From 29cb588ab383ea95b534d1e1d31ad39734ac6edd Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Nicol=C3=A1s=20Reynolds?= <fauno@kiwwwi.com.ar>
Date: Sun, 24 Oct 2010 04:45:47 -0300
Subject: Added OpenLDAP overlay with %VARIABLES%

---
 overlay/etc/openldap/slapd.conf | 73 +++++++++++++++++++++++++++++++++++++++++
 1 file changed, 73 insertions(+)
 create mode 100644 overlay/etc/openldap/slapd.conf

(limited to 'overlay')

diff --git a/overlay/etc/openldap/slapd.conf b/overlay/etc/openldap/slapd.conf
new file mode 100644
index 0000000..0b0f40b
--- /dev/null
+++ b/overlay/etc/openldap/slapd.conf
@@ -0,0 +1,73 @@
+#
+# See slapd.conf(5) for details on configuration options.
+# This file should NOT be world readable.
+#
+include		/etc/openldap/schema/core.schema
+include		/etc/openldap/schema/cosine.schema
+include		/etc/openldap/schema/inetorgperson.schema
+
+# Define global ACLs to disable default read access.
+
+# Do not enable referrals until AFTER you have a working directory
+# service AND an understanding of referrals.
+#referral	ldap://root.openldap.org
+
+pidfile   /var/run/slapd.pid
+argsfile  /var/run/slapd.args
+
+# Load dynamic backend modules:
+# modulepath	/usr/sbin/openldap
+# moduleload	back_bdb.la
+# moduleload	back_hdb.la
+# moduleload	back_ldap.la
+
+# Sample security restrictions
+#	Require integrity protection (prevent hijacking)
+#	Require 112-bit (3DES or better) encryption for updates
+#	Require 63-bit encryption for simple bind
+# security ssf=1 update_ssf=112 simple_bind=64
+
+# Sample access control policy:
+#	Root DSE: allow anyone to read it
+#	Subschema (sub)entry DSE: allow anyone to read it
+#	Other DSEs:
+#		Allow self write access
+#		Allow authenticated users read access
+#		Allow anonymous users to authenticate
+#	Directives needed to implement policy:
+# access to dn.base="" by * read
+# access to dn.base="cn=Subschema" by * read
+# access to *
+#	by self write
+#	by users read
+#	by anonymous auth
+#
+# if no access controls are present, the default policy
+# allows anyone and everyone to read anything but restricts
+# updates to rootdn.  (e.g., "access to * by * read")
+#
+# rootdn can always read and write EVERYTHING!
+
+#######################################################################
+# BDB database definitions
+#######################################################################
+
+database	bdb
+suffix		"%SUFFIX%"
+rootdn		"%ROOTDN%"
+# Cleartext passwords, especially for the rootdn, should
+# be avoid.  See slappasswd(8) and slapd.conf(5) for details.
+# Use of strong authentication encouraged.
+rootpw		%ROOTPW%
+# The database directory MUST exist prior to running slapd AND 
+# should only be accessible by the slapd and slap tools.
+# Mode 700 recommended.
+directory	/var/lib/openldap/openldap-data
+# Indices to maintain
+index	objectClass	eq
+
+# Certificate/SSL Section
+TLSCipherSuite HIGH:MEDIUM:+SSLv2
+TLSCertificateFile /etc/ssl/certs/local.crt
+TLSCertificateKeyFile /etc/ssl/private/local.key
+
-- 
cgit v1.2.2