1#
2# See slapd-config(5) for details on configuration options.
3# This file should NOT be world readable.
4#
5dn: cn=config
6objectClass: olcGlobal
7cn: config
8#
9#
10# Define global ACLs to disable default read access.
11#
12olcArgsFile: %LOCALSTATEDIR%/run/slapd.args
13olcPidFile: %LOCALSTATEDIR%/run/slapd.pid
14#
15# Do not enable referrals until AFTER you have a working directory
16# service AND an understanding of referrals.
17#olcReferral:	ldap://root.openldap.org
18#
19# Sample security restrictions
20#	Require integrity protection (prevent hijacking)
21#	Require 112-bit (3DES or better) encryption for updates
22#	Require 64-bit encryption for simple bind
23#olcSecurity: ssf=1 update_ssf=112 simple_bind=64
24
25
26#
27# Load dynamic backend modules:
28#
29#dn: cn=module,cn=config
30#objectClass: olcModuleList
31#cn: module
32#olcModulepath:	%MODULEDIR%
33#olcModuleload:	back_mdb.la
34#olcModuleload:	back_bdb.la
35#olcModuleload:	back_hdb.la
36#olcModuleload:	back_ldap.la
37#olcModuleload:	back_passwd.la
38#olcModuleload:	back_shell.la
39
40
41dn: cn=schema,cn=config
42objectClass: olcSchemaConfig
43cn: schema
44
45include: file://%SYSCONFDIR%/schema/core.ldif
46
47# Frontend settings
48#
49dn: olcDatabase=frontend,cn=config
50objectClass: olcDatabaseConfig
51objectClass: olcFrontendConfig
52olcDatabase: frontend
53#
54# Sample global access control policy:
55#	Root DSE: allow anyone to read it
56#	Subschema (sub)entry DSE: allow anyone to read it
57#	Other DSEs:
58#		Allow self write access
59#		Allow authenticated users read access
60#		Allow anonymous users to authenticate
61#
62#olcAccess: to dn.base="" by * read
63#olcAccess: to dn.base="cn=Subschema" by * read
64#olcAccess: to *
65#	by self write
66#	by users read
67#	by anonymous auth
68#
69# if no access controls are present, the default policy
70# allows anyone and everyone to read anything but restricts
71# updates to rootdn.  (e.g., "access to * by * read")
72#
73# rootdn can always read and write EVERYTHING!
74#
75
76
77#######################################################################
78# LMDB database definitions
79#######################################################################
80#
81dn: olcDatabase=mdb,cn=config
82objectClass: olcDatabaseConfig
83objectClass: olcMdbConfig
84olcDatabase: mdb
85olcSuffix: dc=my-domain,dc=com
86olcRootDN: cn=Manager,dc=my-domain,dc=com
87# Cleartext passwords, especially for the rootdn, should
88# be avoided.  See slappasswd(8) and slapd-config(5) for details.
89# Use of strong authentication encouraged.
90olcRootPW: secret
91# The database directory MUST exist prior to running slapd AND
92# should only be accessible by the slapd and slap tools.
93# Mode 700 recommended.
94olcDbDirectory:	%LOCALSTATEDIR%/openldap-data
95# Indices to maintain
96olcDbIndex: objectClass eq
97