|
1
|
dn: cn=config
|
|
2
|
objectClass: olcGlobal
|
|
3
|
cn: config
|
|
4
|
olcArgsFile: /var/run/slapd/slapd.args
|
|
5
|
olcPidFile: /var/run/slapd/slapd.pid
|
|
6
|
olcToolThreads: 1
|
|
7
|
olcLogLevel: none
|
|
8
|
olcServerId: 1
|
|
9
|
|
|
10
|
dn: cn=module{0},cn=config
|
|
11
|
objectClass: olcModuleList
|
|
12
|
cn: module{0}
|
|
13
|
olcModulePath: /usr/lib/ldap
|
|
14
|
olcModuleLoad: {0}back_hdb
|
|
15
|
olcModuleLoad: {1}back_monitor
|
|
16
|
olcModuleLoad: {2}back_mdb
|
|
17
|
olcModuleLoad: {3}accesslog
|
|
18
|
olcModuleLoad: {4}unique
|
|
19
|
olcModuleLoad: {5}refint
|
|
20
|
olcModuleLoad: {6}constraint
|
|
21
|
olcModuleLoad: {7}syncprov
|
|
22
|
|
|
23
|
dn: cn=schema,cn=config
|
|
24
|
objectClass: olcSchemaConfig
|
|
25
|
cn: schema
|
|
26
|
|
|
27
|
dn: olcDatabase={-1}frontend,cn=config
|
|
28
|
objectClass: olcDatabaseConfig
|
|
29
|
objectClass: olcFrontendConfig
|
|
30
|
olcDatabase: {-1}frontend
|
|
31
|
olcAccess: {0}to *
|
|
32
|
by dn.exact=gidNumber=0+uidNumber=0,cn=peercred,cn=external,cn=auth manage
|
|
33
|
by * break
|
|
34
|
olcAccess: {1}to dn.exact="" by * read
|
|
35
|
olcAccess: {2}to dn.base="cn=Subschema" by * read
|
|
36
|
olcSizeLimit: 500
|
|
37
|
|
|
38
|
dn: olcDatabase={0}config,cn=config
|
|
39
|
objectClass: olcDatabaseConfig
|
|
40
|
olcDatabase: {0}config
|
|
41
|
olcAccess: {0}to *
|
|
42
|
by dn.exact=gidNumber=0+uidNumber=0,cn=peercred,cn=external,cn=auth manage
|
|
43
|
by * break
|
|
44
|
olcRootDN: cn=admin,cn=config
|
|
45
|
|
|
46
|
dn: olcDatabase={1}mdb,cn=config
|
|
47
|
objectClass: olcDatabaseConfig
|
|
48
|
objectClass: olcMdbConfig
|
|
49
|
olcSuffix: cn=config-accesslog
|
|
50
|
olcDbDirectory: /var/lib/ldap/config-accesslog/
|
|
51
|
# Allow reading accesslog only by root
|
|
52
|
olcAccess: {0}to *
|
|
53
|
by dn.exact="gidNumber=0+uidNumber=0,cn=peercred,cn=external,cn=auth" read
|
|
54
|
by * break
|
|
55
|
|
|
56
|
dn: olcDatabase={1}monitor,cn=config
|
|
57
|
objectClass: olcDatabaseConfig
|
|
58
|
objectClass: olcMonitorConfig
|
|
59
|
olcDatabase: {1}monitor
|
|
60
|
# Allow reading monitoring only by root
|
|
61
|
olcAccess: {0}to *
|
|
62
|
by dn.exact="gidNumber=0+uidNumber=0,cn=peercred,cn=external,cn=auth" read
|
|
63
|
by * break
|
|
64
|
|
|
65
|
# Log all writes to the configuration
|
|
66
|
dn: olcOverlay={0}accesslog,olcDatabase={0}config,cn=config
|
|
67
|
objectClass: olcAccesslogConfig
|
|
68
|
objectClass: olcOverlayConfig
|
|
69
|
objectClass: olcConfig
|
|
70
|
objectClass: top
|
|
71
|
olcOverlay: {0}accesslog
|
|
72
|
olcAccessLogDB: cn=config-accesslog
|
|
73
|
olcAccessLogOps: writes
|
|
74
|
# log are conserved one year and purged every day
|
|
75
|
olcAccessLogPurge: 365+00:00 1+00:00
|
|
76
|
olcAccessLogOld: objectClass=olcConfig
|