[Pkg-openldap-devel] Bug#419222: slapd.conf
Gyuris Szabolcs
szimszon at oregpreshaz.eu
Sun Apr 15 09:22:07 UTC 2007
Hi Quanah!
Here it is the slapd.conf.
But I think the large number of threads is because after the slapd froze
then all connected client froze too. :(
Thank you!
-------------- next part --------------
# This is the main slapd configuration file. See slapd.conf(5) for more
# info on the configuration options.
#######################################################################
# Global Directives:
# Features to permit
allow bind_v2
# Schema and objectClass definitions
include /etc/ldap/schema/core.schema
include /etc/ldap/schema/cosine.schema
include /etc/ldap/schema/nis.schema
include /etc/ldap/schema/inetorgperson.schema
include /etc/ldap/schema/integrity/common.schema
include /etc/ldap/schema/integrity/ftp.schema
include /etc/ldap/schema/integrity/web.schema
include /etc/ldap/schema/integrity/mail.schema
include /etc/ldap/schema/integrity/nagios.schema
include /etc/ldap/schema/integrity/software_data.schema
# Schema check allows for forcing entries to
# match schemas for their objectClasses's
schemacheck on
# Where the pid file is put. The init.d script
# will not stop the server if you change this.
pidfile /var/run/slapd/slapd.pid
# List of arguments that were passed to the server
argsfile /var/run/slapd/slapd.args
# Read slapd.conf(5) for possible values
loglevel 256
# Where the dynamically loaded modules are stored
modulepath /usr/lib/ldap
moduleload back_hdb
TLSCACertificateFile /etc/ldap/integrity-ca.pem
TLSCertificateFile /etc/ldap/ldap.pem
TLSCertificateKeyFile /etc/ldap/ldap.pem
TLSVerifyClient never
#######################################################################
# Specific Backend Directives for bdb:
# Backend specific directives apply to this backend until another
# 'backend' directive occurs
backend hdb
#######################################################################
# Specific Backend Directives for 'other':
# Backend specific directives apply to this backend until another
# 'backend' directive occurs
#backend <other>
#######################################################################
# Specific Directives for database #1, of type bdb:
# Database specific directives apply to this databasse until another
# 'database' directive occurs
database hdb
# The base of your directory in database #1
suffix "dc=domain,dc=tld"
# Where the database file are physically stored for database #1
directory "/var/lib/ldap"
# Indexing options for database #1
index objectClass eq
index apacheServerName pres,eq
index apacheServerAlias pres,eq
index uid pres,eq
index userClass,uidNumber,gidNumber,cn eq
index memberUid eq
#index uniqueMember eq,pres
#index memberUid,employeeType,mail pres,eq,approx,sub
# Save the time that the entry gets modified, for database #1
lastmod on
# Where to store the replica logs for database #1
replogfile /var/lib/ldap/replog
rootdn "cn=admin,dc=domain,dc=tld"
rootpw "password"
#replica
updatedn "cn=admin,dc=domain,dc=tld"
# The userPassword by default can be changed
# by the entry owning it if they are authenticated.
# Others should not be able to see it, except the
# admin entry below
# These access lines apply to database #1 only
access to dn.regex=".*ou=virtualFtp,dc=domain,dc=tld" attrs=userPassword
by dn="cn=admin,dc=domain,dc=tld" write
by dn="cn=stadmin,dc=domain,dc=tld" write
by dn="uid=user1,ou=People,dc=domain,dc=tld" write
by dn="uid=user2,ou=People,dc=domain,dc=tld" write
by dn="uid=user3,ou=People,dc=domain,dc=tld" write
by dn="uid=user4,ou=People,dc=domain,dc=tld" write
by anonymous auth
by self write
by * none
access to dn.regex=".*ou=virtualWeb,dc=domain,dc=tld" attrs=userPassword
by dn="cn=admin,dc=domain,dc=tld" write
by dn="cn=stadmin,dc=domain,dc=tld" write
by dn="uid=user1,ou=People,dc=domain,dc=tld" write
by dn="uid=user2,ou=People,dc=domain,dc=tld" write
by dn="uid=user3,ou=People,dc=domain,dc=tld" write
by dn="uid=user4,ou=People,dc=domain,dc=tld" write
by anonymous auth
by self write
by * none
access to attrs=operation
by dn="cn=operator,dc=domain,dc=tld" write
by dn="cn=admin,dc=domain,dc=tld" write
by dn="cn=stadmin,dc=domain,dc=tld" write
by dn="uid=user1,ou=People,dc=domain,dc=tld" write
by dn="uid=user2,ou=People,dc=domain,dc=tld" write
by dn="uid=user3,ou=People,dc=domain,dc=tld" write
by dn="uid=user4,ou=People,dc=domain,dc=tld" write
by anonymous auth
by self write
by * read
access to attrs=modified
by dn="cn=operator,dc=domain,dc=tld" write
by dn="cn=admin,dc=domain,dc=tld" write
by dn="cn=stadmin,dc=domain,dc=tld" write
by dn="uid=user1,ou=People,dc=domain,dc=tld" write
