1 # This is the main ldapd configuration file. See slapd.conf(5) for more
2 # info on the configuration options.
4 # Schema and objectClass definitions
5 include /etc/ldap/schema/core.schema
6 include /etc/ldap/schema/cosine.schema
7 include /etc/ldap/schema/nis.schema
8 include /etc/ldap/schema/inetorgperson.schema
9 include /etc/ldap/schema/ldapab.schema
12 # Schema check allows for forcing entries to
13 # match schemas for their objectClasses's
16 # Where the pid file is put. The init.d script
17 # will not stop the server if you change this.
18 pidfile /var/run/slapd.pid
20 # List of arguments that were passed to the server
21 argsfile /var/run/slapd.args
23 # Where to store the replica logs
24 replogfile /var/lib/ldap/replog
26 # Read slapd.conf(5) for possible values
30 # Don't set a limit n returned result sets
33 #######################################################################
34 # ldbm database definitions
35 #######################################################################
37 # The backend type, ldbm, is the default standard
40 # The base of your directory
41 suffix "o=cosmocode,c=de"
43 # Where the database file are physically stored
44 directory "/var/lib/ldap"
49 # Folgende Indizies sind im samba-LDAP-HOWTO empfohlen;
51 ## support pbb_getsampwnam()
53 ## support pdb_getsampwrid()
56 ## uncomment these if you are storing posixAccount and
57 ## posixGroup entries in the directory as well
63 # Save the time that the entry gets modified
66 # The userPassword by default can be changed
67 # by the entry owning it if they are authenticated.
68 # Others should not be able to see it, except the
70 access to attribute=userPassword
71 by dn="cn=admin,o=cosmocode,c=de" write
76 access to attribute=lmPassword
77 by dn="cn=admin,o=cosmocode,c=de" write
82 access to attribute=ntPassword
83 by dn="cn=admin,o=cosmocode,c=de" write
88 # private LDAP Addressbook is readable and writable for the owner only
89 access to dn="(.*,)?ou=contacts,cn=([^,]+),ou=people,(.*)$"
90 by dn="cn=$2,ou=people,$3" write
93 # global LDAP Addressbook is writable for all authenticated users
94 # This entry has to be _before_ any other entry that matches the contact
95 # tree eg. the * entry
96 access to dn.subtree="ou=contacts,o=cosmocode,c=de"
100 # The admin dn has full write access
102 by dn="cn=admin,o=cosmocode,c=de" write
105 # For Netscape Roaming support, each user gets a roaming
106 # profile for which they have write access to
107 #access to dn=".*,ou=Roaming,o=morsnet"
108 # by dn="cn=admin,o=cosmocode,c=de" write
109 # by dnattr=owner write