X-Git-Url: https://git.adam-barratt.org.uk/?a=blobdiff_plain;f=doc%2Fslapd-config.txt;h=cdf91916608f2ba2890fb6b6037d88fbae576687;hb=192b08454e66c7c753f47c1b4be1d89c5feac6c8;hp=1804081e6c241185b3727405b09b24c8f4c669e1;hpb=dc2644ca6761003bc2ede1d8c92235096b11c6fb;p=mirror%2Fuserdir-ldap.git

diff --git a/doc/slapd-config.txt b/doc/slapd-config.txt
index 1804081..cdf9191 100644
--- a/doc/slapd-config.txt
+++ b/doc/slapd-config.txt
@@ -1,6 +1,13 @@
 Most of the configuration of the ldap server has to do with getting correct
 access controls to keep the data safe. Here is a sample:
 
+
+# only allow plain text auth when we do crypto
+security simple_bind=128
+
+# and the database definition
+database bdb
+
 # Turn on automatic last modification time 
 lastmod on
 
@@ -42,6 +49,13 @@ access to *
         by dn="uid=admin,ou=users,dc=debian,dc=org" write
         by group="uid=admin,ou=users,dc=debian,dc=org" write
 
+# Overlays are useful to enforce constraints:
+
+moduleload /usr/lib/ldap/unique.so
+overlay unique
+unique_uri ldap:///ou=users,dc=debian,dc=org?uidNumber,uid,keyFingerPrint?sub
+unique_uri ldap:///ou=groups,dc=debian,dc=org?gidNumber,cn?sub
+
 # End----------
 
 Note that in more modern versions of slapd, the "by addr" and "by domain"