sin/samba-mirror
1
0
Fork 0
mirror of https://github.com/samba-team/samba.git synced 2025-02-05 21:57:51 +03:00
Code
samba-mirror/source4/setup/slapd.conf
Andrew Bartlett ebe1e923c8 s4:provision: use extended_dn_out_ldb or extended_dn_out_dereference depending on the backend 
This just changes the existing stratagy of loading different modules
for the OpenLDAP backend to also include extended_dn_out_*

When we provision the OpenLDAP backend, we make sure to include the
'deref' overlay (which must be made available by the OpenLDAP build)

Signed-off-by: Stefan Metzmacher <metze@samba.org>
2008-12-17 12:29:28 +11:00

150 lines
3.4 KiB
Plaintext
Raw Blame History

loglevel 0
### needed for initial content load ###
sizelimit unlimited
### Multimaster-ServerIDs and URLs ###
${MMR_SERVERIDS_CONFIG}
include ${LDAPDIR}/backend-schema.schema
pidfile ${LDAPDIR}/slapd.pid
argsfile ${LDAPDIR}/slapd.args
sasl-realm ${DNSDOMAIN}
#authz-regexp
# uid=([^,]*),cn=${DNSDOMAIN},cn=digest-md5,cn=auth
# ldap:///${DOMAINDN}??sub?(samAccountName=\$1)
#authz-regexp
# uid=([^,]*),cn=([^,]*),cn=digest-md5,cn=auth
# ldap:///${DOMAINDN}??sub?(samAccountName=\$1)
authz-regexp
uid=([^,]*),cn=([^,]*),cn=digest-md5,cn=auth
ldap:///cn=samba??one?(cn=\$1)
authz-regexp
uid=([^,]*),cn=([^,]*),cn=ntlm,cn=auth
ldap:///cn=samba??one?(cn=\$1)
access to dn.base=""
by dn=cn=samba-admin,cn=samba manage
by anonymous read
by * read
access to dn.subtree="cn=samba"
by anonymous auth
access to dn.subtree="${DOMAINDN}"
by dn=cn=samba-admin,cn=samba manage${REPLICATOR_ACL}
by dn=cn=manager manage
by * none
password-hash {CLEARTEXT}
include ${LDAPDIR}/modules.conf
defaultsearchbase ${DOMAINDN}
rootdn cn=Manager
overlay deref
${REFINT_CONFIG}
${MEMBEROF_CONFIG}
database ldif
suffix cn=Samba
directory ${LDAPDIR}/db/samba
rootdn cn=Manager,cn=Samba
########################################
### cn=schema ###
database hdb
suffix ${SCHEMADN}
rootdn cn=Manager,${SCHEMADN}
directory ${LDAPDIR}/db/schema
index objectClass eq
index samAccountName eq
index name eq
index objectCategory eq
index lDAPDisplayName eq
index subClassOf eq
index cn eq
index entryUUID,entryCSN eq
#syncprov is stable in OpenLDAP 2.3, and available in 2.2.
#We only need this for the contextCSN attribute anyway....
overlay syncprov
syncprov-sessionlog 100
# syncprov-checkpoint 100 10
### Multimaster-Replication of cn=schema Subcontext ###
${MMR_SYNCREPL_SCHEMA_CONFIG}
${MIRRORMODE}
#########################################
### cn=config ###
database hdb
suffix ${CONFIGDN}
rootdn cn=Manager,${CONFIGDN}
directory ${LDAPDIR}/db/config
index objectClass eq
index samAccountName eq
index name eq
index objectSid eq
index objectCategory eq
index nCName eq
index subClassOf eq
index dnsRoot eq
index nETBIOSName eq
index cn eq
index entryUUID,entryCSN eq
#syncprov is stable in OpenLDAP 2.3, and available in 2.2.
#We only need this for the contextCSN attribute anyway....
overlay syncprov
syncprov-sessionlog 100
# syncprov-checkpoint 100 10
### Multimaster-Replication of cn=config Subcontext ###
${MMR_SYNCREPL_CONFIG_CONFIG}
${MIRRORMODE}
########################################
### cn=users /base-dn ###
database hdb
suffix ${DOMAINDN}
rootdn cn=Manager,${DOMAINDN}
directory ${LDAPDIR}/db/user
index objectClass eq
index samAccountName eq
index name eq
index objectSid eq
index objectCategory eq
index member eq
index uidNumber eq
index gidNumber eq
index nCName eq
index lDAPDisplayName eq
index subClassOf eq
index dnsRoot eq
index nETBIOSName eq
index cn eq
index entryUUID,entryCSN eq
#syncprov is stable in OpenLDAP 2.3, and available in 2.2.
#We only need this for the contextCSN attribute anyway....
overlay syncprov
syncprov-sessionlog 100
# syncprov-checkpoint 100 10
### Multimaster-Replication of cn=user/base-dn context ###
${MMR_SYNCREPL_USER_CONFIG}
${MIRRORMODE}
View Git Blame Copy Permalink