# See slapd.conf(5) for details on configuration options. -*- conf -*- # This file should NOT be world readable. include /etc/openldap/schema/core.schema include /etc/openldap/schema/cosine.schema include /etc/openldap/schema/inetorgperson.schema include /etc/openldap/schema/rfc2307bis.schema include /etc/openldap/schema/yast.schema # Define global ACLs to disable default read access. # Do not enable referrals until AFTER you have a working directory # service AND an understanding of referrals. #referral ldap://root.openldap.org pidfile /var/run/slapd/slapd.pid argsfile /var/run/slapd/slapd.args # Load dynamic backend modules: modulepath /usr/lib/openldap/modules # moduleload back_ldap.la # moduleload back_meta.la # moduleload back_monitor.la # moduleload back_perl.la # unique ID for this LDAP server serverID 001 # LDAP server logging level loglevel stats # loglevel none access to dn.base="" by * read access to dn.base="cn=Subschema" by * read access to attrs=userPassword,userPKCS12 by self write by * auth access to attrs=shadowLastChange by self write by * read access to * by * read # Deltalog database definitions database hdb cachesize 200000 suffix cn=deltalog directory /var/lib/ldap/deltalog rootdn cn=deltalog index default eq index entryCSN,objectClass,reqEnd,reqResult,reqStart overlay syncprov syncprov-nopresent TRUE syncprov-reloadhint TRUE # Let the replica DN have limitless searches # limits dn.exact="cn=replicator,dc=symas,dc=net" time.soft=unlimited time.hard=unlimited size.soft=unlimited size.hard=unlimited # Primary database definitions database bdb cachesize 200000 directory /var/lib/ldap/ suffix "dc=skybert,dc=net" rootdn "cn=Manager,dc=skybert,dc=net" rootpw secret ## Whatever other configuration options are desired # syncprov specific indexing index entryCSN eq index entryUUID eq # ECE specific indexes index objectClass,uid,member eq index cn,mail,sn,givenname eq,subinitial # syncrepl Provider for primary db overlay syncprov syncprov-checkpoint 1000 60 # deltalog overlay definitions for primary db overlay deltalog logdb cn=deltalog logops writes logsuccess TRUE # scan the deltalog DB every day, and purge entries older than 7 days logpurge 07+00:00 01+00:00 # Let the replica DN have limitless searches # limits dn.exact="cn=replicator,dc=symas,dc=net" time.soft=unlimited time.hard=unlimited size.soft=unlimited size.hard=unlimited # We're running in multi master mode, this is the other master(s). Not # that we're using the other server's delta log as the base of our # search. syncrepl rid=000 provider=ldap://ldap2.skybert.net type=refreshAndPersist retry="5 5 300 +" searchbase="dc=skybert,dc=net" attrs="*,+" bindmethod=simple binddn="cn=Manager,dc=skybert,dc=net" credentials="secret" logbase="cn=deltalog" logfilter="(&(objectClass=auditWriteObject)(reqResult=0))" syncdata=deltalog # mirror mode essential to allow writes # and must appear after all syncrepl directives mirrormode TRUE # define the provider to use the syncprov overlay (last directives in # database section) overlay syncprov # contextCSN saved to database every 100 updates or ten minutes syncprov-checkpoint 100 10