/usr/share/debian-lan-config/fai/config/files/etc/ldap/slapd.conf/SERVER_A is in debian-lan-config 0.19+deb8u1.
This file is owned by root:root, with mode 0o644.
The actual contents of the file can be viewed below.
1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45 46 47 48 49 50 51 52 53 54 55 56 57 58 59 60 61 62 63 64 65 66 67 68 69 70 71 72 73 74 75 76 77 78 79 80 81 82 83 84 85 86 87 88 89 90 91 92 93 94 95 96 97 98 99 100 101 102 103 104 105 106 107 108 109 110 111 112 113 114 115 116 117 118 119 120 121 122 123 124 125 | #######################################################################
# Global Directives:
# Schema and objectClass definitions
include /etc/ldap/schema/core.schema
include /etc/ldap/schema/cosine.schema
include /etc/ldap/schema/nis.schema
include /etc/ldap/schema/inetorgperson.schema
include /etc/ldap/schema/kerberos.schema
include /etc/ldap/schema/autofs.schema
# Where the pid file is put. The init.d script
# will not stop the server if you change this.
pidfile /var/run/slapd/slapd.pid
# List of arguments that were passed to the server
argsfile /var/run/slapd/slapd.args
# Read slapd.conf(5) for possible values
loglevel none
# TLS/SSL
TLSCACertificateFile /etc/ldap/slapd.crt
TLSCertificateKeyFile /etc/ldap/slapd.key
TLSCertificateFile /etc/ldap/slapd.crt
TLSVerifyClient try
modulepath /usr/lib/ldap
moduleload back_hdb
# The maximum number of entries that is returned for a search operation
sizelimit 500
# The tool-threads parameter sets the actual amount of cpu's that is used
# for indexing.
tool-threads 1
defaultsearchbase "dc=intern"
security update_ssf=128 simple_bind=128
# Access via ldapi/unix socket is assumed to have 128 bit encryption.
# This is required to allow the Kerberos KDC to connect:
localssf 128
backend hdb
#######################################################################
#######################################################################
database hdb
# First database
suffix "dc=intern"
rootdn "cn=admin,dc=intern"
# Where the database file are physically stored
directory "/var/lib/ldap"
# The dbconfig settings are used to generate a DB_CONFIG file the first
# time slapd starts. They do NOT override existing an existing DB_CONFIG
# file. You should therefore change these settings in DB_CONFIG directly
# or remove DB_CONFIG and restart slapd for changes to take effect.
# For the Debian package we use 2MB as default but be sure to update this
# value if you have plenty of RAM
dbconfig set_cachesize 0 2097152 0
# Number of objects that can be locked at the same time.
dbconfig set_lk_max_objects 1500
# Number of locks (both requested and granted)
dbconfig set_lk_max_locks 1500
# Number of lockers
dbconfig set_lk_max_lockers 1500
# Indices to maintain
index default eq
index objectClass
index ou
index uidNumber
index gidNumber
index memberUid
index uniqueMember
index krbPwdPolicyReference
index krbPrincipalName pres,sub,eq
index cn pres,sub,eq
index uid pres,sub,eq
# Save the time that the entry gets modified, for database #1
lastmod on
# Checkpoint the BerkeleyDB database periodically in case of system
# failure and to speed slapd shutdown.
checkpoint 512 30
## map authentication via gssapi on user dn:
authz-regexp "uid=([^,]*),cn=gssapi,cn=auth"
"ldap:///dc=intern??sub?(uid=$1)"
authz-regexp "uid=([^,]*),cn=gss-spnego,cn=auth"
"ldap:///dc=intern??sub?(uid=$1)"
authz-regexp "uid=([^,]*),cn=intern,cn=gssapi,cn=auth"
"ldap:///dc=intern??sub?(uid=$1)"
access to attrs=userPassword
by anonymous auth
by self write
by * none
################# Kerberos-KDC access ##################
access to dn.subtree="cn=kerberos,dc=intern"
by dn.exact="cn=kdc,cn=kerberos,dc=intern" read
by dn.exact="cn=kadmin,cn=kerberos,dc=intern" write
by * none
access to attrs=krbPrincipalName,krbLastPwdChange,krbPrincipalKey,krbExtraData
by dn.exact="cn=kdc,cn=kerberos,dc=intern" read
by dn.exact="cn=kadmin,cn=kerberos,dc=intern" write
by self read
by * auth
## Default access; kadmin needs full access:
access to *
by dn.exact="cn=kadmin,cn=kerberos,dc=intern" write
by * read
|