Removed socket server

[gosa.git] / gosa-core / contrib / altlinux / etc / openldap / slapd.conf

# $OpenLDAP: pkg/ldap/servers/slapd/slapd.conf,v 1.23.2.8 2003/05/24 23:19:14 kurt Exp $
#
# See slapd.conf(5) for details on configuration options.
# This file should NOT be world readable.
#
# [ GLOBAL SETTINGS ]
# Default schemas
include         /etc/openldap/schema/core.schema
include         /etc/openldap/schema/cosine.schema
include         /etc/openldap/schema/inetorgperson.schema
include         /etc/openldap/schema/openldap.schema
include         /etc/openldap/schema/nis.schema
#include                /etc/openldap/schema/misc.schema
#include                /etc/openldap/schema/rfc822-MailMember.schema
#include                /etc/openldap/schema/kerberosobject.schema
#include                /etc/openldap/schema/corba.schema
#include                /etc/openldap/schema/java.schema
# Addon schemas
#include                /etc/openldap/schema/autofs.schema
#include                /etc/openldap/schema/courier.schema
#include                /etc/openldap/schema/dnszone.schema
#include                /etc/openldap/schema/qmail.schema
#include                /etc/openldap/schema/qmailControl.schema
#include                /etc/openldap/schema/samba2.schema
include         /etc/openldap/schema/samba3.schema
# Experementel schemas
#include                /etc/openldap/schema/cron.schema
#include                /etc/openldap/schema/trust.schema
#include                /etc/openldap/schema/turbo.schema
# Netscape roaming
#include                /etc/openldap/schema/mull.schema
#include                /etc/openldap/schema/netscape-profile.schema
# Local schema

# GOSA2 schemas
#include                /etc/openldap/schema/local.schema
include         /etc/openldap/schema/gohard.schema
include         /etc/openldap/schema/goto.schema
include         /etc/openldap/schema/gofax.schema
include         /etc/openldap/schema/goserver.schema
include         /etc/openldap/schema/gosa+samba3.schema
#include                /etc/openldap/schema/gosa.schema

# Specify  a  set  of features (separated by white space) to allow.
allow bind_v2

# Do not enable referrals until AFTER you have a working directory
# service AND an understanding of referrals.
#referral ldap://root.openldap.org

# Specify a desired level of concurrency. Provided to the underlying thread
# system as a hint. The default is not to provide any hint.
concurency 20

# Specify  the maximum number of pending requests for an anonymous session.  If
# requests are submitted faster than the  server  can process them, they will
# be queued up to this limit. If the limit is exceeded, the session is closed.
#conn_max_pending 100

# Specify  the  maximum  number  of  pending   requests   for   an
# authenticated session.
#conn_max_pending 1000 

# Specify  a default search base to use when client submits a non-base search
# request with an empty base DN.
defaultsearchbase "dc=example,dc=com"

# A SIGHUP signal will only  cause  a  'gentle'  shutdown-attempt: Slapd  will
# stop  listening  for  new connections, but will not close the connections to
# the  current  clients.
gentlehup on

# Specify the number of seconds to wait before forcibly closing an idle client
# connection. A idletimeout of 0 disables this feature.
#idletimeout 0

# Specify time and size limits based on who initiated an operation.
#sizelimit 500
#timelimit 60
#limits anonymous time.soft=60 time.hard=120
#limits anonymous size.soft=1000 size.hard=1100 size.unchecked=1000
#limits users time.soft=60 time.hard=120
#limits users size=1000
#limits dn.base="ou=People,dc=example,dc=com" size=100

# Specify the level at which debugging statements and operation statistics
# should be syslogged (currently logged to the syslogd(8) LOG_LOCAL4 facility).
# Log levels are additive, and available levels are:
#    -1  full
#     0  none
#     1  trace function calls
#     2  debug packet handling
#     4  heavy trace debugging
#     8  connection management
#    16  print out packets sent and received
#    32  search filter processing
#    64  configuration file processing
#   128  access control list processing
#   256  stats log connections/operations/results
#   512  stats log entries sent
#  1024  print communication with shell backends
#  2048  entry parsing
#loglevel 256

# This option sets the hash to be used in generation of user passwords, stored
# in userPassword, during processing of LDAP Password Modify Extended
# Operations (RFC 3062). The <hash> must be one of {SSHA}, {SHA}, {SMD5},
# {MD5}, {CRYPT}, and {CLEARTEXT}. The default is {SSHA}.
#password-hash {SSHA}

# The ( absolute ) name of a file that will hold the server's process ID
# if started without the debugging command line option.
pidfile                 /var/run/slapd.pid
argsfile                /var/run/slapd.args
replica-pidfile         /var/run/slurpd.pid
replica-argsfile        /var/run/slurpd.args

# Specify a set of conditions (separated by white space) to require (default
# none). The directive may be specified globally and/or per-database. bind
# requires bind operation prior to directory operations. LDAPv3 requires
# session to be using LDAP version 3. authc requires authentication prior to
# directory operations. SASL requires SASL authentication prior to directory
# operations. strong requires strong authentication prior to directory
# operations. The strong keyword allows protected "simple" authentication as
# well as SASL authentication. none may be used to require no conditions
# (useful for clearly globally set conditions within a particular database).
#require none

# Specify the name of an LDIF(5) file containing user defined attributes for
# the root DSE. These attributes are returned in addition to the attributes
# normally produced by slapd.
#rootDSE /etc/openldap/rootdse.ldif

