80 lines
2.2 KiB
Plaintext
80 lines
2.2 KiB
Plaintext
dn: cn=config
|
|
objectClass: olcGlobal
|
|
cn: config
|
|
olcArgsFile: /var/run/slapd/slapd.args
|
|
olcPidFile: /var/run/slapd/slapd.pid
|
|
olcToolThreads: 1
|
|
olcLogLevel: none
|
|
olcServerId: 1
|
|
olcTLSCertificateFile: /etc/ldap/ssl/slapd.pem
|
|
olcTLSCertificateKeyFile: /etc/ldap/ssl/slapd.key
|
|
|
|
dn: cn=module{0},cn=config
|
|
objectClass: olcModuleList
|
|
cn: module{0}
|
|
olcModulePath: /usr/lib/ldap
|
|
olcModuleLoad: {0}back_hdb
|
|
olcModuleLoad: {1}back_monitor
|
|
olcModuleLoad: {2}back_mdb
|
|
olcModuleLoad: {3}accesslog
|
|
olcModuleLoad: {4}unique
|
|
olcModuleLoad: {5}refint
|
|
olcModuleLoad: {6}constraint
|
|
olcModuleLoad: {7}syncprov
|
|
|
|
dn: cn=schema,cn=config
|
|
objectClass: olcSchemaConfig
|
|
cn: schema
|
|
|
|
dn: olcDatabase={-1}frontend,cn=config
|
|
objectClass: olcDatabaseConfig
|
|
objectClass: olcFrontendConfig
|
|
olcDatabase: {-1}frontend
|
|
olcAccess: {0}to *
|
|
by dn.exact=gidNumber=0+uidNumber=0,cn=peercred,cn=external,cn=auth manage
|
|
by * break
|
|
olcAccess: {1}to dn.exact="" by * read
|
|
olcAccess: {2}to dn.base="cn=Subschema" by * read
|
|
olcSizeLimit: 500
|
|
olcLimits: {0}* size.pr=1000 size.prtotal=unlimited
|
|
|
|
dn: olcDatabase={0}config,cn=config
|
|
objectClass: olcDatabaseConfig
|
|
olcDatabase: {0}config
|
|
olcAccess: {0}to *
|
|
by dn.exact=gidNumber=0+uidNumber=0,cn=peercred,cn=external,cn=auth manage
|
|
by * break
|
|
olcRootDN: cn=admin,cn=config
|
|
|
|
dn: olcDatabase={1}mdb,cn=config
|
|
objectClass: olcDatabaseConfig
|
|
objectClass: olcMdbConfig
|
|
olcSuffix: cn=config-accesslog
|
|
olcDbDirectory: /var/lib/ldap/config-accesslog/
|
|
# Allow reading accesslog only by root
|
|
olcAccess: {0}to *
|
|
by dn.exact="gidNumber=0+uidNumber=0,cn=peercred,cn=external,cn=auth" read
|
|
by * break
|
|
|
|
dn: olcDatabase={1}monitor,cn=config
|
|
objectClass: olcDatabaseConfig
|
|
objectClass: olcMonitorConfig
|
|
olcDatabase: {1}monitor
|
|
# Allow reading monitoring only by root
|
|
olcAccess: {0}to *
|
|
by dn.exact="gidNumber=0+uidNumber=0,cn=peercred,cn=external,cn=auth" read
|
|
by * break
|
|
|
|
# Log all writes to the configuration
|
|
dn: olcOverlay={0}accesslog,olcDatabase={0}config,cn=config
|
|
objectClass: olcAccesslogConfig
|
|
objectClass: olcOverlayConfig
|
|
objectClass: olcConfig
|
|
objectClass: top
|
|
olcOverlay: {0}accesslog
|
|
olcAccessLogDB: cn=config-accesslog
|
|
olcAccessLogOps: writes
|
|
# log are conserved one year and purged every day
|
|
olcAccessLogPurge: 365+00:00 1+00:00
|
|
olcAccessLogOld: objectClass=olcConfig
|