summaryrefslogtreecommitdiff
path: root/conf/templates/slapd.conf.template
diff options
context:
space:
mode:
authorGunnar Wrobel <wrobel@pardus.de>2010-09-21 06:01:09 (GMT)
committerGunnar Wrobel <wrobel@pardus.de>2010-09-21 06:01:09 (GMT)
commit035b6ca3011aa11fe857cf9009f5c065692349e6 (patch)
tree52490588f0525562b3862632373ecbc1a33758a8 /conf/templates/slapd.conf.template
parentd8cfb63eda23f3893f9230ce2c7f375c5c89bde4 (diff)
downloadkolab-conf-035b6ca3011aa11fe857cf9009f5c065692349e6.tar.gz
Cleaned all templates of the dist_conf approach.
Diffstat (limited to 'conf/templates/slapd.conf.template')
-rw-r--r--conf/templates/slapd.conf.template252
1 files changed, 252 insertions, 0 deletions
diff --git a/conf/templates/slapd.conf.template b/conf/templates/slapd.conf.template
new file mode 100644
index 0000000..075028a
--- /dev/null
+++ b/conf/templates/slapd.conf.template
@@ -0,0 +1,252 @@
+KOLAB_META_START
+TARGET=@@@ldapserver_confdir@@@/slapd.conf
+PERMISSIONS=0640
+OWNERSHIP=@@@ldapserver_usr@@@:@@@ldapserver_grp@@@
+RUNONCHANGE=@@@KOLABRC@@@ rc openldap restart
+KOLAB_META_END
+# (c) 2003 Tassilo Erlewein <tassilo.erlewein@erfrakon.de>
+# (c) 2003-2007 Martin Konold <martin.konold@erfrakon.de>
+# (c) 2003 Achim Frank <achim.frank@erfrakon.de>
+# This program is Free Software under the GNU General Public License (>=v2).
+# Read the file COPYING that comes with this packages for details.
+
+@@@warning@@@
+
+@@@if ldapserver_modulepath@@@
+modulepath @@@ldapserver_modulepath@@@
+moduleload back_bdb
+moduleload back_monitor
+moduleload refint
+moduleload unique
+@@@endif@@@
+
+# manual additions are lost unless made to the template in the Kolab config directory
+# the template is @@@sysconfdir@@@/kolab/templates/slapd.conf.template
+
+include @@@ldapserver_schemadir@@@/core.schema
+include @@@ldapserver_schemadir@@@/cosine.schema
+include @@@ldapserver_schemadir@@@/inetorgperson.schema
+include @@@ldapserver_schemadir@@@/kolab2.schema
+
+# Only include this in case you need the calFBURL attribute in
+# kolabInetOrgPerson objects.
+# see also kolab/issue3245 (https://issues.kolab.org/issue3245)
+#
+# The schema remains available at
+# /kolab/var/kolab/www/client/turba/scripts/ldap/rfc2739.schema
+#include @@@ldapserver_schemadir@@@/rfc2739.schema
+
+# Only include this in case you want to store the preferences of the
+# kolab web client in LDAP.
+# see also kolab/issue3245 (https://issues.kolab.org/issue3245)
+#
+# The schema remains available at
+# /kolab/var/kolab/www/client/scripts/ldap/horde.schema
+#include @@@ldapserver_schemadir@@@/horde.schema
+
+pidfile @@@ldapserver_pidfile@@@
+argsfile @@@ldapserver_argsfile@@@
+
+@@@if directory_replication_mode_is_syncrepl@@@
+# Depending on the build options of openldap the syncprov module is statically
+# or dynamically build. When build dynamically the module must be loaded.
+# As the slapd that comes with the openpkg version of kolab is statically
+# build it is not necessary to load the module.
