Tree - rpms/selinux-policy - CentOS Git server

rpms / selinux-policy

Blame testing/ldap/slapd.conf

Blob History Raw

Ryan Haggerty	689417	`#`
Ryan Haggerty	689417	`# See slapd.conf(5) for details on configuration options.`
Ryan Haggerty	689417	`# This file should NOT be world readable.`
Ryan Haggerty	689417	`#`
Ryan Haggerty	689417	`include /etc/openldap/schema/core.schema`
Ryan Haggerty	689417	`include /etc/openldap/schema/cosine.schema`
Ryan Haggerty	689417	`include /etc/openldap/schema/inetorgperson.schema`
Ryan Haggerty	689417	`include /etc/openldap/schema/nis.schema`
Ryan Haggerty	689417
Ryan Haggerty	689417	`# Allow LDAPv2 client connections. This is NOT the default.`
Ryan Haggerty	689417	`allow bind_v2`
Ryan Haggerty	689417
Ryan Haggerty	689417	`# Do not enable referrals until AFTER you have a working directory`
Ryan Haggerty	689417	`# service AND an understanding of referrals.`
Ryan Haggerty	689417	`#referral ldap://root.openldap.org`
Ryan Haggerty	689417
Ryan Haggerty	689417	`pidfile /var/run/slapd.pid`
Ryan Haggerty	689417	`argsfile /var/run/slapd.args`
Ryan Haggerty	689417
Ryan Haggerty	689417	`# Load dynamic backend modules:`
Ryan Haggerty	689417	`# modulepath /usr/sbin/openldap`
Ryan Haggerty	689417	`# moduleload back_bdb.la`
Ryan Haggerty	689417	`# moduleload back_ldap.la`
Ryan Haggerty	689417	`# moduleload back_ldbm.la`
Ryan Haggerty	689417	`# moduleload back_passwd.la`
Ryan Haggerty	689417	`# moduleload back_shell.la`
Ryan Haggerty	689417
Ryan Haggerty	689417	`# The next three lines allow use of TLS for encrypting connections using a`
Ryan Haggerty	689417	`# dummy test certificate which you can generate by changing to`
Ryan Haggerty	689417	`# /etc/pki/tls/certs, running "make slapd.pem", and fixing permissions on`
Ryan Haggerty	689417	`# slapd.pem so that the ldap user or group can read it. Your client software`
Ryan Haggerty	689417	`# may balk at self-signed certificates, however.`
Ryan Haggerty	689417	`# TLSCACertificateFile /etc/pki/tls/certs/ca-bundle.crt`
Ryan Haggerty	689417	`# TLSCertificateFile /etc/pki/tls/certs/slapd.pem`
Ryan Haggerty	689417	`# TLSCertificateKeyFile /etc/pki/tls/certs/slapd.pem`
Ryan Haggerty	689417
Ryan Haggerty	689417	`# Sample security restrictions`
Ryan Haggerty	689417	`# Require integrity protection (prevent hijacking)`
Ryan Haggerty	689417	`# Require 112-bit (3DES or better) encryption for updates`
Ryan Haggerty	689417	`# Require 63-bit encryption for simple bind`
Ryan Haggerty	689417	`# security ssf=1 update_ssf=112 simple_bind=64`
Ryan Haggerty	689417
Ryan Haggerty	689417	`# Sample access control policy:`
Ryan Haggerty	689417	`# Root DSE: allow anyone to read it`
Ryan Haggerty	689417	`# Subschema (sub)entry DSE: allow anyone to read it`
Ryan Haggerty	689417	`# Other DSEs:`
Ryan Haggerty	689417	`# Allow self write access`
Ryan Haggerty	689417	`# Allow authenticated users read access`
Ryan Haggerty	689417	`# Allow anonymous users to authenticate`
Ryan Haggerty	689417	`# Directives needed to implement policy:`
Ryan Haggerty	689417	`# access to dn.base="" by * read`
Ryan Haggerty	689417	`# access to dn.base="cn=Subschema" by * read`
Ryan Haggerty	689417	`# access to *`
Ryan Haggerty	689417	`# by self write`
Ryan Haggerty	689417	`# by users read`
Ryan Haggerty	689417	`# by anonymous auth`
Ryan Haggerty	689417	`#`
Ryan Haggerty	689417	`# if no access controls are present, the default policy`
Ryan Haggerty	689417	`# allows anyone and everyone to read anything but restricts`
Ryan Haggerty	689417	`# updates to rootdn. (e.g., "access to * by * read")`
Ryan Haggerty	689417	`#`
Ryan Haggerty	689417	`# rootdn can always read and write EVERYTHING!`
Ryan Haggerty	689417
Ryan Haggerty	689417	`#just allow anyone to do whatever for testing purposes`
Ryan Haggerty	689417	`access to *`
Ryan Haggerty	689417	`by * write`
Ryan Haggerty	689417
Ryan Haggerty	689417	`#######################################################################`
Ryan Haggerty	689417	`# ldbm and/or bdb database definitions`
Ryan Haggerty	689417	`#######################################################################`
Ryan Haggerty	689417
Ryan Haggerty	689417	`database bdb`
Ryan Haggerty	689417	`suffix "dc=plainjoe,dc=org"`
Ryan Haggerty	689417	`rootdn "cn=Manager,dc=plainjoe,dc=org"`
Ryan Haggerty	689417	`# Cleartext passwords, especially for the rootdn, should`
Ryan Haggerty	689417	`# be avoided. See slappasswd(8) and slapd.conf(5) for details.`
Ryan Haggerty	689417	`# Use of strong authentication encouraged.`
Ryan Haggerty	689417	`# rootpw secret`
Ryan Haggerty	689417	`# rootpw {crypt}ijFYNcSNctBYg`
Ryan Haggerty	689417	`rootpw {SSHA}3Q3i+6viSPu3ZIso9ta6cYtNS4TEAXuO`
Ryan Haggerty	689417
Ryan Haggerty	689417	`# The database directory MUST exist prior to running slapd AND`
Ryan Haggerty	689417	`# should only be accessible by the slapd and slap tools.`
Ryan Haggerty	689417	`# Mode 700 recommended.`
Ryan Haggerty	689417	`directory /var/lib/ldap`
Ryan Haggerty	689417
Ryan Haggerty	689417	`# Indices to maintain for this database`
Ryan Haggerty	689417	`index objectClass eq,pres`
Ryan Haggerty	689417	`index ou,cn,mail,surname,givenname eq,pres,sub`
Ryan Haggerty	689417	`index uidNumber,gidNumber,loginShell eq,pres`
Ryan Haggerty	689417	`index uid,memberUid eq,pres,sub`
Ryan Haggerty	689417	`index nisMapName,nisMapEntry eq,pres,sub`
Ryan Haggerty	689417
Ryan Haggerty	689417	`# Replicas of this database`
Ryan Haggerty	689417	`#replogfile /var/lib/ldap/openldap-master-replog`
Ryan Haggerty	689417	`#replica host=ldap-1.example.com:389 starttls=critical`
Ryan Haggerty	689417	`# bindmethod=sasl saslmech=GSSAPI`
Ryan Haggerty	689417	`# authcId=host/ldap-master.example.com@EXAMPLE.COM`

rpms / selinux-policy

Source Code

Blame testing/ldap/slapd.conf