| 1 | # |
|---|
| 2 | # Syn-3 ldap configuration for mirror2 (slave server) |
|---|
| 3 | # |
|---|
| 4 | |
|---|
| 5 | # Server ID for replication: |
|---|
| 6 | serverID 2 |
|---|
| 7 | |
|---|
| 8 | #Automaticly created on ldap-restart: |
|---|
| 9 | include /etc/openldap/schemas.conf |
|---|
| 10 | |
|---|
| 11 | # Define global ACLs to disable default read access. |
|---|
| 12 | |
|---|
| 13 | # Do not enable referrals until AFTER you have a working directory |
|---|
| 14 | # service AND an understanding of referrals. |
|---|
| 15 | #referral ldap://root.openldap.org |
|---|
| 16 | |
|---|
| 17 | #only error logging |
|---|
| 18 | loglevel none |
|---|
| 19 | sizelimit unlimited |
|---|
| 20 | |
|---|
| 21 | ####################################################################### |
|---|
| 22 | # BDB database definitions |
|---|
| 23 | ####################################################################### |
|---|
| 24 | |
|---|
| 25 | database bdb |
|---|
| 26 | cachesize 1000 |
|---|
| 27 | idlcachesize 1000 |
|---|
| 28 | dncachesize 1000 |
|---|
| 29 | |
|---|
| 30 | monitoring off |
|---|
| 31 | suffix "dc=syn-3" |
|---|
| 32 | rootdn "cn=Manager,dc=syn-3" |
|---|
| 33 | rootpw secret |
|---|
| 34 | |
|---|
| 35 | # The database directory MUST exist prior to running slapd AND |
|---|
| 36 | # should only be accessible by the slapd and slap tools. |
|---|
| 37 | # Mode 700 recommended. |
|---|
| 38 | directory /home/system/openldap/openldap-slave |
|---|
| 39 | # Indices to maintain |
|---|
| 40 | index sambaSID eq |
|---|
| 41 | index sambaPrimaryGroupSID eq |
|---|
| 42 | index sambaDomainName eq |
|---|
| 43 | index objectClass,uid,uidNumber,gidNumber,memberUid eq |
|---|
| 44 | index cn,mail,surname,givenname eq,subinitial |
|---|
| 45 | index entryCSN,entryUUID eq |
|---|
| 46 | index sambaSIDList eq |
|---|
| 47 | index sambaGroupType eq |
|---|
| 48 | index alias eq |
|---|
| 49 | index ou eq |
|---|
| 50 | index dc eq |
|---|
| 51 | index zarafaAliases eq |
|---|
| 52 | |
|---|
| 53 | |
|---|
| 54 | overlay syncprov |
|---|
| 55 | |
|---|
| 56 | # Syn-3 uses mirror mode replication. |
|---|
| 57 | # In case of failure, we (the slave) will assume the master role and accept updates. |
|---|
| 58 | syncrepl rid=001 |
|---|
| 59 | provider=ldap://ldap-master |
|---|
| 60 | bindmethod=simple |
|---|
| 61 | binddn="cn=Manager,dc=syn-3" |
|---|
| 62 | credentials=secret |
|---|
| 63 | searchbase="dc=syn-3" |
|---|
| 64 | schemachecking=on |
|---|
| 65 | type=refreshAndPersist |
|---|
| 66 | retry="10 +" |
|---|
| 67 | |
|---|
| 68 | mirrormode on |
|---|
| 69 | |
|---|
| 70 | #gebruikers kunnen zich authentificeren en hun paswoord verranderen en hun mail attribute setten |
|---|
| 71 | access to attrs=userPassword,sambaNTPassword,sambaLMPassword |
|---|
| 72 | by self write |
|---|
| 73 | by anonymous auth |
|---|
| 74 | by * none |
|---|
| 75 | |
|---|
| 76 | #openxchange addressbook |
|---|
| 77 | access to dn.regex="ou=addr,uid=(.*),ou=Users,dc=syn-3" |
|---|
| 78 | by dn.regex="uid=$1,ou=Users,dc=syn-3" write |
|---|
| 79 | by * none break |
|---|
| 80 | |
|---|
| 81 | access to dn.subtree="o=AddressBook,dc=syn-3" |
|---|
| 82 | by group="cn=AddressAdmins,o=AddressBook,dc=syn-3" write |
|---|
| 83 | by users read |
|---|
| 84 | by * none |
|---|
| 85 | |
|---|
| 86 | access to dn.subtree="ou=Users,dc=syn-3" by self write |
|---|
| 87 | by * read |
|---|
| 88 | |
|---|
| 89 | access to * |
|---|
| 90 | by * read |
|---|
