2.1.2 slapd.conf Master delta-syncrepl Openldap2.3: Difference between revisions
From SambaWiki
No edit summary |
No edit summary |
||
| (2 intermediate revisions by the same user not shown) | |||
| Line 1: | Line 1: | ||
'''2.1.2: slapd.conf Master delta-syncrepl Openldap2.3''' |
|||
This configuration file is designed to support Openldap’s newest features. We will be using delta-syncrepl which supports refreshAndPersist with performance similar to that of slurpd. |
|||
The below slapd.conf will only run on Openldap 2.3. |
|||
Take note of the “modulepath /usr/lib/openldap2.3” in the below file, you will need to change this to where you have syncprov.la located. |
|||
#slapd.conf Master delta syncrepl Openldap2.3 |
|||
#provider |
|||
include /etc/openldap/schema/core.schema |
|||
include /etc/openldap/schema/cosine.schema |
|||
include /etc/openldap/schema/inetorgperson.schema |
|||
include /etc/openldap/schema/nis.schema |
|||
include /etc/openldap/schema/samba.schema |
|||
modulepath /usr/lib/openldap2.3 |
|||
moduleload syncprov.la |
|||
moduleload accesslog.la |
|||
pidfile /var/run/slapd/slapd.pid |
|||
argsfile /var/run/slapd/slapd.args |
|||
# Accesslog database definitions |
|||
database bdb |
|||
suffix cn=accesslog |
|||
directory /var/lib/ldap/accesslog |
|||
rootdn cn=accesslog |
|||
index default eq |
|||
index entryCSN,objectClass,reqEnd,reqResult,reqStart |
|||
overlay syncprov |
|||
syncprov-nopresent TRUE |
|||
syncprov-reloadhint TRUE |
|||
# Samba database |
|||
database bdb |
|||
suffix "dc=differentialdesign,dc=org" |
|||
directory /var/lib/ldap |
|||
rootdn "cn=Manager,dc=differentialdesign,dc=org" |
|||
rootpw Manager |
|||
index entryCSN eq |
|||
index entryUUID eq |
|||
overlay syncprov |
|||
syncprov-checkpoint 1000 60 |
|||
# accesslog overlay definitions for primary db |
|||
overlay accesslog |
|||
logdb cn=accesslog |
|||
logops writes |
|||
logsuccess TRUE |
|||
# scan the accesslog DB every day, and purge entries older than 7 days |
|||
logpurge 07+00:00 01+00:00 |
|||
access to attrs=userPassword |
|||
by self write |
|||
by dn="cn=sambaadmin,dc=differentialdesign,dc=org" write |
|||
by dn="cn=syncuser,dc=differentialdesign,dc=org" read |
|||
by * auth |
|||
access to attrs=sambaLMPassword,sambaNTPassword |
|||
by dn="cn=sambaadmin,dc=differentialdesign,dc=org" write |
|||
by dn="cn=syncuser,dc=differentialdesign,dc=org" read |
|||
access to * |
|||
by dn="cn=sambaadmin,dc=differentialdesign,dc=org" write |
|||
by dn="cn=syncuser,dc=differentialdesign,dc=org" read |
|||
by * read |
|||
# Indices to maintain |
|||
index objectClass eq |
|||
index cn pres,sub,eq |
|||
index sn pres,sub,eq |
|||
index uid pres,sub,eq |
|||
index displayName pres,sub,eq |
|||
index uidNumber eq |
|||
index gidNumber eq |
|||
index memberUID eq |
|||
index sambaSID eq |
|||
index sambaPrimaryGroupSID eq |
|||
index sambaDomainName eq |
|||
index default sub |
|||