# vi /etc/openldap/slapd.conf
# Schema
include /etc/openldap/schema/core.schema
include /etc/openldap/schema/cosine.schema
include /etc/openldap/schema/inetorgperson.schema
include /etc/openldap/schema/nis.schema
# Others
allow bind_v2
pidfile /var/run/openldap/slapd.pid
argsfile /var/run/openldap/slapd.args
# SSL/TLS
TLSCACertificateFile /etc/pki/tls/certs/ca-bundle.crt
TLSCertificateFile /etc/pki/tls/certs/slapd.pem
TLSCertificateKeyFile /etc/pki/tls/certs/slapd.pem
# Access Control
access to attrs=userPassword
by dn="cn=Manager,dc=my-company,dc=com" write
by self write
by anonymous auth
by * none
access to *
by dn="cn=Manager,dc=my-company,dc=com" write
by self write
by * read
# root suffix
database bdb
suffix "dc=my-company,dc=com"
rootdn "cn=Manager,dc=my-company,dc=net"
rootpw {SSHA}QyhR2cIOifrvls9af4Xr9bMo4337EMfL
directory /var/lib/ldap
# Index
index objectClass eq,pres
index ou,cn,mail,surname,givenname eq,pres,sub
index uidNumber,gidNumber,loginShell eq,pres
index uid,memberUid eq,pres,sub
index nisMapName,nisMapEntry eq,pres,sub
# chgrp ldap /etc/openldap/slapd.conf
# chmod g+r /etc/openldap/slapd.conf
最新コメント