1 Most of the configuration of the ldap server has to do with getting correct
2 access controls to keep the data safe. Here is a sample:
5 # only allow plain text auth when we do crypto
6 security simple_bind=128
8 # and the database definition
11 # Turn on automatic last modification time
16 index keyfingerprint eq
17 index cn,sn approx,sub,eq
20 #rootdn "uid=admin,ou=users,dc=debian,dc=org"
23 # Restrict reading/modification of the password to administration and self
24 access to attrs=userpassword,sshrsaauthkey
26 by dn="uid=admin,ou=users,dc=debian,dc=org" write
27 by group="uid=admin,ou=users,dc=debian,dc=org" write
30 access to attrs=emailforward
31 by dn="uid=admin,ou=users,dc=debian,dc=org" write
32 by group="uid=admin,ou=users,dc=debian,dc=org" write
34 by addr=127.0.0.1 read
35 by domain=.*\.debian\.org read
37 access to attrs=c,l,loginShell,ircNick
38 by dn="uid=admin,ou=users,dc=debian,dc=org" write
39 by group="uid=admin,ou=users,dc=debian,dc=org" write
41 access to attrs=facsimileTelephoneNumber,telephoneNumber,postalAddress,postalC
42 ode,loginShell,onvacation,privateSub,latitude,longitude
43 by dn="uid=admin,ou=users,dc=debian,dc=org" write
44 by group="uid=admin,ou=users,dc=debian,dc=org" write
46 by dn="uid=.*,ou=users,dc=debian,dc=org" read
49 by dn="uid=admin,ou=users,dc=debian,dc=org" write
50 by group="uid=admin,ou=users,dc=debian,dc=org" write
52 # Overlays are useful to enforce constraints:
54 moduleload /usr/lib/ldap/unique.so
56 unique_uri ldap:///ou=users,dc=debian,dc=org?uidNumber,uid,keyFingerPrint?sub
57 unique_uri ldap:///ou=groups,dc=debian,dc=org?gidNumber,cn?sub
61 Note that in more modern versions of slapd, the "by addr" and "by domain"
62 syntax has changed and the following should be used instead:
63 by peername.ip=127.0.0.1 read
64 by domain.subtree=debian.org read
68 Here is the initial seed file to import and setup the proper entries:
80 dn: ou=users,dc=debian,dc=org
83 objectClass: organizationalUnit
85 dn: uid=admin,ou=users,dc=debian,dc=org
87 cn: LDAP administrator
89 objectClass: groupOfNames
90 userPassword: {crypt}?????
91 member: uid=jgg,ou=users,dc=debian,dc=org
92 member: uid=joey,ou=users,dc=debian,dc=org
93 member: uid=troup,ou=users,dc=debian,dc=org
94 mail: debian-admin@debian.org