1 Most of the configuration of the ldap server has to do with getting correct
2 access controls to keep the data safe. Here is a sample:
4 # Turn on automatic last modification time
9 index keyfingerprint eq
10 index cn,sn approx,sub,eq
13 #rootdn "uid=admin,ou=users,dc=debian,dc=org"
16 # Restrict reading/modification of the password to administration and self
17 access to attrs=userpassword,sshrsaauthkey
19 by dn="uid=admin,ou=users,dc=debian,dc=org" write
20 by group="uid=admin,ou=users,dc=debian,dc=org" write
23 access to attrs=emailforward
24 by dn="uid=admin,ou=users,dc=debian,dc=org" write
25 by group="uid=admin,ou=users,dc=debian,dc=org" write
27 by addr=127.0.0.1 read
28 by domain=.*\.debian\.org read
30 access to attrs=c,l,loginShell,ircNick
31 by dn="uid=admin,ou=users,dc=debian,dc=org" write
32 by group="uid=admin,ou=users,dc=debian,dc=org" write
34 access to attrs=facsimileTelephoneNumber,telephoneNumber,postalAddress,postalC
35 ode,loginShell,onvacation,privateSub,latitude,longitude
36 by dn="uid=admin,ou=users,dc=debian,dc=org" write
37 by group="uid=admin,ou=users,dc=debian,dc=org" write
39 by dn="uid=.*,ou=users,dc=debian,dc=org" read
42 by dn="uid=admin,ou=users,dc=debian,dc=org" write
43 by group="uid=admin,ou=users,dc=debian,dc=org" write
45 # Overlays are useful to enforce constraints:
47 moduleload /usr/lib/ldap/unique.so
49 unique_uri ldap:///ou=users,dc=debian,dc=org?uidNumber,uid,keyFingerPrint?sub
50 unique_uri ldap:///ou=groups,dc=debian,dc=org?gidNumber,cn?sub
54 Note that in more modern versions of slapd, the "by addr" and "by domain"
55 syntax has changed and the following should be used instead:
56 by peername.ip=127.0.0.1 read
57 by domain.subtree=debian.org read
61 Here is the initial seed file to import and setup the proper entries:
73 dn: ou=users,dc=debian,dc=org
76 objectClass: organizationalUnit
78 dn: uid=admin,ou=users,dc=debian,dc=org
80 cn: LDAP administrator
82 objectClass: groupOfNames
83 userPassword: {crypt}?????
84 member: uid=jgg,ou=users,dc=debian,dc=org
85 member: uid=joey,ou=users,dc=debian,dc=org
86 member: uid=troup,ou=users,dc=debian,dc=org
87 mail: debian-admin@debian.org