54 lines
1.5 KiB
Text
54 lines
1.5 KiB
Text
#
|
|
# See slapd.conf(5) for details on configuration options.
|
|
# This file should NOT be world readable.
|
|
#
|
|
|
|
# Schema configs in different file
|
|
include <%= scope.lookupvar('ldap::server::config') %>/slapd.conf.d/schema.conf
|
|
|
|
# disable logging
|
|
loglevel none
|
|
|
|
# allow ldap version 2 connections
|
|
allow bind_v2
|
|
|
|
# require modern cipher (at least 128bits) for authentication
|
|
security simple_bind=128
|
|
|
|
# limit search result sizes (but don't set hard limit)
|
|
sizelimit size.soft=500
|
|
sizelimit size.hard=none
|
|
|
|
pidfile <%= scope.lookupvar('ldap::server::rundir') %>/slapd.pid
|
|
argsfile <%= scope.lookupvar('ldap::server::rundir') %>/slapd.args
|
|
|
|
# overlay modules to load
|
|
<% if scope.lookupvar('ldap::server::modulepath') != '' -%>
|
|
modulepath <%= modulepath %>
|
|
moduleload ppolicy.la
|
|
moduleload syncprov.la
|
|
<% if ['Ubuntu','Debian'].index(operatingsystem) -%>
|
|
moduleload back_hdb.la
|
|
moduleload back_monitor.la
|
|
<% end -%>
|
|
<% if has_variable?('ldap_server_modules') -%>
|
|
<% ldap_server_modules.each do |name| -%>
|
|
moduleload <%= name %>.la
|
|
<% end -%>
|
|
<% end -%>
|
|
<% end -%>
|
|
|
|
# certificates
|
|
TLSCertificateFile <%= scope.lookupvar('ssl::certs') %>/slapd.crt
|
|
TLSCertificateKeyFile <%= scope.lookupvar('ssl::private') %>/slapd.key
|
|
TLSCACertificatePath <%= scope.lookupvar('ldap::server::config') %>/cacerts
|
|
TLSVerifyClient try
|
|
|
|
# include database configs
|
|
include <%= scope.lookupvar('ldap::server::config') %>/slapd.conf.d/database.conf
|
|
|
|
# enable monitoring database
|
|
database monitor
|
|
access to *
|
|
by peername.ip=127.0.0.1 read
|
|
by * none
|