# # TDE slapd.conf template # include /etc/ldap/schema/core.schema include /etc/ldap/schema/cosine.schema include /etc/ldap/schema/inetorgperson.schema include /etc/ldap/schema/rfc2307bis.schema include /etc/ldap/schema/rfc2739.schema include /etc/ldap/schema/samba.schema include /etc/ldap/schema/qmail.schema include /etc/ldap/schema/hdb.schema include /etc/ldap/schema/dlz.schema include /etc/ldap/schema/dhcp.schema include /etc/ldap/schema/amavis.schema include /etc/ldap/schema/ppolicy.schema pidfile /opt/zivios/openldap/var/run/slapd.pid argsfile /opt/zivios/openldap/var/run/slapd.args allow bind_v2 loglevel 256 modulepath /usr/lib/ldap moduleload back_hdb moduleload syncprov moduleload back_monitor moduleload auditlog moduleload smbk5pwd moduleload unique moduleload ppolicy sizelimit 500 tool-threads 1 backend hdb database monitor database config rootdn cn=config rootpw {SHA}@@@ROOTPW_SHA@@@ database hdb overlay syncprov overlay auditlog overlay smbk5pwd overlay unique overlay ppolicy auditlog "/var/log/realmauditlog.txt" suffix "@@@REALM_DCNAME@@@" rootdn "cn=@@@ROOTUSER@@@,@@@REALM_DCNAME@@@" rootpw {SHA}@@@ROOTPW_SHA@@@ checkpoint 512 30 directory "/var/ldap-realm-database" dbconfig set_cachesize 0 2097152 0 dbconfig set_lk_max_objects 1500 dbconfig set_lk_max_locks 1500 dbconfig set_lk_max_lockers 1500 index accountStatus eq index mailHost eq index cn eq,pres,subinitial index mail eq,pres index mailAlternateAddress eq,pres index objectClass eq index uid pres,eq index uidNumber eq index gidNumber eq lastmod on unique_attributes mail uid uidNumber TLSCertificateFile /etc/trinity/ldap/tde-ca/public/@@@ADMINSERVER@@@.crt TLSCertificateKeyFile /etc/trinity/ldap/tde-ca/private/@@@ADMINSERVER@@@.key sasl-realm @@@REALM_UCNAME@@@ sasl-host @@@ADMINSERVER@@@ sasl-secprops minssf=0 authz-regexp uid=(.*),cn=@@@REALM_LCNAME@@@,cn=gssapi,cn=auth ldap:///@@@REALM_DCNAME@@@??sub?(&(uid=$1)(objectClass=posixAccount)) authz-regexp "gidNumber=.*+uidNumber=0,cn=peercred,cn=external,cn=auth" "uid=@@@ADMINUSER@@@,ou=users,ou=core,ou=realm,@@@REALM_DCNAME@@@" # # ACL Section # access to attrs=userPassword,shadowLastChange,krb5Key,krb5PrincipalName,krb5KeyVersionNumber,krb5MaxLife,krb5MaxRenew,krb5KDCFlags by dn="uid=@@@ADMINUSER@@@,ou=users,ou=core,ou=realm,@@@REALM_DCNAME@@@" write by sockurl.regex="^ldapi:///$" write by anonymous auth by self write by * none access to dn="" by * read