| # |
| # Licensed to the Apache Software Foundation (ASF) under one |
| # or more contributor license agreements. See the NOTICE file |
| # distributed with this work for additional information |
| # regarding copyright ownership. The ASF licenses this file |
| # to you under the Apache License, Version 2.0 (the |
| # "License"); you may not use this file except in compliance |
| # with the License. You may obtain a copy of the License at |
| # |
| # http://www.apache.org/licenses/LICENSE-2.0 |
| # |
| # Unless required by applicable law or agreed to in writing, |
| # software distributed under the License is distributed on an |
| # "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY |
| # KIND, either express or implied. See the License for the |
| # specific language governing permissions and limitations |
| # under the License. |
| # |
| # |
| ######################################################################## |
| # 0. About the fortress slapd.properties file |
| ######################################################################## |
| |
| # Use this property file to override environment settings when you are using openldap directory server. |
| # These parameters are bound for the following locations by the Fortress during the init targets within the build.xml ant management utility: |
| # a. fortress.properties - Fortress' configuration file tells fortress runtime how to connect to remote resources |
| # b. refreshLDAPData.xml - Used by fortress to initialize and base load the LDAP DIT data structures. Fortress also stores runtime params inside 'ou=Config' container on remote server. |
| # c. slapd.conf - Configure the runtime OpenLDAP server (slapd) to use fortress, if applicable. |
| |
| # The ant property subsystem is fed using three files: |
| # i. user.properties - optional, when found, located in user's home directory. Properties found here take precedence over those following. |
| # ii. slapd.properties - optional, when found, located in root folder of the package. These props override those found in the build.properties file. |
| # iii. build.properties - this file is required and must be located in the root folder of the package. |
| # More info on the fortress configuration subsystem in the README-CONFIG. |
| |
| ######################################################################## |
| # 1. OVERRIDE WITH OPENLDAP SPECIFIC COORDINATES: |
| #################################################################################### |
| ldap.server.type=openldap |
| ldap.host=localhost |
| ldap.port=389 |
| suffix.name=example |
| suffix.dc=com |
| suffix=dc=${suffix.name},dc=${suffix.dc} |
| |
| # This sets the maximum search result set from LDAP, default is 1000: |
| ldap.max.batch.size=1000 |
| |
| # A value of 'false' disables storing user membership on role object, default is 'true': |
| #role.occupants=false |
| |
| #For a multi-level suffix, e.g. dc=foo, dc=example, dc=com. |
| #suffix.name=foo |
| #suffix.dc=example |
| #suffix.dc2=com |
| #suffix=dc=${suffix.name},dc=${suffix.dc},dc=${suffix.dc2} |
| |
| root.dn=cn=Manager,${suffix} |
| # Used to load OpenLDAP admin root password in slapd.conf and was encrypted using 'slappasswd' command: |
| #root.pw={SSHA}pSOV2TpCxj2NMACijkcMko4fGrFopctU |
| cfg.root.pw=secret |
| |
| # This specifies the number of default LDAP connections to maintain in the pool: |
| admin.min.conn=1 |
| admin.max.conn=10 |
| # This speicifes the number of user LDAP connections (used for user authentication operations only) to maintain in the pool: |
| # User Pool: |
| user.min.conn=1 |
| user.max.conn=10 |
| |
| # Used for slapd logger connection pool. Leave zeros when using apacheds: |
| min.log.conn=1 |
| max.log.conn=3 |
| |
| #These are passwords used for LDAP audit log service accounts: |
| # Audit Pool: |
| log.admin.user=cn=Manager,${log.suffix} |
| log.admin.pw=secret |
| |
| # Use if ldap.server.type=openldap. (Default is false): |
| disable.audit=false |
| audits.dn=cn=log |
| |
| ######################################################################## |
| # 2. BEGIN OPENLDAP SERVER CONFIGURATION SECTION: (Ignore if using HTTP or ApacheDS): |
| #################################################################################### |
| |
| # This OpenLDAP slapd logger password is bound for slapd.conf and was encrypted using 'slappasswd' command: |
| log.root.pw={SSHA}pSOV2TpCxj2NMACijkcMko4fGrFopctU |
| |
| # More Audit Config: |
| log.suffix=cn=log |
| log.ops=logops bind writes compare |
| |
| #ldap.uris=ldap://${ldap.host}:${ldap.port} |
| |
| # These are needed for client SSL connections with LDAP Server: |
| #enable.ldap.ssl=true |
| # The LDAP hostname must match the common name in the server certificate: |
| #ldap.host=fortressdemo2.com |
| # 636 is default LDAPS on OpenLDAP: |
| #ldap.port=636 |
| # If you need the ldap api to spit out more info on ssl connections: |
| #enable.ldap.ssl.debug=true |
| #trust.store.password=changeit |
| # Will pick up the truststore from the classpath if set to true which is the default. |
| #trust.store.onclasspath=true |
| #trust.store=mytruststore |
