slapd.conf
#
# See slapd.conf(5) for details on configuration options.
# This file should NOT be world readable.
#
include
/etc/openldap/schema/core.schema
include
/etc/openldap/schema/cosine.schema
include
/etc/openldap/schema/inetorgperson.schema
include
/etc/openldap/schema/nis.schema
# Allow LDAPv2 client connections. This is NOT
the default.
allow bind_v2
# Do not enable referrals until AFTER you have a working
directory
# service AND an understanding of referrals.
#referral
ldap://root.openldap.org
pidfile
/var/run/openldap/slapd.pid
argsfile
/var/run/openldap/slapd.args
# Load dynamic backend modules:
# modulepath
/usr/lib/openldap
# Modules available in openldap-servers-overlays RPM package
# Module syncprov.la is now statically linked with slapd and
there
# is no need to load it here
# moduleload accesslog.la
# moduleload auditlog.la
# moduleload denyop.la
# moduleload dyngroup.la
# moduleload dynlist.la
# moduleload lastmod.la
# moduleload pcache.la
# moduleload ppolicy.la
# moduleload refint.la
# moduleload retcode.la
# moduleload rwm.la
# moduleload smbk5pwd.la
# moduleload translucent.la
# moduleload unique.la
# moduleload valsort.la
# modules available in openldap-servers-sql RPM package:
# moduleload back_sql.la
# The next three lines allow use of TLS for encrypting connections
using a
# dummy test certificate which you can generate by changing
to
# /etc/pki/tls/certs, running "make slapd.pem", and fixing
permissions on
# slapd.pem so that the ldap user or group can read
it. Your client software
# may balk at self-signed certificates, however.
# TLSCACertificateFile /etc/pki/tls/certs/ca-bundle.crt
# TLSCertificateFile /etc/pki/tls/certs/slapd.pem
# TLSCertificateKeyFile /etc/pki/tls/certs/slapd.pem
# Sample security restrictions
#
Require integrity protection (prevent hijacking)
#
Require 112-bit (3DES or better) encryption for updates
#
Require 63-bit encryption for simple bind
# security ssf=1 update_ssf=112 simple_bind=64
# Sample access control policy:
#
Root DSE: allow anyone to read it
#
Subschema (sub)entry DSE: allow anyone to read it
#
Other DSEs:
#
Allow self write access
#
Allow authenticated users read access
#
Allow anonymous users to authenticate
#
Directives needed to implement policy:
# access to dn.base="" by * read
# access to dn.base="cn=Subschema" by * read
# access to *
#
by self write
#
by users read
#
by anonymous auth
#
# if no access controls are present, the default policy
# allows anyone and everyone to read anything but restricts
# updates to rootdn. (e.g., "access to * by *
read")
#
# rootdn can always read and write EVERYTHING!
# ACL1
access to
attrs=userpassword
by
self
write
by anonymous auth
by
group.exact="cn=administrator,ou=group,dc=likegene,dc=com"
write
by
*
none
# ACL2
access to
attrs=homephone,mail,displayname
by
self
write
by group.exact="cn=administrator,ou=group,dc=
likegene
,dc=com"
write
by
*
none
# ACL3
access to
dn.subtree="ou=group,dc=ufinity,dc=com"
by
self
write
by
*
none
# ACL4
access to *
by
self
write
by group.exact="cn=administrator,ou=group,dc=
likegene
,dc=com"
write
by
users
read
by
*
none
#######################################################################
# ldbm and/or bdb database definitions
#######################################################################
database
bdb
suffix
"dc=likegene,dc=com"
rootdn
"cn=Manager,dc=likegene,dc=com"
# Cleartext passwords, especially for the rootdn, should
# be avoided. See slappasswd(8) and slapd.conf(5)
for details.
# Use of strong authentication encouraged.
#
rootpw
secret
rootpw
123456
#rootpw
{SSHA}WLaIQ1I1qUaWYpXUxUpb1u/mbhe5OyrW
# The database directory MUST exist prior to running slapd
AND
# should only be accessible by the slapd and slap tools.
# Mode 700 recommended.
directory
/etc/openldap/data
# Indices to maintain for this database
index
objectClass
eq,pres
index
ou,cn,mail,surname,givenname
eq,pres,sub
index
uidNumber,gidNumber,loginShell
eq,pres
index
uid,memberUid
eq,pres,sub
index
nisMapName,nisMapEntry
eq,pres,sub
# Replicas of this database
#replogfile /var/lib/ldap/openldap-master-replog
#replica host=ldap-1.example.com:389 starttls=critical
#
bindmethod=sasl saslmech=GSSAPI
#
authcId=host/ldap-master.example.com@EXAMPLE.COM
分享到:
相关推荐
openldap-2.3.43.tgz openldap-2.3.43.tgz
离线安装包,测试可用
离线安装包,亲测可用
资源分类:Python库 所属语言:Python 资源全名:openldap-config-parser-1.0.2.tar.gz 资源来源:官方 安装方法:https://lanzao.blog.csdn.net/article/details/101784059
compat-openldap-2.3.43-5.el7.x86_64.rpm openldap-2.4.44-21.el7_6.x86_64.rpm openldap-devel-2.4.44-21.el7_6.x86_64.rpm openldap-clients-2.4.44-21.el7_6.x86_64.rpm openldap-servers-2.4.44-21.el7_6.x86...
这个文档也是也是转载的,就是为了赚点分数
openldap入门文档,配置与安装详细资料
db-4.7.25.tar.gz freetype-2.3.5.tar.gz ...openldap-2.4.38.tgz php-5.2.9.tar.gz phpldapadmin-0.9.8.5.tar.gz zlib-1.2.8.tar 包含上述安装包,都是源码包,通过编译安装,在CentOs5.0下运行通过
openldap-2.5.4
OpenLDAP文档.pptx
主讲OpenLdap安装及配置,OpenLdap是配置ldap的服务器。
集中式认证系统(CAS,jasig组织开发的)主要用于实现单点登录。该系统常常要求连到一个集中式管理用户...本文描述了cas如何配置才能连上OpenLDAP。假设你的OpenLDAP已正确安装。文中的dc,读者可视自己的情况进行替换。
openldap ,这个压缩包十分完整,带浏览器
附近为整理好的openldap工程,可以直接在VC9上编译openldap
openldap 开启TLS全步骤
OpenLdap2.4各版本,版本根据linux版本,有的Openldap与linux不兼容。 OpenLdap2.4各版本,版本根据linux版本,有的Openldap与linux不兼容。
OpenLDAP安装配置文档 配置OpenLDAP服务器 关闭防火墙或清空防火墙规则 一、 安装 二、 配置 三、 迁移密码和shadow信息 配置OpenLDAP客户端 OpenLDAP客户端sudo提权设定
java代码操作linux上的openldap目录服务器,进行增删改查操作
openldap安装配置 java操作ldap
openldap 技术,轻量级目录访问协议。可做权限模型