projects
/
mirror
/
userdir-ldap.git
/ blobdiff
commit
grep
author
committer
pickaxe
?
search:
re
summary
|
shortlog
|
log
|
commit
|
commitdiff
|
tree
raw
|
inline
| side by side
add "security simple_bind=128" to sample slapd.conf.
[mirror/userdir-ldap.git]
/
doc
/
slapd-config.txt
diff --git
a/doc/slapd-config.txt
b/doc/slapd-config.txt
index
41b42f9
..
cdf9191
100644
(file)
--- a/
doc/slapd-config.txt
+++ b/
doc/slapd-config.txt
@@
-1,6
+1,13
@@
Most of the configuration of the ldap server has to do with getting correct
access controls to keep the data safe. Here is a sample:
Most of the configuration of the ldap server has to do with getting correct
access controls to keep the data safe. Here is a sample:
+
+# only allow plain text auth when we do crypto
+security simple_bind=128
+
+# and the database definition
+database bdb
+
# Turn on automatic last modification time
lastmod on
# Turn on automatic last modification time
lastmod on
@@
-42,8
+49,22
@@
access to *
by dn="uid=admin,ou=users,dc=debian,dc=org" write
by group="uid=admin,ou=users,dc=debian,dc=org" write
by dn="uid=admin,ou=users,dc=debian,dc=org" write
by group="uid=admin,ou=users,dc=debian,dc=org" write
+# Overlays are useful to enforce constraints:
+
+moduleload /usr/lib/ldap/unique.so
+overlay unique
+unique_uri ldap:///ou=users,dc=debian,dc=org?uidNumber,uid,keyFingerPrint?sub
+unique_uri ldap:///ou=groups,dc=debian,dc=org?gidNumber,cn?sub
+
# End----------
# End----------
+Note that in more modern versions of slapd, the "by addr" and "by domain"
+syntax has changed and the following should be used instead:
+ by peername.ip=127.0.0.1 read
+ by domain.subtree=debian.org read
+
+
+
Here is the initial seed file to import and setup the proper entries:
dn: dc=org
Here is the initial seed file to import and setup the proper entries:
dn: dc=org