Convert DOS to UNIX file

This commit is contained in:
paul 2017-09-10 10:07:14 +02:00 committed by Hive
parent 8ce68659d9
commit f6244797b5

View file

@ -1,177 +1,177 @@
# this file was adapted from the default /usr/share/slapd/slapd.init.ldif # this file was adapted from the default /usr/share/slapd/slapd.init.ldif
# Global config: # Global config:
dn: cn=config dn: cn=config
objectClass: olcGlobal objectClass: olcGlobal
cn: config cn: config
olcPidFile: /var/run/slapd/slapd.pid olcPidFile: /var/run/slapd/slapd.pid
# List of arguments that were passed to the server # List of arguments that were passed to the server
olcArgsFile: /var/run/slapd/slapd.args olcArgsFile: /var/run/slapd/slapd.args
# Read slapd-config(5) for possible values # Read slapd-config(5) for possible values
olcLogLevel: none olcLogLevel: none
# The tool-threads parameter sets the actual amount of cpu's that is used # The tool-threads parameter sets the actual amount of cpu's that is used
# for indexing. # for indexing.
olcToolThreads: 1 olcToolThreads: 1
# Define used format for CRYPT algorithm # Define used format for CRYPT algorithm
# (SHA-512 16-char-salt 50000 rounds) # (SHA-512 16-char-salt 50000 rounds)
olcPasswordCryptSaltFormat: $6$rounds=50000$%.16s olcPasswordCryptSaltFormat: $6$rounds=50000$%.16s
# Frontend settings # Frontend settings
dn: olcDatabase={-1}frontend,cn=config dn: olcDatabase={-1}frontend,cn=config
objectClass: olcDatabaseConfig objectClass: olcDatabaseConfig
objectClass: olcFrontendConfig objectClass: olcFrontendConfig
olcDatabase: {-1}frontend olcDatabase: {-1}frontend
# The maximum number of entries that is returned for a search operation # The maximum number of entries that is returned for a search operation
olcSizeLimit: 500 olcSizeLimit: 500
# Allow unlimited access to local connection from the local root user # Allow unlimited access to local connection from the local root user
olcAccess: {0}to * by dn.exact=gidNumber=0+uidNumber=0,cn=peercred,cn=external,cn=auth manage by * break olcAccess: {0}to * by dn.exact=gidNumber=0+uidNumber=0,cn=peercred,cn=external,cn=auth manage by * break
# Allow unauthenticated read access for schema and base DN autodiscovery # Allow unauthenticated read access for schema and base DN autodiscovery
olcAccess: {1}to dn.exact="" by * read olcAccess: {1}to dn.exact="" by * read
olcAccess: {2}to dn.base="cn=Subschema" by * read olcAccess: {2}to dn.base="cn=Subschema" by * read
# Define CRYPT as preferred algorighm for password hashing # Define CRYPT as preferred algorighm for password hashing
olcPasswordHash: {CRYPT} olcPasswordHash: {CRYPT}
# Config db settings # Config db settings
dn: olcDatabase=config,cn=config dn: olcDatabase=config,cn=config
objectClass: olcDatabaseConfig objectClass: olcDatabaseConfig
olcDatabase: config olcDatabase: config
# Allow unlimited access to local connection from the local root user # Allow unlimited access to local connection from the local root user
olcAccess: to * by dn.exact=gidNumber=0+uidNumber=0,cn=peercred,cn=external,cn=auth manage by * break olcAccess: to * by dn.exact=gidNumber=0+uidNumber=0,cn=peercred,cn=external,cn=auth manage by * break
olcRootDN: cn=admin,cn=config olcRootDN: cn=admin,cn=config
olcRootPW: @PASSWORD@ olcRootPW: @PASSWORD@
# Load schemas # Load schemas
dn: cn=schema,cn=config dn: cn=schema,cn=config
objectClass: olcSchemaConfig objectClass: olcSchemaConfig
cn: schema cn: schema
# base schemas # base schemas
include: file:///etc/ldap/schema/core.ldif include: file:///etc/ldap/schema/core.ldif
include: file:///etc/ldap/schema/cosine.ldif include: file:///etc/ldap/schema/cosine.ldif
include: file:///etc/ldap/schema/nis.ldif include: file:///etc/ldap/schema/nis.ldif
include: file:///etc/ldap/schema/inetorgperson.ldif include: file:///etc/ldap/schema/inetorgperson.ldif
# additional schemas # additional schemas
include: file:///etc/ldap/schema/ppolicy.ldif include: file:///etc/ldap/schema/ppolicy.ldif
# Load module # Load module
dn: cn=module{0},cn=config dn: cn=module{0},cn=config
objectClass: olcModuleList objectClass: olcModuleList
cn: module{0} cn: module{0}
# Where the dynamically loaded modules are stored # Where the dynamically loaded modules are stored
olcModulePath: /usr/lib/ldap olcModulePath: /usr/lib/ldap
olcModuleLoad: back_mdb olcModuleLoad: back_mdb
