12
12
# The tool-threads parameter sets the actual amount of cpu's that is used
16
# Load dynamic backend modules
17
dn: cn=module,cn=config
18
objectClass: olcModuleList
20
olcModulepath: /usr/lib/ldap
21
olcModuleload: back_@backend@
24
dn: cn=schema,cn=config
25
objectClass: olcSchemaConfig
28
include: file:///etc/ldap/schema/core.ldif
29
include: file:///etc/ldap/schema/cosine.ldif
30
include: file:///etc/ldap/schema/nis.ldif
31
include: file:///etc/ldap/schema/inetorgperson.ldif
15
olcAuthzRegexp: gidNumber=[[:digit:]]+\+uidNumber=0,cn=peercred,cn=external,cn=auth cn=localroot,cn=config
33
17
# Frontend settings
34
18
dn: olcDatabase={-1}frontend,cn=config
37
21
olcDatabase: {-1}frontend
38
22
# The maximum number of entries that is returned for a search operation
24
# Allow unlimited access to cn=localroot,cn=config which is the dn to wich a
25
# local connection from the local root user is mapped to
26
olcAccess: to * by dn.exact=cn=localroot,cn=config manage by * break
41
28
# Config db settings
42
29
dn: olcDatabase=config,cn=config
43
30
objectClass: olcDatabaseConfig
44
31
olcDatabase: config
32
# Allow unlimited access to cn=localroot,cn=config which is the dn to wich a
33
# local connection from the local root user is mapped to
34
olcAccess: to * by dn.exact=cn=localroot,cn=config manage by * break
45
35
olcRootDN: cn=admin,cn=config
49
dn: olcDatabase=@backend@,cn=config
50
objectClass: olcDatabaseConfig
51
objectClass: olc@Backend@Config
52
olcDatabase: @backend@
53
# The base of your directory
55
# rootdn directive for specifying a superuser on the database. This is needed
59
# Where the database file are physically stored
60
olcDbDirectory: /var/lib/ldap
61
# The dbconfig settings are used to generate a DB_CONFIG file the first
62
# time slapd starts. They do NOT override existing an existing DB_CONFIG
63
# file. You should therefore change these settings in DB_CONFIG directly
64
# or remove DB_CONFIG and restart slapd for changes to take effect.
65
# For the Debian package we use 2MB as default but be sure to update this
66
# value if you have plenty of RAM
67
olcDbConfig: set_cachesize 0 2097152 0
68
# Sven Hartge reported that he had to set this value incredibly high
69
# to get slapd running at all. See http://bugs.debian.org/303057 for more
71
# Number of objects that can be locked at the same time.
72
olcDbConfig: set_lk_max_objects 1500
73
# Number of locks (both requested and granted)
74
olcDbConfig: set_lk_max_locks 1500
76
olcDbConfig: set_lk_max_lockers 1500
78
olcDbIndex: objectClass eq
79
# Save the time that the entry gets modified
81
# Checkpoint the BerkeleyDB database periodically in case of system
82
# failure and to speed slapd shutdown.
83
olcDbCheckpoint: 512 30
84
# The userPassword by default can be changed
85
# by the entry owning it if they are authenticated.
86
# Others should not be able to see it, except the
88
# These access lines apply to database #1 only
89
olcAccess: to attrs=userPassword,shadowLastChange by dn="@ADMIN@" write by anonymous auth by self write by * none
90
# Ensure read access to the base for things like
91
# supportedSASLMechanisms. Without this you may
92
# have problems with SASL not knowing what
93
# mechanisms are available and the like.
94
# Note that this is covered by the 'access to *'
95
# ACL below too but if you change that as people
96
# are wont to do you'll still need this if you
97
# want SASL (and possible other things) to work
99
olcAccess: to dn.base="" by * read
100
# The admin dn has full write access, everyone else
101
# can read everything.
102
olcAccess: to * by dn="@ADMIN@" write by * read
103
# For Netscape Roaming support, each user gets a roaming
104
# profile for which they have write access to
105
#olcAccess: to dn=".*,ou=Roaming,o=morsnet" by dn="@ADMIN@" write by dnattr=owner write
38
dn: cn=schema,cn=config
39
objectClass: olcSchemaConfig
42
include: file:///etc/ldap/schema/core.ldif