Difference between revisions of "2.1.2 slapd.conf Master delta-syncrepl Openldap2.3"

 
 
(2 intermediate revisions by the same user not shown)
Line 1: Line 1:
'''2.1.2: slapd.conf Master delta-syncrepl Openldap2.3'''
 
  
This configuration file is designed to support Openldap’s newest features.  We will be using delta-syncrepl which supports refreshAndPersist with performance similar to that of slurpd.
 
 
The below slapd.conf will only run on Openldap 2.3.
 
 
Take note of the “modulepath /usr/lib/openldap2.3” in the below file, you will need to change this to where you have syncprov.la located.
 
 
#slapd.conf Master delta syncrepl Openldap2.3
 
#provider
 
 
include    /etc/openldap/schema/core.schema
 
include    /etc/openldap/schema/cosine.schema
 
include    /etc/openldap/schema/inetorgperson.schema
 
include    /etc/openldap/schema/nis.schema
 
include    /etc/openldap/schema/samba.schema
 
 
modulepath /usr/lib/openldap2.3
 
moduleload syncprov.la
 
moduleload accesslog.la
 
 
pidfile    /var/run/slapd/slapd.pid
 
argsfile    /var/run/slapd/slapd.args
 
 
# Accesslog database definitions
 
database    bdb
 
suffix      cn=accesslog
 
directory  /var/lib/ldap/accesslog
 
rootdn      cn=accesslog
 
index default eq
 
index entryCSN,objectClass,reqEnd,reqResult,reqStart
 
 
overlay syncprov
 
syncprov-nopresent TRUE
 
syncprov-reloadhint TRUE
 
 
# Samba database
 
database    bdb
 
suffix      "dc=differentialdesign,dc=org"
 
directory  /var/lib/ldap
 
rootdn      "cn=Manager,dc=differentialdesign,dc=org"
 
rootpw      Manager
 
index entryCSN eq
 
index entryUUID eq
 
 
overlay syncprov
 
syncprov-checkpoint 1000 60
 
 
# accesslog overlay definitions for primary db
 
overlay accesslog
 
logdb cn=accesslog
 
logops writes
 
logsuccess TRUE
 
# scan the accesslog DB every day, and purge entries older than 7 days
 
logpurge 07+00:00 01+00:00
 
 
access to attrs=userPassword
 
        by self write
 
        by dn="cn=sambaadmin,dc=differentialdesign,dc=org" write
 
        by dn="cn=syncuser,dc=differentialdesign,dc=org" read
 
        by * auth
 
 
access to attrs=sambaLMPassword,sambaNTPassword
 
        by dn="cn=sambaadmin,dc=differentialdesign,dc=org" write
 
        by dn="cn=syncuser,dc=differentialdesign,dc=org" read
 
 
access to *
 
        by dn="cn=sambaadmin,dc=differentialdesign,dc=org" write
 
        by dn="cn=syncuser,dc=differentialdesign,dc=org" read
 
        by * read
 
 
# Indices to maintain
 
index objectClass          eq
 
index cn                    pres,sub,eq
 
index sn                    pres,sub,eq
 
index uid                  pres,sub,eq
 
index displayName          pres,sub,eq
 
index uidNumber            eq
 
index gidNumber            eq
 
index memberUID            eq
 
index sambaSID              eq
 
index sambaPrimaryGroupSID  eq
 
index sambaDomainName      eq
 
index default              sub
 

Latest revision as of 12:02, 11 February 2007