2.1.2 slapd.conf Master delta-syncrepl Openldap2.3: Difference between revisions

From SambaWiki
No edit summary
No edit summary
Line 1: Line 1:
[[1.0: Configuring Samba]]
'''2.1.2: slapd.conf Master delta-syncrepl Openldap2.3'''

[[2.0: Configuring LDAP]]

[[3.0: Initialization LDAP Database]]

[[4.0: User Management]]

[[5.0: Heartbeat HA Configuration]]

[[6.0: DRBD]]

[[7.0: BIND DNS]]

----


<u>'''Table of Contents'''</u>
[[2.1 slapd.conf Master]]

[[2.1.1 slapd.conf Master syncrepl Openldap2.2]]

[[2.1.2 slapd.conf Master delta-syncrepl Openldap2.3]]




This configuration file is designed to support Openldap’s newest features. We will be using delta-syncrepl which supports refreshAndPersist with performance similar to that of slurpd.
This configuration file is designed to support Openldap’s newest features. We will be using delta-syncrepl which supports refreshAndPersist with performance similar to that of slurpd.

Revision as of 13:40, 25 January 2007

1.0: Configuring Samba

2.0: Configuring LDAP

3.0: Initialization LDAP Database

4.0: User Management

5.0: Heartbeat HA Configuration

6.0: DRBD

7.0: BIND DNS



Table of Contents

2.1 slapd.conf Master

2.1.1 slapd.conf Master syncrepl Openldap2.2

2.1.2 slapd.conf Master delta-syncrepl Openldap2.3


This configuration file is designed to support Openldap’s newest features. We will be using delta-syncrepl which supports refreshAndPersist with performance similar to that of slurpd.


The below slapd.conf will only run on Openldap 2.3.

Take note of the “modulepath /usr/lib/openldap2.3” in the below file, you will need to change this to where you have syncprov.la located.

#slapd.conf Master delta syncrepl Openldap2.3
#provider

include     /etc/openldap/schema/core.schema
include     /etc/openldap/schema/cosine.schema
include     /etc/openldap/schema/inetorgperson.schema
include     /etc/openldap/schema/nis.schema
include     /etc/openldap/schema/samba.schema

modulepath /usr/lib/openldap2.3
moduleload syncprov.la
moduleload accesslog.la

pidfile     /var/run/slapd/slapd.pid
argsfile    /var/run/slapd/slapd.args

# Accesslog database definitions
database    bdb
suffix      cn=accesslog
directory   /var/lib/ldap/accesslog
rootdn      cn=accesslog
index default eq
index entryCSN,objectClass,reqEnd,reqResult,reqStart

overlay syncprov
syncprov-nopresent TRUE
syncprov-reloadhint TRUE

# Samba database
database    bdb
suffix      "dc=differentialdesign,dc=org"
directory   /var/lib/ldap
rootdn      "cn=Manager,dc=differentialdesign,dc=org"
rootpw      Manager
index entryCSN eq
index entryUUID eq

overlay syncprov
syncprov-checkpoint 1000 60

# accesslog overlay definitions for primary db
overlay accesslog
logdb cn=accesslog
logops writes
logsuccess TRUE
# scan the accesslog DB every day, and purge entries older than 7 days
logpurge 07+00:00 01+00:00

access to attrs=userPassword
        by self write
        by dn="cn=sambaadmin,dc=differentialdesign,dc=org" write
        by dn="cn=syncuser,dc=differentialdesign,dc=org" read
        by * auth

access to attrs=sambaLMPassword,sambaNTPassword
        by dn="cn=sambaadmin,dc=differentialdesign,dc=org" write
        by dn="cn=syncuser,dc=differentialdesign,dc=org" read

access to *
        by dn="cn=sambaadmin,dc=differentialdesign,dc=org" write
        by dn="cn=syncuser,dc=differentialdesign,dc=org" read
        by * read

# Indices to maintain
index objectClass           eq
index cn                    pres,sub,eq
index sn                    pres,sub,eq
index uid                   pres,sub,eq
index displayName           pres,sub,eq
index uidNumber             eq
index gidNumber             eq
index memberUID             eq
index sambaSID              eq
index sambaPrimaryGroupSID  eq
index sambaDomainName       eq
index default               sub