| # Otherwise, file must be specified a fully qualified filename: |
| #trust.store.onclasspath=false |
| #trust.store=/fully/qualified/path/to/mytruststore |
| |
| # These are needed for OpenLDAP startup script to enable SSL configuration: |
| #ldap.uris=ldap://${ldap.host}:389 ldaps://${ldap.host}:${ldap.port} |
| # These are needed for slapd server-side SSL configuration: |
| #tls.ca.cert.file=ca-cert.pem |
| #tls.cert.file=server-cert.pem |
| #tls.key.file=server-key.pem |
| |
| ######################################################################## |
| # 3. BEGIN HTTP CLIENT CONFIGURATION SECTION (Ignore if using LDAPv3): |
| ######################################################################## |
| |
| # The following optional HTTP parameters are needed when Fortress core client-side communicates though fortress-rest HTTP proxy (rather than LDAP) server: |
| # Thr nav URL to fortress-rest impl: uri = httpProtocol + "://" + httpHost + ":" + httpPort + "/" + "fortress-rest-" + version; + "/";: |
| # version is set as system property, i.e. -Dversion=2.0.4 |
| # Setting the enable.mgr.impl.rest to 'true' sets Fortress instance to use HTTP services rather than LDAPv3 protocol. Default value is 'false': |
| # Use interface over REST/HTTP? Default is false (use LDAPv3) |
| #enable.mgr.impl.rest=true |
| |
| # This user account is added automatically during deployment of fortress-rest via -Dload.file=./src/main/resources/FortressRestServerPolicy.xml: |
| #http.user=demouser4 |
| #http.pw=password |
| #http.host=localhost |
| #http.port=8080 |
| #http.protocol=http |
| # For TLs connections: |
| #http.port=8443 |
| #http.protocol=https |
| |
| ######################################################################## |
| # 4. RFC2307 OBJECT CLASS DEFINITIONS |
| ######################################################################## |
| # Boolean value. If true, requires rfc2307bis schema because posixUser and posixGroup must be auxiliary object classes to work with ftRls which is structural.. |
| rfc2307=false |
| |
| ######################################################################## |
| # 5. BEGIN OPENLDAP SERVER INSTALLATION SETUP: (Ignore if not calling the 'init-slapd' target to automatically install Symas OpenLDAP packages: |
| #################################################################################### |
| |
| # OpenLDAP MDB Backend config is default setting for Fortress:: |
| db.type=mdb |
| dflt.rdrs=maxreaders 64 |
| dflt.size=maxsize 1000000000 |
| log.rdrs=maxreaders 64 |
| log.size=maxsize 1000000000 |
| dflt.bdb.cache.size= |
| dflt.bdb.cache.idle.size= |
| log.bdb.cache.size= |
| |
| # These next params used by 'init-slapd' target to install OpenLDAP to target machine. Do not change any params below this line unless you know what you are doing: |
| |
| ## Symas OpenLDAP on NIX section: |
| openldap.install.artifact.dir=./ldap |
| db.root=/var/openldap |
| openldap.root=/opt/symas |
| slapd.dir=${openldap.root}/etc/openldap |
| # to start: |
| pid.dir=/var/openldap |
| db.dir=${db.root}/dflt |
| db.hist.dir=${db.root}/hist |
| db.bak.dir=${db.root}/backup/dflt |
| db.bak.hist.dir=${db.root}/backup/hist |
| |
| # unless you know what you're doing, take the default: |
| log.dbnosynch=dbnosync |
| dflt.dbnosynch=dbnosync |
| log.checkpoint=checkpoint 64 5 |
| dflt.checkpoint=checkpoint 64 5 |
| |
| # Each of the options are used for a particular Symas-OpenLDAP platform.Debian 64-bit Silver: |
| |
| #Debian 64-bit Silver: |
| #platform=Debian-Silver-x86-64 |
| #slapd.install=dpkg -i symas-openldap-silver.64_2.4.43-20151204_amd64.deb |
| #slapd.uninstall=dpkg -r symas-openldap-silver |
| #install.image.dir=/home/smckinn/archives/debian64 |
| #slapd.module.dir=${openldap.root}/lib64/openldap |
| #slapd.start=${openldap.root}/lib64/slapd -h ldap://${ldap.host}:${ldap.port} -f ${openldap.root}/etc/openldap/slapd.conf -F ${openldap.root}/etc/openldap |
| |
| # Redhat 64-bit Silver: |
| platform=Redhat-Silver-x86-64 |
| slapd.install=rpm -i symas-openldap-silver.x86_64-2.4.43-1.rpm |
| slapd.uninstall=rpm -e symas-openldap-silver |
| slapd.module.dir=${openldap.root}/lib64/openldap |
| # use the symas openldap startup script: |
| slapd.start=${openldap.root}/etc/solserver start -f ${openldap.root}/etc/openldap/slapd.conf -F ${openldap.root}/etc/openldap |
| #slapd.start=${openldap.root}/lib64/slapd -h ldap://${ldap.host}:${ldap.port} -f ${openldap.root}/etc/openldap/slapd.conf -F ${openldap.root}/etc/openldap |
| |
| ######################################################################## |
| # 6. RBAC ACCELERATOR OVERLAY PROPS |
| ######################################################################## |
| |
| rbac.accelerator=false |
| rbac.module=moduleload slapo-rbac.la |
| dds.module=moduleload dds.la |
| monitor.module=moduleload back_monitor.la |
| rbac.dn=dc=rbac |
| sessions.dn=cn=rbac |
| audit.dn=cn=audit |
| db.sess.dir=${db.root}/rbacsess |
| db.audit.dir=${db.root}/rbacaudit |
| db.rbac.dir=${db.root}/rbacoverlay |
| db.bak.audit.dir=${db.root}/backup/rbacaudit |
| db.bak.sess.dir=${db.root}/backup/rbacsess |