userdir-ldap-slapd.conf.in

   1 # The backend type, ldbm, is the default standard
   2 database bdb
   3
   4 # The base of your directory
   5 suffix          "@@DN@@"
   6
   7 # Where the database file are physically stored
   8 directory       "/var/lib/ldap"
   9
  10 # Indexing options
  11 index uid eq
  12 index keyfingerprint eq
  13 index cn,sn sub,eq
  14 index dnsZoneEntry eq
  15 index uidNumber eq
  16 index gidNumber eq
  17 index ircNick sub,eq
  18 index c eq
  19 index gender eq
  20 index birthDate eq
  21
  22 # Don't limit queries to the default of 500
  23 sizelimit 10000
  24
  25 # Save the time that the entry gets modified
  26 lastmod on
  27
  28 # owner writeable
  29 access to attrs=userPassword,sshrsaauthkey
  30         by group="cn=LDAP Administrator,ou=users,@@DN@@" write
  31         by dn="uid=sshdist,ou=users,@@DN@@"  write
  32         by self write
  33         by * compare
  34
  35 # debian readable
  36 access to attrs=activity-pgp,activity-from,dnsZoneEntry
  37         by group="cn=LDAP Administrator,ou=users,@@DN@@" write
  38         by dn="uid=sshdist,ou=users,@@DN@@" write
  39         by peername.ip=127.0.0.1 read
  40         by domain=alioth.debian.org none
  41         by domain.subtree=@@DOMAIN@@ read
  42         by dn.regex="uid=.*,ou=users,@@DN@@" read
  43         by * none
  44
  45 # owner writeable, debian readable, authenticated user readable
  46 access to attrs=c,l,loginShell,ircNick,labeledURI,icqUIN,jabberJID,onVacation,birthDate,mailDisableMessage,gender,emailforward,mailCallout,mailGreylisting,mailRBL,mailRHSBL,mailWhitelist
  47         by group="cn=LDAP Administrator,ou=users,@@DN@@" write
  48         by dn="uid=sshdist,ou=users,@@DN@@" write
  49         by self write
  50         by dn.regex="uid=.*,ou=users,@@DN@@" read
  51         by peername.ip=127.0.0.1 read
  52         by domain=alioth.debian.org none
  53         by domain.subtree=@@DOMAIN@@ read
  54         by * none
  55
  56 # owner writeable, authenticated user readable
  57 access to attrs=facsimileTelephoneNumber,telephoneNumber,postalAddress,postalCode,loginShell,onVacation,privateSub,latitude,longitude,VoIP
  58         by group="cn=LDAP Administrator,ou=users,@@DN@@" write
  59         by dn="uid=sshdist,ou=users,@@DN@@" write
  60         by self write
  61         by dn.regex="uid=.*,ou=users,@@DN@@" read
  62         by * none
  63
  64 # globally readable
  65 access to *
  66         by group="cn=LDAP Administrator,ou=users,@@DN@@" write
  67         by dn="uid=sshdist,ou=users,@@DN@@" write
  68         by * read