slapd.conf 2.2 KB

1234567891011121314151617181920212223242526272829303132333435363738394041424344454647484950515253545556575859606162636465666768
  1. #
  2. # See slapd.conf(5) for details on configuration options.
  3. # This file should NOT be world readable.
  4. #
  5. include /private/etc/openldap/schema/core.schema
  6. include /private/etc/openldap/schema/cosine.schema
  7. include /private/etc/openldap/schema/inetorgperson.schema
  8. # Define global ACLs to disable default read access.
  9. # Do not enable referrals until AFTER you have a working directory
  10. # service AND an understanding of referrals.
  11. #referral ldap://root.openldap.org
  12. pidfile /private/var/db/openldap/run/slapd.pid
  13. argsfile /private/var/db/openldap/run/slapd.args
  14. # Load dynamic backend modules:
  15. # modulepath /usr/libexec/openldap
  16. # moduleload back_bdb.la
  17. # moduleload back_hdb.la
  18. # moduleload back_ldap.la
  19. # Sample security restrictions
  20. # Require integrity protection (prevent hijacking)
  21. # Require 112-bit (3DES or better) encryption for updates
  22. # Require 63-bit encryption for simple bind
  23. # security ssf=1 update_ssf=112 simple_bind=64
  24. # Sample access control policy:
  25. # Root DSE: allow anyone to read it
  26. # Subschema (sub)entry DSE: allow anyone to read it
  27. # Other DSEs:
  28. # Allow self write access
  29. # Allow authenticated users read access
  30. # Allow anonymous users to authenticate
  31. # Directives needed to implement policy:
  32. # access to dn.base="" by * read
  33. # access to dn.base="cn=Subschema" by * read
  34. # access to *
  35. # by self write
  36. # by users read
  37. # by anonymous auth
  38. #
  39. # if no access controls are present, the default policy
  40. # allows anyone and everyone to read anything but restricts
  41. # updates to rootdn. (e.g., "access to * by * read")
  42. #
  43. # rootdn can always read and write EVERYTHING!
  44. #######################################################################
  45. # BDB database definitions
  46. #######################################################################
  47. database bdb
  48. suffix "dc=enterprise,dc=org"
  49. rootdn "cn=admin,dc=enterprise,dc=org"
  50. # Cleartext passwords, especially for the rootdn, should
  51. # be avoid. See slappasswd(8) and slapd.conf(5) for details.
  52. # Use of strong authentication encouraged.
  53. rootpw {SSHA}laO00HsgszhK1O0Z5qR0/i/US69Osfeu
  54. # The database directory MUST exist prior to running slapd AND
  55. # should only be accessible by the slapd and slap tools.
  56. # Mode 700 recommended.
  57. directory /private/var/db/openldap/openldap-data
  58. # Indices to maintain
  59. index objectClass eq