+@@@if ldapserver_modulepath@@@
+moduleload syncprov
+@@@else@@@
+# moduleload syncprov
+@@@endif@@@
+@@@else@@@
+replica-pidfile @@@ldapserverslurpd_pidfile@@@
+replogfile @@@ldapserver_replogfile@@@
+replicationinterval 5
+@@@endif@@@
+
+@@@if bootstrap_config@@@
+@@@else@@@
+TLSCertificateFile @@@sysconfdir@@@/kolab/cert.pem
+TLSCertificateKeyFile @@@sysconfdir@@@/kolab/key.pem
+@@@endif@@@
+
+rootDSE @@@sysconfdir@@@/kolab/rootDSE.ldif
+
+defaultsearchbase "@@@base_dn@@@"
+
+#require none
+allow bind_v2
+
+loglevel none
+
+database bdb
+suffix "@@@base_dn@@@"
+cachesize 10000
+checkpoint 512 5
+idlcachesize 10000
+
+# The idletimeout can be increased if some clients develop problems.
+# Please report to kolab-devel@kolab.org if you encounter such a client.
+idletimeout 300
+
+@@@if directory_replication_mode_is_syncrepl@@@
+# Use syncprov/syncrepl method for ldap replication
+overlay syncprov
+syncprov-checkpoint 1024 16
+syncprov-sessionlog 4096
+syncprov-reloadhint TRUE
+index entryCSN eq
+index entryUUID eq
+@@@endif@@@
+
+dirtyread
+
+directory @@@ldapserver_dir@@@
+
+rootdn "@@@bind_dn@@@"
+rootpw "@@@bind_pw_hash@@@"
+
+replica uri=ldap://@@@slurpd_addr@@@:@@@slurpd_port@@@
+ binddn="cn=replicator"
+ bindmethod=simple
+ credentials=secret
+
+#### Using overlays to improve data consistency
+# Ensure that we never get dangling member attributes
+# Checked on rename and delete
+overlay refint
+refint_attributes member
+
+# The mail and the uid attribute must be unique.
+overlay unique
+unique_attributes mail uid
+
+index objectClass pres,eq
+index uid approx,sub,pres,eq
+index mail approx,sub,pres,eq
+index alias approx,sub,pres,eq
+index cn approx,sub,pres,eq
+index sn approx,sub,pres,eq
+index givenName approx,sub,pres,eq
+index kolabDelegate approx,sub,pres,eq
+index kolabHomeServer pres,eq
+index kolabDeleteflag pres,eq
+index member pres,eq
+
+include @@@ldapserver_confdir@@@/slapd.access
+
+access to dn="@@@base_dn@@@" attrs=children
+ by group/kolabGroupOfNames="cn=admin,cn=internal,@@@base_dn@@@" write
+ by group/kolabGroupOfNames="cn=maintainer,cn=internal,@@@base_dn@@@" write
+ by group/kolabGroupOfNames="cn=domain-maintainer,cn=internal,@@@base_dn@@@" write
+
+access to dn="cn=internal,@@@base_dn@@@" attrs=children
+ by group/kolabGroupOfNames="cn=admin,cn=internal,@@@base_dn@@@" write
+ by group/kolabGroupOfNames="cn=maintainer,cn=internal,@@@base_dn@@@" write
+ by group/kolabGroupOfNames="cn=domain-maintainer,cn=internal,@@@base_dn@@@" write
+
+access to attrs=userPassword
+ by group/kolabGroupOfNames="cn=admin,cn=internal,@@@base_dn@@@" =wx
+ by group/kolabGroupOfNames="cn=maintainer,cn=internal,@@@base_dn@@@" =wx
+ by self =wx
+ by anonymous =x
+ by * none stop
+
+access to attrs=mail
+ by group/kolabGroupOfNames="cn=admin,cn=internal,@@@base_dn@@@" write
+ by group/kolabGroupOfNames="cn=maintainer,cn=internal,@@@base_dn@@@" write
+ by * read stop
+
+access to attrs=alias
+ by group/kolabGroupOfNames="cn=admin,cn=internal,@@@base_dn@@@" write
+ by group/kolabGroupOfNames="cn=maintainer,cn=internal,@@@base_dn@@@" write
+ by * read stop
+
+access to attrs=uid
+ by group/kolabGroupOfNames="cn=admin,cn=internal,@@@base_dn@@@" write