# Specify a set of factors (separated by white space) to require. An integer
# value is associated with each factor and is roughly equivalent of the
# encryption key length to require. A value of 112 is equivalent to 3DES, 128
# to Blowfish, etc..
#       Require integrity protection (prevent hijacking)
#       Require 112-bit (3DES or better) encryption for updates
#       Require 63-bit encryption for simple bind
#security ssf=1 update_ssf=112 simple_bind=64

# Specify the maximum size of the primary thread pool. The default is 16.
#threads 16


#
# [ TLS OPTIONS ]
#
# Permits configuring what ciphers will be accepted and the preference order.
# <cipher-suite-spec> should be a cipher specification for OpenSSL.
#TLSCipherSuite HIGH:MEDIUM:+SSLv2

# Specifies the path of a directory that contains Certificate Authority
# certificates in separate individual files. Usually only one of this or the
# TLSCACertificateFile is used.
#TLSCACertificateFile /etc/openldap/ssl/slapd.pem
#TLSCACertificatePath /etc/openldap/ssl

# Specifies the file that contains the slapd server certificate.
#TLSCertificateFile /etc/openldap/ssl/slapd.pem

# Specifies the file that contains the slapd server private key that matches
# the certificate stored in the TLSCertificateFile file. Currently, the private
# key must not be protected with a password, so it is of critical importance
# that it is protected carefully.
#TLSCertificateKeyFile /etc/openldap/ssl/slapd.pem

# Specifies what checks to perform on client certificates in an incoming TLS
# session, if any.
#TLSVerifyClient never


#
# [ ACCESS CONTROL ]
#
# See slapd.access(5) for details
#access to attrs=userPassword
#       by self write
#       by anonymous auth
#       by * none


#
# [ BACKEND OPTIONS ]
#
# Load dynamic backend modules:
modulepath      /usr/lib/openldap
#moduleload     back_dnssrv.la
#moduleload     back_ldap.la
moduleload      back_bdb.la
#moduleload     back_ldbm.la
#moduleload     back_meta.la
#moduleload     back_monitor.la
#moduleload     back_null.la
#moduleload     back_passwd.la
#moduleload     back_shell.la
#moduleload     back_perl.la
#moduleload     back_sql.la

# Options in this section only apply to the configuration file section for the
# specified backend. They are supported by every type of backend.
#backend ldbm
#cachesize 1000
#dbcachesize 100000
#dbsync 10 12 5


#
# [ DATABASE OPTIONS ]
#
# Mark the beginning of a new database instance definition.
#database ldbm

# Specify the DN suffix of queries that will be passed to this backend
# database. Multiple suffix lines can be given and at least one is required for
# each database definition. If the suffix of one database is "inside" that of
# another, the database with the inner suffix must come first in the
# configuration file.
#suffix "dc=example,dc=com"

# Specify the distinguished name that is not subject to access control or
# administrative limit restrictions for operations on this database. An empty
# root DN (the default) specifies no root access is to be granted. It is
# recommended that the rootdn only be specified when needed (such as when
# initially populating a database).
#rootdn "cn=admin,dc=example,dc=com"

# Specify a password (or hash of the password) for the rootdn. This option
# accepts all RFC 2307 userPassword formats known to the server (see
# password-hash desription) as well as cleartext.
#rootpw secret

# Controls whether slapd will automatically maintain the modifiersName,
# modifyTimestamp, creatorsName, and createTimestamp attributes for entries.
#lastmod on

# Specifies the maximum number of aliases to dereference when trying to resolve
# an entry, used to avoid inifinite alias loops.
#maxderefdepth 1

# This option puts the database into "read-only" mode. Any attempts to modify
# the database will return an "unwilling to perform" error.
#readonly on

# Specify a replication site for this database. Refer to the "OpenLDAP
# Administrator's Guide" for detailed information on setting up a replicated
# slapd directory service.
#replica uri=ldaps://ldap2.example.com/

# Specify the name of the replication log file to log changes to.
#replogfile /var/lib/ldap/replica/example.com.replog

# Specify that the current backend database is a subordinate of another backend
# database. A subordinate database may have only one suffix. This option may be
# used to glue multiple databases into a single namingContext.
#subordinate

# This option is only applicable in a slave slapd. It specifies the DN allowed
# to make changes to the replica
#updatedn "cn=slave,dc=example,dc=com"

# Specify the referral to pass back when slapd(8) is asked to modify a
# replicated local database. If specified multiple times, each url is provided.
#updateref "uri=ldap://ldap2.example.com"

# Specify the directory where the LDBM files containing this database and
# associated indexes live.
#directory /var/lib/ldap/bases/example.com

# Specify the indexes to maintain for the given attribute (or list of
# attributes). Some attributes only support a subset of indexes.Specify the
# indexes to maintain for the given attribute (or list of attributes). Some
# attributes only support a subset of indexes.
#index objectClass eq
#index uid pres,eq,sub
#index cn pres,eq,sub,subany

#access to *
#       by * read


#
# Next database instance
#
database bdb
suffix "dc=example,dc=com"
#rootdn "cn=admin,dc=example,dc=com"
#rootpw secret
directory /var/lib/ldap/bases/example.com

index objectClass eq
index uid pres,eq
index cn pres,eq,sub,subany
index mail pres,eq
index gosaMailDeliveryMode pres,eq,sub

access to userPassword
        by dn=".*,ou=Admins,dc=example,dc=com" write
        by dn="cn=gosa,ou=Apps,dc=example,dc=com" write
        by dn="cn=smbpasswd,ou=Apps,dc=example,dc=com" write
        by self write
        by anonymous auth
        by * none

access to *
        by dn=".*,ou=Admins,dc=example,dc=com" write
        by dn="cn=gosa,ou=Apps,dc=example,dc=com" write
        by dn="cn=smbpasswd,ou=Apps,dc=example,dc=com" write
        by * read