mirror of
https://github.com/samba-team/samba.git
synced 2024-12-23 17:34:34 +03:00
f87811f6b3
This removes a *lot* of duplicated code and the cause of much administrator frustration. We now handle starting and stopping the slapd (at least for the provision), and ensure that there is only one 'right' way to configure the OpenLDAP and Fedora DS backend We now run OpenLDAP in 'cn=config' mode for online configuration. To test what was the provision-backend code, a new --ldap-dryrun-mode option has been added to provision. It quits the provision just before it would start the LDAP binaries Andrew Bartlett
132 lines
2.9 KiB
Plaintext
132 lines
2.9 KiB
Plaintext
loglevel 0
|
|
|
|
### needed for initial content load ###
|
|
sizelimit unlimited
|
|
|
|
### Multimaster-ServerIDs and URLs ###
|
|
|
|
${MMR_SERVERIDS_CONFIG}
|
|
|
|
include ${LDAPDIR}/backend-schema.schema
|
|
|
|
pidfile ${LDAPDIR}/slapd.pid
|
|
argsfile ${LDAPDIR}/slapd.args
|
|
sasl-realm ${DNSDOMAIN}
|
|
|
|
#authz-regexp
|
|
# uid=([^,]*),cn=${DNSDOMAIN},cn=digest-md5,cn=auth
|
|
# ldap:///${DOMAINDN}??sub?(samAccountName=\$1)
|
|
|
|
#authz-regexp
|
|
# uid=([^,]*),cn=([^,]*),cn=digest-md5,cn=auth
|
|
# ldap:///${DOMAINDN}??sub?(samAccountName=\$1)
|
|
|
|
authz-regexp
|
|
uid=([^,]*),cn=([^,]*),cn=digest-md5,cn=auth
|
|
ldap:///cn=samba??one?(cn=\$1)
|
|
|
|
authz-regexp
|
|
uid=([^,]*),cn=([^,]*),cn=ntlm,cn=auth
|
|
ldap:///cn=samba??one?(cn=\$1)
|
|
|
|
access to dn.base=""
|
|
by dn=cn=samba-admin,cn=samba manage
|
|
by anonymous read
|
|
by * read
|
|
|
|
access to dn.subtree="cn=samba"
|
|
by anonymous auth
|
|
|
|
access to dn.subtree="${DOMAINDN}"
|
|
by dn=cn=samba-admin,cn=samba manage${REPLICATOR_ACL}
|
|
by dn=cn=manager manage
|
|
by * none
|
|
|
|
password-hash {CLEARTEXT}
|
|
|
|
defaultsearchbase ${DOMAINDN}
|
|
|
|
rootdn cn=Manager
|
|
|
|
overlay deref
|
|
|
|
${REFINT_CONFIG}
|
|
|
|
${MEMBEROF_CONFIG}
|
|
|
|
database ldif
|
|
suffix cn=Samba
|
|
directory ${LDAPDIR}/db/samba
|
|
rootdn cn=Manager,cn=Samba
|
|
|
|
########################################
|
|
## olc - configuration ###
|
|
database config
|
|
rootdn cn=config
|
|
|
|
${OLC_SYNCREPL_CONFIG}
|
|
${OLC_MMR_CONFIG}
|
|
|
|
access to dn.sub="cn=config"
|
|
by dn="cn=samba-admin,cn=samba" write
|
|
by dn="cn=replicator,cn=samba" read
|
|
|
|
|
|
########################################
|
|
### cn=schema ###
|
|
database hdb
|
|
suffix ${SCHEMADN}
|
|
rootdn cn=Manager,${SCHEMADN}
|
|
directory ${LDAPDIR}/db/schema
|
|
${NOSYNC}
|
|
${INDEX_CONFIG}
|
|
|
|
#syncprov is stable in OpenLDAP 2.3, and available in 2.2.
|
|
#We need this for the contextCSN attribute and mmr.
|
|
overlay syncprov
|
|
syncprov-sessionlog 100
|
|
syncprov-checkpoint 100 10
|
|
|
|
|
|
### Multimaster-Replication of cn=schema Subcontext ###
|
|
${MMR_SYNCREPL_SCHEMA_CONFIG}
|
|
${MIRRORMODE}
|
|
|
|
#########################################
|
|
### cn=config ###
|
|
database hdb
|
|
suffix ${CONFIGDN}
|
|
rootdn cn=Manager,${CONFIGDN}
|
|
directory ${LDAPDIR}/db/config
|
|
${NOSYNC}
|
|
${INDEX_CONFIG}
|
|
|
|
#syncprov is stable in OpenLDAP 2.3, and available in 2.2.
|
|
#We need this for the contextCSN attribute and mmr.
|
|
overlay syncprov
|
|
syncprov-sessionlog 100
|
|
syncprov-checkpoint 100 10
|
|
|
|
### Multimaster-Replication of cn=config Subcontext ###
|
|
${MMR_SYNCREPL_CONFIG_CONFIG}
|
|
${MIRRORMODE}
|
|
|
|
########################################
|
|
### cn=users /base-dn ###
|
|
database hdb
|
|
suffix ${DOMAINDN}
|
|
rootdn cn=Manager,${DOMAINDN}
|
|
directory ${LDAPDIR}/db/user
|
|
${NOSYNC}
|
|
${INDEX_CONFIG}
|
|
|
|
#syncprov is stable in OpenLDAP 2.3, and available in 2.2.
|
|
#We need this for the contextCSN attribute and mmr.
|
|
overlay syncprov
|
|
syncprov-sessionlog 100
|
|
syncprov-checkpoint 100 10
|
|
|
|
### Multimaster-Replication of cn=user/base-dn context ###
|
|
${MMR_SYNCREPL_USER_CONFIG}
|
|
${MIRRORMODE}
|