summaryrefslogtreecommitdiffstats
path: root/confskel/openldap
diff options
context:
space:
mode:
Diffstat (limited to 'confskel/openldap')
-rw-r--r--confskel/openldap/ldap/slapd.conf95
-rw-r--r--confskel/openldap/ldap/slapd.defaults25
2 files changed, 120 insertions, 0 deletions
diff --git a/confskel/openldap/ldap/slapd.conf b/confskel/openldap/ldap/slapd.conf
new file mode 100644
index 0000000..35e8bf2
--- /dev/null
+++ b/confskel/openldap/ldap/slapd.conf
@@ -0,0 +1,95 @@
+#
+# TDE slapd.conf template
+#
+include /etc/ldap/schema/core.schema
+include /etc/ldap/schema/cosine.schema
+include /etc/ldap/schema/inetorgperson.schema
+include /etc/ldap/schema/rfc2307bis.schema
+include /etc/ldap/schema/rfc2739.schema
+include /etc/ldap/schema/samba.schema
+include /etc/ldap/schema/qmail.schema
+include /etc/ldap/schema/hdb.schema
+include /etc/ldap/schema/dlz.schema
+include /etc/ldap/schema/dhcp.schema
+include /etc/ldap/schema/amavis.schema
+include /etc/ldap/schema/ppolicy.schema
+
+pidfile /opt/zivios/openldap/var/run/slapd.pid
+argsfile /opt/zivios/openldap/var/run/slapd.args
+
+allow bind_v2
+loglevel 256
+
+modulepath /usr/lib/ldap
+moduleload back_hdb
+moduleload syncprov
+moduleload back_monitor
+moduleload auditlog
+moduleload smbk5pwd
+moduleload unique
+moduleload ppolicy
+
+sizelimit 500
+tool-threads 1
+
+backend hdb
+
+database monitor
+database config
+rootdn cn=config
+rootpw {SHA}@@@ROOTPW_SHA@@@
+
+database hdb
+overlay syncprov
+overlay auditlog
+overlay smbk5pwd
+overlay unique
+overlay ppolicy
+
+auditlog "/var/log/realmauditlog.txt"
+suffix "@@@REALM_DCNAME@@@"
+rootdn "cn=@@@ROOTUSER@@@,@@@REALM_DCNAME@@@"
+rootpw {SHA}@@@ROOTPW_SHA@@@
+
+checkpoint 512 30
+directory "/var/ldap-realm-database"
+
+dbconfig set_cachesize 0 2097152 0
+dbconfig set_lk_max_objects 1500
+dbconfig set_lk_max_locks 1500
+dbconfig set_lk_max_lockers 1500
+
+index accountStatus eq
+index mailHost eq
+index cn eq,pres,subinitial
+index mail eq,pres
+index mailAlternateAddress eq,pres
+index objectClass eq
+index uid pres,eq
+index uidNumber eq
+index gidNumber eq
+
+lastmod on
+unique_attributes mail uid uidNumber
+
+TLSCertificateFile /etc/trinity/ldap/tde-ca/public/@@@ADMINSERVER@@@.crt
+TLSCertificateKeyFile /etc/trinity/ldap/tde-ca/private/@@@ADMINSERVER@@@.key
+
+sasl-realm @@@REALM_UCNAME@@@
+sasl-host @@@ADMINSERVER@@@
+sasl-secprops minssf=0
+
+authz-regexp uid=(.*),cn=@@@REALM_LCNAME@@@,cn=gssapi,cn=auth ldap:///@@@REALM_DCNAME@@@??sub?(&(uid=$1)(objectClass=posixAccount))
+authz-regexp "gidNumber=.*+uidNumber=0,cn=peercred,cn=external,cn=auth" "uid=@@@ADMINUSER@@@,ou=users,ou=core,ou=realm,@@@REALM_DCNAME@@@"
+
+#
+# ACL Section
+#
+access to attrs=userPassword,shadowLastChange,krb5Key,krb5PrincipalName,krb5KeyVersionNumber,krb5MaxLife,krb5MaxRenew,krb5KDCFlags
+ by dn="uid=@@@ADMINUSER@@@,ou=users,ou=core,ou=realm,@@@REALM_DCNAME@@@" write
+ by sockurl.regex="^ldapi:///$" write
+ by anonymous auth
+ by self write
+ by * none
+
+access to dn="" by * read
diff --git a/confskel/openldap/ldap/slapd.defaults b/confskel/openldap/ldap/slapd.defaults
new file mode 100644
index 0000000..91ddb31
--- /dev/null
+++ b/confskel/openldap/ldap/slapd.defaults
@@ -0,0 +1,25 @@
+###
+# Enable the daemon.
+###
+START="yes"
+
+###
+# Keytab
+###
+export KRB5_KTNAME=/etc/ldap/ldap.keytab
+
+###
+# Services
+###
+SLAPD_SERVICES="ldap:/// ldaps:/// ldapi:///"
+
+###
+# Additional Options
+# @todo: pass user & group for service.
+###
+SLAPD_OPTIONS=""
+
+###
+# SLAPD Configuration
+###
+SLAPD_CONF="/etc/ldap/slapd.d"
generated by cgit v1.2.1 (git 2.18.0) at 2024-11-13 08:57:47 +0000