1 Most of the configuration of the ldap server has to do with getting correct
2 access controls to keep the data safe. Here is a sample:
5 # only allow plain text auth when we do crypto
6 security simple_bind=128
8 # and the database definition
9 include /etc/ldap/userdir-ldap-slapd.conf
11 # Overlays are useful to enforce constraints:
13 moduleload /usr/lib/ldap/unique.so
15 unique_uri ldap:///ou=users,dc=debian,dc=org?uidNumber,uid,keyFingerPrint?sub
16 unique_uri ldap:///ou=groups,dc=debian,dc=org?gidNumber,cn?sub
18 # Constraints are useful
19 moduleload /usr/lib/ldap/constraint.so
21 constraint_attribute mailContentInspectionAction regex ^([mM][aA][rR][kK][uU][pP]|[bB][lL][aA][cC][kK][hH][oO][lL][eE]|[rR][eE][jJ][eE][cC][tT])$
25 Note that in more modern versions of slapd, the "by addr" and "by domain"
26 syntax has changed and the following should be used instead:
27 by peername.ip=127.0.0.1 read
28 by domain.subtree=debian.org read
32 Here is the initial seed file to import and setup the proper entries:
44 dn: ou=users,dc=debian,dc=org
47 objectClass: organizationalUnit
49 dn: uid=admin,ou=users,dc=debian,dc=org
51 cn: LDAP administrator
53 objectClass: groupOfNames
54 userPassword: {crypt}?????
55 member: uid=jgg,ou=users,dc=debian,dc=org
56 member: uid=joey,ou=users,dc=debian,dc=org
57 member: uid=troup,ou=users,dc=debian,dc=org
58 mail: debian-admin@debian.org