# master slapd config -- for testing # $OpenLDAP$ ## This work is part of OpenLDAP Software . ## ## Copyright 1998-2011 The OpenLDAP Foundation. ## All rights reserved. ## ## Redistribution and use in source and binary forms, with or without ## modification, are permitted only as authorized by the OpenLDAP ## Public License. ## ## A copy of this license is available in the file LICENSE in the ## top-level directory of the distribution or, alternatively, at ## . #ucdata-path ./ucdata include @SCHEMADIR@/core.schema include @SCHEMADIR@/cosine.schema include @SCHEMADIR@/inetorgperson.schema include @SCHEMADIR@/openldap.schema include @SCHEMADIR@/nis.schema pidfile @TESTDIR@/slapd.1.pid argsfile @TESTDIR@/slapd.1.args #mod#modulepath ../servers/slapd/back-@BACKEND@/ #mod#moduleload back_@BACKEND@.la #ldapmod#modulepath ../servers/slapd/back-ldap/ #ldapmod#moduleload back_ldap.la #monitormod#modulepath ../servers/slapd/back-monitor/ #monitormod#moduleload back_monitor.la #rwmmod#modulepath ../servers/slapd/overlays/ #rwmmod#moduleload rwm.la ####################################################################### # database definitions ####################################################################### authz-policy both authz-regexp "^uid=admin/([^,]+),.+" "ldap:///ou=Admin,dc=example,dc=com??sub?(cn=$1)" authz-regexp "^uid=it/([^,]+),.+" "ldap:///ou=People,dc=example,dc=it??sub?(uid=$1)" authz-regexp "^uid=(us/)?([^,]+),.+" "ldap:///ou=People,dc=example,dc=com??sub?(uid=$2)" # # normal installations should protect root dse, # cn=monitor, cn=schema, and cn=config # access to attrs=userpassword by self =wx by anonymous =x access to dn.exact="" by * read access to * by users read by * search database @BACKEND@ suffix "dc=example,dc=com" rootdn "cn=Manager,dc=example,dc=com" rootpw secret #null#bind on #~null~#directory @TESTDIR@/db.1.a #indexdb#index objectClass eq #indexdb#index cn,sn,uid pres,eq,sub #ndb#dbname db_1 #ndb#include @DATADIR@/ndb.conf access to dn.exact="cn=Proxy,ou=Admin,dc=example,dc=com" attrs=authzTo by dn.exact="cn=Proxy,ou=Admin,dc=example,dc=com" =wx by * =x database @BACKEND@ suffix "dc=example,dc=it" rootdn "cn=Manager,dc=example,dc=it" rootpw secret #~null~#directory @TESTDIR@/db.2.a #indexdb#index objectClass eq #indexdb#index cn,sn,uid pres,eq,sub #ndb#dbname db_2 #ndb#include @DATADIR@/ndb.conf database ldap suffix "o=Example,c=US" uri "@URI1@" #sasl#idassert-bind bindmethod=sasl binddn="cn=Proxy US,ou=Admin,dc=example,dc=com" authcId="admin/proxy US" credentials="proxy" @SASL_MECH@ mode=self #nosasl#idassert-bind bindmethod=simple binddn="cn=Proxy US,ou=Admin,dc=example,dc=com" credentials="proxy" mode=self # authorizes database idassert-authzFrom "dn.subtree:dc=example,dc=it" overlay rwm rwm-suffixmassage "dc=example,dc=com" database ldap suffix "o=Esempio,c=IT" uri "@URI1@" acl-authcDN "cn=Proxy IT,ou=Admin,dc=example,dc=com" acl-passwd proxy idassert-bind bindmethod=simple binddn="cn=Proxy IT,ou=Admin,dc=example,dc=com" credentials="proxy" authzId="dn:cn=Sandbox,ou=Admin,dc=example,dc=com" # authorizes database idassert-authzFrom "dn.subtree:dc=example,dc=com" # authorizes anonymous idassert-authzFrom "dn.exact:" overlay rwm rwm-suffixmassage "dc=example,dc=com" access to attrs=entry,cn,sn,mail by users read access to * by dn.exact="cn=Proxy IT,ou=Admin,o=Esempio,c=IT" read by group.exact="cn=Authorizable,ou=Groups,o=Esempio,c=IT" read by dn.exact="cn=Sandbox,ou=Admin,dc=example,dc=com" search by * none #monitor#database monitor #monitor#rootdn "cn=monitor" #monitor#rootpw monitor