by dn="uid=user2,ou=People,dc=domain,dc=tld" write
by dn="uid=user3,ou=People,dc=domain,dc=tld" write
by dn="uid=user4,ou=People,dc=domain,dc=tld" write
by anonymous auth
by self write
by * read
access to dn.regex=".*ou=virtualWeb,dc=domain,dc=tld"
by dn="cn=operator,dc=domain,dc=tld" read
by dn="cn=admin,dc=domain,dc=tld" write
by dn="cn=stadmin,dc=domain,dc=tld" write
by dn="uid=user1,ou=People,dc=domain,dc=tld" write
by dn="uid=user2,ou=People,dc=domain,dc=tld" write
by dn="uid=user3,ou=People,dc=domain,dc=tld" write
by dn="uid=user4,ou=People,dc=domain,dc=tld" write
by anonymous auth
by self write
by * read
access to dn.regex=".*ou=virtualFtp,dc=domain,dc=tld$"
by dn="cn=admin,dc=domain,dc=tld" write
by dn="cn=stadmin,dc=domain,dc=tld" write
by dn="cn=operator,dc=domain,dc=tld" read
by dn="uid=user1,ou=People,dc=domain,dc=tld" write
by dn="uid=user2,ou=People,dc=domain,dc=tld" write
by dn="uid=user3,ou=People,dc=domain,dc=tld" write
by dn="uid=user4,ou=People,dc=domain,dc=tld" write
by anonymous read
by * none
# az admin a domain ala tudjon felvenni ujabb usereket
access to dn.regex="^domain=([^,]+),.*ou=virtualFtp,dc=domain,dc=tld$" attrs=children
by dn="cn=admin,dc=domain,dc=tld" write
by dn="cn=stadmin,dc=domain,dc=tld" write
by dn.exact,expand="uid=admin_$1,domain=$1,ou=virtualFtp,dc=domain,dc=tld" write
by dn="cn=operator,dc=domain,dc=tld" read
by dn="uid=user1,ou=People,dc=domain,dc=tld" write
by dn="uid=user2,ou=People,dc=domain,dc=tld" write
by dn="uid=user3,ou=People,dc=domain,dc=tld" write
by dn="uid=user4,ou=People,dc=domain,dc=tld" write
by anonymous read
by * none
access to dn.regex="^uid=[^,]+,domain=([^,]+),.*ou=virtualFtp,dc=domain,dc=tld$" attrs=entry
by dn="cn=admin,dc=domain,dc=tld" write
by dn="cn=stadmin,dc=domain,dc=tld" write
by dn.exact,expand="uid=admin_$1,domain=$1,ou=virtualFtp,dc=domain,dc=tld" write
by anonymous read
by dn="cn=operator,dc=domain,dc=tld" read
by dn="uid=user1,ou=People,dc=domain,dc=tld" write
by dn="uid=user2,ou=People,dc=domain,dc=tld" write
by dn="uid=user3,ou=People,dc=domain,dc=tld" write
by dn="uid=user4,ou=People,dc=domain,dc=tld" write
by self write
by * none
# anonymouskent az objectClass es az uid olvashato (bind kereseshez)
access to dn.regex="^uid=[^,]+,domain=([^,]+),.*ou=virtualFtp,dc=domain,dc=tld$" attrs=objectClass,uid,active
by dn="cn=admin,dc=domain,dc=tld" write
by dn="cn=stadmin,dc=domain,dc=tld" write
by dn.exact,expand="uid=admin_$1,domain=$1,ou=virtualFtp,dc=domain,dc=tld" write
by anonymous read
by dn="cn=operator,dc=domain,dc=tld" read
by dn="uid=user1,ou=People,dc=domain,dc=tld" write
by dn="uid=user2,ou=People,dc=domain,dc=tld" write
by dn="uid=user3,ou=People,dc=domain,dc=tld" write
by dn="uid=user4,ou=People,dc=domain,dc=tld" write
by self write
by * none
access to dn.regex="^uid=[^,]+,domain=([^,]+),.*ou=virtualFtp,dc=domain,dc=tld$" attrs=@ftpAccount
by dn="cn=admin,dc=domain,dc=tld" write
by dn="cn=stadmin,dc=domain,dc=tld" write
by dn.exact,expand="uid=admin_$1,domain=$1,ou=virtualFtp,dc=domain,dc=tld" write
by dn="cn=operator,dc=domain,dc=tld" read
by dn="uid=user1,ou=People,dc=domain,dc=tld" write
by dn="uid=user2,ou=People,dc=domain,dc=tld" write
by dn="uid=user3,ou=People,dc=domain,dc=tld" write
by dn="uid=user4,ou=People,dc=domain,dc=tld" write
by anonymous auth
by self write
by * none
access to attrs=userPassword
by dn="cn=admin,dc=domain,dc=tld" write
by anonymous auth
by self write
by * none
# Ensure read access to the base for things like
# supportedSASLMechanisms. Without this you may
# have problems with SASL not knowing what
# mechanisms are available and the like.
# Note that this is covered by the 'access to *'
# ACL below too but if you change that as people
# are wont to do you'll still need this if you
# want SASL (and possible other things) to work
# happily.
access to dn.base="" by * read
# The admin dn has full write access, everyone else
# can read everything.
access to *
by dn="cn=admin,dc=domain,dc=tld" write
by * read
# For Netscape Roaming support, each user gets a roaming
# profile for which they have write access to
#access to dn=".*,ou=Roaming,o=morsnet"
# by dn="cn=admin,dc=domain,dc=tld" write
# by dnattr=owner write
#######################################################################
# Specific Directives for database #2, of type 'other' (can be bdb too):
# Database specific directives apply to this databasse until another
# 'database' directive occurs
#database <other>
# The base of your directory for database #2
#suffix "dc=debian,dc=org"
sizelimit unlimited
More information about the Pkg-openldap-devel
mailing list