2.1.2 slapd.conf Master delta-syncrepl Openldap2.3
From SambaWiki
2.1.2: slapd.conf Master delta-syncrepl Openldap2.3
This configuration file is designed to support Openldap’s newest features. We will be using delta-syncrepl which supports refreshAndPersist with performance similar to that of slurpd.
The below slapd.conf will only run on Openldap 2.3.
Take note of the “modulepath /usr/lib/openldap2.3” in the below file, you will need to change this to where you have syncprov.la located.
#slapd.conf Master delta syncrepl Openldap2.3 #provider
include /etc/openldap/schema/core.schema include /etc/openldap/schema/cosine.schema include /etc/openldap/schema/inetorgperson.schema include /etc/openldap/schema/nis.schema include /etc/openldap/schema/samba.schema modulepath /usr/lib/openldap2.3 moduleload syncprov.la moduleload accesslog.la pidfile /var/run/slapd/slapd.pid argsfile /var/run/slapd/slapd.args # Accesslog database definitions database bdb suffix cn=accesslog directory /var/lib/ldap/accesslog rootdn cn=accesslog index default eq index entryCSN,objectClass,reqEnd,reqResult,reqStart
overlay syncprov syncprov-nopresent TRUE syncprov-reloadhint TRUE # Samba database database bdb suffix "dc=differentialdesign,dc=org" directory /var/lib/ldap rootdn "cn=Manager,dc=differentialdesign,dc=org" rootpw Manager index entryCSN eq index entryUUID eq overlay syncprov syncprov-checkpoint 1000 60 # accesslog overlay definitions for primary db overlay accesslog logdb cn=accesslog logops writes logsuccess TRUE # scan the accesslog DB every day, and purge entries older than 7 days logpurge 07+00:00 01+00:00 access to attrs=userPassword by self write by dn="cn=sambaadmin,dc=differentialdesign,dc=org" write by dn="cn=syncuser,dc=differentialdesign,dc=org" read by * auth access to attrs=sambaLMPassword,sambaNTPassword by dn="cn=sambaadmin,dc=differentialdesign,dc=org" write by dn="cn=syncuser,dc=differentialdesign,dc=org" read access to * by dn="cn=sambaadmin,dc=differentialdesign,dc=org" write by dn="cn=syncuser,dc=differentialdesign,dc=org" read by * read # Indices to maintain index objectClass eq index cn pres,sub,eq index sn pres,sub,eq index uid pres,sub,eq index displayName pres,sub,eq index uidNumber eq index gidNumber eq index memberUID eq index sambaSID eq index sambaPrimaryGroupSID eq index sambaDomainName eq index default sub