1 # This is the main ldapd configuration file. See slapd.conf(5) for more
2 # info on the configuration options.
4 # Schema and objectClass definitions
5 include /etc/ldap/schema/core.schema
6 include /etc/ldap/schema/cosine.schema
7 include /etc/ldap/schema/nis.schema
8 include /etc/ldap/schema/inetorgperson.schema
9 include /etc/ldap/schema/ldapab.schema
12 # Schema check allows for forcing entries to
13 # match schemas for their objectClasses's
16 # Where the pid file is put. The init.d script
17 # will not stop the server if you change this.
18 pidfile /var/run/slapd.pid
20 # List of arguments that were passed to the server
21 argsfile /var/run/slapd.args
23 # Where to store the replica logs
24 replogfile /var/lib/ldap/replog
26 # Read slapd.conf(5) for possible values
30 # Don't set a limit n returned result sets
33 #######################################################################
34 # ldbm database definitions
35 #######################################################################
37 # The backend type, ldbm, is the default standard
40 # The base of your directory
41 suffix "o=cosmocode,c=de"
43 # Where the database file are physically stored
44 directory "/var/lib/ldap"
49 ## support pbb_getsampwnam()
51 ## support pdb_getsampwrid()
54 ## uncomment these if you are storing posixAccount and
55 ## posixGroup entries in the directory as well
61 # Save the time that the entry gets modified
64 # The userPassword by default can be changed
65 # by the entry owning it if they are authenticated.
66 # Others should not be able to see it, except the
68 access to attrs=userPassword
69 by dn="cn=admin,o=cosmocode,c=de" write
74 access to attrs=lmPassword
75 by dn="cn=admin,o=cosmocode,c=de" write
80 access to attrs=ntPassword
81 by dn="cn=admin,o=cosmocode,c=de" write
86 # private LDAP Addressbook is readable and writable for the owner only
87 access to dn.regex="(.*,)?ou=contacts,cn=([^,]+),ou=people,(.*)$"
88 by dn.regex="cn=$2,ou=people,$3" write
91 # user entry is writable for the owner only, but readable for all
92 access to dn.regex="(.*,)?cn=([^,]+),ou=people,(.*)$"
93 by dn.regex="cn=ldapadmin,o=cosmocode,c=de" write
94 by dn.regex="cn=$2,ou=people,$3" write
97 # global LDAP Addressbook is writable for all authenticated users
98 # This entry has to be _before_ any other entry that matches the contact
99 # tree eg. the * entry
100 access to dn.subtree="ou=contacts,o=cosmocode,c=de"
104 # The admin dn has full write access
106 by dn="cn=admin,o=cosmocode,c=de" write