cn=admin,dc=Test" write by dn="cn=admin,dc=Test" write by * read
olcRootDN: cn=admin,dc=Test
olcRootPW: {SSHA}UCTtlcHOSqGCFuKtOCJAU8k8icNpVGiw