Openldap

slapd.conf

The following is an example of an slapd.conf file used for user and password management across a LAN.

/etc/openldap/slapd.conf

# $OpenLDAP: pkg/ldap/servers/slapd/slapd.conf,v 1.23.2.5 2002/11/26 18:26:01 kurt Exp $
#
# See slapd.conf(5) for details on configuration options.
# This file should NOT be world readable.
#
include         /etc/openldap/schema/core.schema
include         /etc/openldap/schema/cosine.schema
include         /etc/openldap/schema/inetorgperson.schema
include         /etc/openldap/schema/nis.schema
include         /etc/openldap/schema/samba3.schema

# Ensure we have strict schema checking
SchemaCheck     On
loglevel 0

# Define global ACLs to disable default read access.

# Do not enable referrals until AFTER you have a working directory
# service AND an understanding of referrals.
#referral       ldap://root.openldap.org

pidfile         /var/run/slapd/slapd.pid
argsfile        /var/run/slapd/slapd.args


#allow bind_v2 bind_anon_dn
TLSCertificateFile      /etc/openldap/server.pem
TLSCertificateKeyFile   /etc/openldap/server.pem
TLSCACertificateFile    /etc/openldap/server.pem
allow bind_v2

# Passwords only accessible by self and for auth, access to
# the phonebook for everyone

access to attrs=UserPassword
     by self write
     by anonymous read

access to dn.regex="cn=.*,o=phonebook,dc=example,dc=com$"
    by users write

access to dn.base="o=phonebook,dc=example,dc=com" attrs=entry,children
    by users write

access to *
    by self write
    by anonymous read
    by * read


#######################################################################
# ldbm database definitions
#######################################################################

database        ldbm
suffix          "dc=example,dc=com"
rootdn          "cn=root,dc=example,dc=com"
# Cleartext passwords, especially for the rootdn, should
# be avoid.  See slappasswd(8) and slapd.conf(5) for details.
# Use of strong authentication encouraged.
#rootpw         secret
# (the "q" password typed into slappasswd
rootpw          {SSHA}DFREGR3d5j3GDfoojD5333dGLFPPx
# The database directory MUST exist prior to running slapd AND
# should only be accessible by the slapd/tools. Mode 700 recommended.
directory       /var/lib/ldap
# Indices to maintain
index   objectClass     eq
replica         host=netedge.example.co.uk:389
                binddn="uid=replicator,dc=example,dc=com"
                bindmethod=simple credentials=replicate
replica         host=samba.example.co.uk:389
                binddn="uid=replicator,dc=example,dc=com"
                bindmethod=simple credentials=replicate
replogfile      /var/lib/ldap/slap_rep.log

 

To show everything in the directory.

ldapsearch -x -b "dc=example,dc=com" "(objectclass=*)"

Adding entries to the directory

Create file with details to add as follows