src/docker/openldap-for-apache-fortress-tests/slapd.conf - directory-fortress-core - Git at Google

 #
 #   Licensed to the Apache Software Foundation (ASF) under one
 #   or more contributor license agreements.  See the NOTICE file
 #   distributed with this work for additional information
 #   regarding copyright ownership.  The ASF licenses this file
 #   to you under the Apache License, Version 2.0 (the
 #   "License"); you may not use this file except in compliance
 #   with the License.  You may obtain a copy of the License at
 #
 #     http://www.apache.org/licenses/LICENSE-2.0
 #
 #   Unless required by applicable law or agreed to in writing,
 #   software distributed under the License is distributed on an
 #   "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
 #   KIND, either express or implied.  See the License for the
 #   specific language governing permissions and limitations
 #   under the License.
 #
 #
 # Fortress slapd.conf default settings.

 include		/etc/ldap/schema/core.schema
 include		/etc/ldap/schema/ppolicy.schema
 include		/etc/ldap/schema/cosine.schema
 include		/etc/ldap/schema/inetorgperson.schema
 include		/etc/ldap/schema/nis.schema
 include		/etc/ldap/schema/openldap.schema
 include		/etc/ldap/schema/fortress.schema
 include		/etc/ldap/schema/rbac.schema

 disallow bind_anon
 idletimeout 0
 sizelimit 5000
 timelimit 60
 threads 4
 loglevel 32768
 gentlehup on
 sortvals  roleOccupant

 pidfile		/var/run/slapd/slapd.pid
 argsfile	/var/run/slapd/slapd.args

 modulepath	/usr/lib/ldap
 moduleload	back_mdb.la
 moduleload	ppolicy.la
 moduleload  accesslog.la
 moduleload  dds.la
 moduleload  back_monitor.la

 # ACLS:
 access to dn.base=""
 by * read

 # LDAPv3 Schema
 access to dn.base="cn=subschema"
 by * read

 # Internal OpenLDAP config backend
 access to dn.subtree="cn=config"
 by * none

 # Monitor backend
 access to dn.subtree="cn=monitor"
 by dn.base="cn=Manager,dc=example,dc=com" write
 by users read

 # Generic overall privilege
 access to *
 by anonymous auth
 by dn.base="cn=Manager,dc=example,dc=com" manage
 by * break

 # Password should be protected, allow user to modify their own audit attributes.
 access to attrs=userPassword,ftModifier,ftModCode,ftModId
 by self =wx
 by * none

 # Self-readable password policy info
 access to attrs=pwdFailureTime,pwdChangedTime,pwdGraceUseTime,pwdReset,pwdPolicySubentry
 by self read
 by * none

 # Admin-only password policy info
 access to attrs=pwdAccountLockedTime,pwdHistory
 by * none

 # Users may read their own attributes
 access to attrs=@inetorgperson
 by users read
 by * none

 access to attrs=@shadowAccount
 by * none

 access to * by users read

 password-hash {SSHA}

 #######################################################################
 # History DB Settings
 #######################################################################
 database	 mdb
 maxreaders 64
 maxsize 1000000000
 suffix		"cn=log"
 rootdn      "cn=Manager,cn=log"
 rootpw      "{SSHA}pSOV2TpCxj2NMACijkcMko4fGrFopctU"
 index objectClass,reqDN,reqAuthzID,reqStart,reqAttr eq
 directory	"/var/lib/ldap/hist"
 access to *
     by dn.base="cn=Manager,cn=log" write
 dbnosync
 checkpoint   64 5

 #######################################################################
 # Default DB Settings
 #######################################################################
 database	mdb
 maxreaders 64
 maxsize 1000000000
 suffix		"dc=example,dc=com"
 rootdn      "cn=Manager,dc=example,dc=com"
 rootpw      "{SSHA}pSOV2TpCxj2NMACijkcMko4fGrFopctU"

 index uidNumber,gidNumber,objectclass eq
 index cn,sn,ftObjNm,ftOpNm,ftRoleName,uid,ou eq,sub
 index ftId,ftPermName,ftRoles,ftUsers,ftRA,ftARA eq

 directory	"/var/lib/ldap/dflt"
 overlay accesslog
 logdb   "cn=log"
 dbnosync
 checkpoint	64 5

 #######################################################################
 # Audit Log Settings
 #######################################################################
 logops bind writes compare
 logoldattr ftModifier ftModCode ftModId ftRC ftRA ftARC ftARA ftCstr ftId ftPermName ftObjNm ftOpNm ftObjId ftGroups ftRoles ftUsers ftType
 logpurge 5+00:00 1+00:00

 #######################################################################
 # PW Policy Settings
 #######################################################################
 # Enable the Password Policy overlay to enforce password policies on this database.
 overlay     ppolicy
 ppolicy_default "cn=PasswordPolicy,ou=Policies,dc=example,dc=com"
 ppolicy_use_lockout
 ppolicy_hash_cleartext