+ by group/kolabGroupOfNames="cn=maintainer,cn=internal,@@@base_dn@@@" write
+ by * read stop
+
+access to attrs=cyrus-userquota
+ by group/kolabGroupOfNames="cn=admin,cn=internal,@@@base_dn@@@" write
+ by group/kolabGroupOfNames="cn=maintainer,cn=internal,@@@base_dn@@@" write
+ by self read stop
+
+access to attrs=kolabHomeServer
+ by group/kolabGroupOfNames="cn=admin,cn=internal,@@@base_dn@@@" write
+ by group/kolabGroupOfNames="cn=maintainer,cn=internal,@@@base_dn@@@" write
+ by * read stop
+
+access to attrs=kolabHomeMTA
+ by group/kolabGroupOfNames="cn=admin,cn=internal,@@@base_dn@@@" write
+ by group/kolabGroupOfNames="cn=maintainer,cn=internal,@@@base_dn@@@" write
+ by * read stop
+
+access to attrs=kolabAllowSMTPRecipient
+ by group/kolabGroupOfNames="cn=admin,cn=internal,@@@base_dn@@@" write
+ by group/kolabGroupOfNames="cn=maintainer,cn=internal,@@@base_dn@@@" write
+ by dn="cn=nobody,cn=internal,@@@base_dn@@@" read
+ by self read stop
+
+access to dn="cn=nobody,@@@base_dn@@@"
+ by anonymous auth stop
+
+access to dn="cn=manager,cn=internal,@@@base_dn@@@"
+ by dn="cn=nobody,cn=internal,@@@base_dn@@@" read
+ by self write
+ by anonymous auth stop
+
+access to dn="cn=admin,cn=internal,@@@base_dn@@@"
+ by group/kolabGroupOfNames="cn=admin,cn=internal,@@@base_dn@@@" write
+ by dn="cn=nobody,cn=internal,@@@base_dn@@@" read
+ by self write
+ by anonymous auth stop
+
+access to dn="cn=maintainer,cn=internal,@@@base_dn@@@"
+ by group/kolabGroupOfNames="cn=admin,cn=internal,@@@base_dn@@@" write
+ by group/kolabGroupOfNames="cn=maintainer,cn=internal,@@@base_dn@@@" read
+ by dn="cn=nobody,cn=internal,@@@base_dn@@@" read
+ by self write
+ by anonymous auth stop
+
+access to dn.regex="(.*,)?cn=internal,@@@base_dn@@@"
+ by group/kolabGroupOfNames="cn=admin,cn=internal,@@@base_dn@@@" write
+ by group/kolabGroupOfNames="cn=maintainer,cn=internal,@@@base_dn@@@" write
+ by self write
+ by dn="cn=nobody,cn=internal,@@@base_dn@@@" read
+ by anonymous auth stop
+
+access to dn.regex="(.*,)?cn=external,@@@base_dn@@@"
+ by group/kolabGroupOfNames="cn=admin,cn=internal,@@@base_dn@@@" write
+ by group/kolabGroupOfNames="cn=maintainer,cn=internal,@@@base_dn@@@" write
+ by * read stop
+
+access to dn="cn=external,@@@base_dn@@@"
+ by dn="cn=nobody,cn=internal,@@@base_dn@@@" read
+ by * search stop
+
+access to dn="cn=internal,@@@base_dn@@@"
+ by dn="cn=nobody,cn=internal,@@@base_dn@@@" read
+ by * search stop
+
+access to dn="k=kolab,@@@base_dn@@@"
+ by group/kolabGroupOfNames="cn=admin,cn=internal,@@@base_dn@@@" write
+ by group/kolabGroupOfNames="cn=maintainer,cn=internal,@@@base_dn@@@" read
+ by group/kolabGroupOfNames="cn=domain-maintainer,cn=internal,@@@base_dn@@@" read
+ by dn="cn=nobody,cn=internal,@@@base_dn@@@" read
+ by * none stop
+
+access to *
+ by self write
+ by group/kolabGroupOfNames="cn=admin,cn=internal,@@@base_dn@@@" write
+ by group/kolabGroupOfNames="cn=maintainer,cn=internal,@@@base_dn@@@" write
+ by * read stop
+
+include @@@ldapserver_confdir@@@/slapd.replicas
+
+
+database monitor
+
+access to *
+ by group/kolabGroupOfNames="cn=admin,cn=internal,@@@base_dn@@@" write
+ by * none stop
+