2 # See slapd.d(5) for details on configuration options.
3 # This file should NOT be world readable.
10 # Define global ACLs to disable default read access.
12 olcArgsFile: %LOCALSTATEDIR%/run/slapd.args
13 olcPidFile: %LOCALSTATEDIR%/run/slapd.pid
15 # Do not enable referrals until AFTER you have a working directory
16 # service AND an understanding of referrals.
17 #olcReferral: ldap://root.openldap.org
19 # Sample security restrictions
20 # Require integrity protection (prevent hijacking)
21 # Require 112-bit (3DES or better) encryption for updates
22 # Require 64-bit encryption for simple bind
23 #olcSecurity: ssf=1 update_ssf=112 simple_bind=64
27 # Load dynamic backend modules:
29 #dn: cn=module,cn=config
30 #objectClass: olcModuleList
31 #olcModulepath: %MODULEDIR%
32 #olcModuleload: back_bdb.la
33 #olcModuleload: back_hdb.la
34 #olcModuleload: back_ldap.la
35 #olcModuleload: back_passwd.la
36 #olcModuleload: back_shell.la
39 dn: cn=schema,cn=config
40 objectClass: olcSchemaConfig
43 include: file:///%SYSCONFDIR%/schema/core.ldif
47 dn: olcDatabase=frontend,cn=config
48 objectClass: olcDatabaseConfig
51 # Sample global access control policy:
52 # Root DSE: allow anyone to read it
53 # Subschema (sub)entry DSE: allow anyone to read it
55 # Allow self write access
56 # Allow authenticated users read access
57 # Allow anonymous users to authenticate
59 #olcAccess: to dn.base="" by * read
60 #olcAccess: to dn.base="cn=Subschema" by * read
66 # if no access controls are present, the default policy
67 # allows anyone and everyone to read anything but restricts
68 # updates to rootdn. (e.g., "access to * by * read")
70 # rootdn can always read and write EVERYTHING!
74 #######################################################################
75 # BDB database definitions
76 #######################################################################
78 dn: olcDatabase=bdb,cn=config
79 objectClass: olcDatabaseConfig
80 objectClass: olcBdbConfig
82 olcSuffix: dc=my-domain,dc=com
83 olcRootDN: cn=Manager,dc=my-domain,dc=com
84 # Cleartext passwords, especially for the rootdn, should
85 # be avoided. See slappasswd(8) and slapd.d(5) for details.
86 # Use of strong authentication encouraged.
88 # The database directory MUST exist prior to running slapd AND
89 # should only be accessible by the slapd and slap tools.
90 # Mode 700 recommended.
91 olcDbDirectory: %LOCALSTATEDIR%/openldap-data
93 olcDbIndex: objectClass eq