 #######################################################################
 # Monitor database
 #######################################################################
 database monitor
	#
	# Licensed to the Apache Software Foundation (ASF) under one
	# or more contributor license agreements. See the NOTICE file
	# distributed with this work for additional information
	# regarding copyright ownership. The ASF licenses this file
	# to you under the Apache License, Version 2.0 (the
	# "License"); you may not use this file except in compliance
	# with the License. You may obtain a copy of the License at
	#
	# http://www.apache.org/licenses/LICENSE-2.0
	#
	# Unless required by applicable law or agreed to in writing,
	# software distributed under the License is distributed on an
	# "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
	# KIND, either express or implied. See the License for the
	# specific language governing permissions and limitations
	# under the License.
	#
	#
	# Fortress slapd.conf default settings.

	include /etc/ldap/schema/core.schema
	include /etc/ldap/schema/ppolicy.schema
	include /etc/ldap/schema/cosine.schema
	include /etc/ldap/schema/inetorgperson.schema
	include /etc/ldap/schema/nis.schema
	include /etc/ldap/schema/openldap.schema
	include /etc/ldap/schema/fortress.schema
	include /etc/ldap/schema/rbac.schema

	disallow bind_anon
	idletimeout 0
	sizelimit 5000
	timelimit 60
	threads 4
	loglevel 32768
	gentlehup on
	sortvals roleOccupant

	pidfile /var/run/slapd/slapd.pid
	argsfile /var/run/slapd/slapd.args

	modulepath /usr/lib/ldap
	moduleload back_mdb.la
	moduleload ppolicy.la
	moduleload accesslog.la
	moduleload dds.la
	moduleload back_monitor.la

	# ACLS:
	access to dn.base=""
	by * read

	# LDAPv3 Schema
	access to dn.base="cn=subschema"
	by * read

	# Internal OpenLDAP config backend
	access to dn.subtree="cn=config"
	by * none

	# Monitor backend
	access to dn.subtree="cn=monitor"
	by dn.base="cn=Manager,dc=example,dc=com" write
	by users read

	# Generic overall privilege
	access to *
	by anonymous auth
	by dn.base="cn=Manager,dc=example,dc=com" manage
	by * break

	# Password should be protected, allow user to modify their own audit attributes.
	access to attrs=userPassword,ftModifier,ftModCode,ftModId
	by self =wx
	by * none

	# Self-readable password policy info
	access to attrs=pwdFailureTime,pwdChangedTime,pwdGraceUseTime,pwdReset,pwdPolicySubentry
	by self read
	by * none

	# Admin-only password policy info
	access to attrs=pwdAccountLockedTime,pwdHistory
	by * none

	# Users may read their own attributes
	access to attrs=@inetorgperson
	by users read
	by * none

	access to attrs=@shadowAccount
	by * none

	access to * by users read

	password-hash {SSHA}

	#######################################################################
	# History DB Settings
	#######################################################################
	database mdb
	maxreaders 64
	maxsize 1000000000
	suffix "cn=log"
	rootdn "cn=Manager,cn=log"
	rootpw "{SSHA}pSOV2TpCxj2NMACijkcMko4fGrFopctU"
	index objectClass,reqDN,reqAuthzID,reqStart,reqAttr eq
	directory "/var/lib/ldap/hist"
	access to *
	by dn.base="cn=Manager,cn=log" write
	dbnosync
	checkpoint 64 5

	#######################################################################
	# Default DB Settings
	#######################################################################
	database mdb
	maxreaders 64
	maxsize 1000000000
	suffix "dc=example,dc=com"
	rootdn "cn=Manager,dc=example,dc=com"
	rootpw "{SSHA}pSOV2TpCxj2NMACijkcMko4fGrFopctU"

	index uidNumber,gidNumber,objectclass eq
	index cn,sn,ftObjNm,ftOpNm,ftRoleName,uid,ou eq,sub
	index ftId,ftPermName,ftRoles,ftUsers,ftRA,ftARA eq

	directory "/var/lib/ldap/dflt"
	overlay accesslog
	logdb "cn=log"
	dbnosync
	checkpoint 64 5

	#######################################################################
	# Audit Log Settings
	#######################################################################
	logops bind writes compare
	logoldattr ftModifier ftModCode ftModId ftRC ftRA ftARC ftARA ftCstr ftId ftPermName ftObjNm ftOpNm ftObjId ftGroups ftRoles ftUsers ftType
	logpurge 5+00:00 1+00:00

	#######################################################################
	# PW Policy Settings
	#######################################################################
	# Enable the Password Policy overlay to enforce password policies on this database.
	overlay ppolicy
	ppolicy_default "cn=PasswordPolicy,ou=Policies,dc=example,dc=com"
	ppolicy_use_lockout
	ppolicy_hash_cleartext

	#######################################################################
	# Monitor database
	#######################################################################
	database monitor