# Load memberof module # Load memberof module
dn: cn=module{1},cn=config dn: cn=module{1},cn=config
objectClass: olcModuleList objectClass: olcModuleList
objectClass: top objectClass: top
cn: module{1} cn: module{1}
olcModulePath: /usr/lib/ldap olcModulePath: /usr/lib/ldap
olcModuleLoad: memberof.la olcModuleLoad: memberof.la
# Load refint module # Load refint module
dn: cn=module{2},cn=config dn: cn=module{2},cn=config
objectClass: olcModuleList objectClass: olcModuleList
objectClass: top objectClass: top
cn: module{2} cn: module{2}
olcModulePath: /usr/lib/ldap olcModulePath: /usr/lib/ldap
olcModuleLoad: refint.la olcModuleLoad: refint.la
# Load password policy module # Load password policy module
dn: cn=module{3},cn=config dn: cn=module{3},cn=config
objectClass: olcModuleList objectClass: olcModuleList
objectClass: top objectClass: top
cn: module{3} cn: module{3}
olcModulePath: /usr/lib/ldap olcModulePath: /usr/lib/ldap
olcModuleLoad: ppolicy.la olcModuleLoad: ppolicy.la
# Set defaults for the backend # Set defaults for the backend
dn: olcBackend=mdb,cn=config dn: olcBackend=mdb,cn=config
objectClass: olcBackendConfig objectClass: olcBackendConfig
olcBackend: mdb olcBackend: mdb
# The database definition. # The database definition.
dn: olcDatabase=mdb,cn=config dn: olcDatabase=mdb,cn=config
objectClass: olcDatabaseConfig objectClass: olcDatabaseConfig
objectClass: olcMdbConfig objectClass: olcMdbConfig
olcDatabase: mdb olcDatabase: mdb
# Checkpoint the database periodically in case of system # Checkpoint the database periodically in case of system
# failure and to speed slapd shutdown. # failure and to speed slapd shutdown.
olcDbCheckpoint: 512 30 olcDbCheckpoint: 512 30
olcDbMaxSize: 1073741824 olcDbMaxSize: 1073741824
# Save the time that the entry gets modified, for database #1 # Save the time that the entry gets modified, for database #1
olcLastMod: TRUE olcLastMod: TRUE
# The base of your directory in database #1 # The base of your directory in database #1
olcSuffix: @SUFFIX@ olcSuffix: @SUFFIX@
# Where the database file are physically stored for database #1 # Where the database file are physically stored for database #1
olcDbDirectory: @DATADIR@ olcDbDirectory: @DATADIR@
# olcRootDN directive for specifying a superuser on the database. This # olcRootDN directive for specifying a superuser on the database. This
# is needed for syncrepl. # is needed for syncrepl.
olcRootDN: cn=admin,@SUFFIX@ olcRootDN: cn=admin,@SUFFIX@
olcRootPW: @PASSWORD@ olcRootPW: @PASSWORD@
# Indexing options for database #1 # Indexing options for database #1
olcDbIndex: objectClass eq olcDbIndex: objectClass eq
olcDbIndex: cn,uid eq olcDbIndex: cn,uid eq
olcDbIndex: uidNumber,gidNumber eq olcDbIndex: uidNumber,gidNumber eq
olcDbIndex: member,memberUid eq olcDbIndex: member,memberUid eq
# additional attributes # additional attributes
olcDbIndex: mail,associatedDomain eq olcDbIndex: mail,associatedDomain eq
olcDbIndex: memberOf eq olcDbIndex: memberOf eq
# The userPassword by default can be changed by the entry owning it if # The userPassword by default can be changed by the entry owning it if
# they are authenticated. Others should not be able to see it, except # they are authenticated. Others should not be able to see it, except
# the admin entry above. # the admin entry above.
olcAccess: to attrs=userPassword olcAccess: to attrs=userPassword
by self write by self write
by anonymous auth by anonymous auth
by * none by * none
# Allow update of authenticated user's shadowLastChange attribute. # Allow update of authenticated user's shadowLastChange attribute.
# Updating it on password change is implemented at least by libpam-ldap, # Updating it on password change is implemented at least by libpam-ldap,
# libpam-ldapd, and the slapo-smbk5pwd overlay. # libpam-ldapd, and the slapo-smbk5pwd overlay.
olcAccess: to attrs=shadowLastChange olcAccess: to attrs=shadowLastChange
by self write by self write
by * read by * read
# ou=People users can see ou=People node # ou=People users can see ou=People node
olcAccess: to dn.exact="ou=People,@SUFFIX@" olcAccess: to dn.exact="ou=People,@SUFFIX@"
by dn.subtree="ou=People,@SUFFIX@" read by dn.subtree="ou=People,@SUFFIX@" read
by * break by * break
# User can only access their own profile # User can only access their own profile
# Services can read all User nodes # Services can read all User nodes
olcAccess: to dn.subtree="ou=People,@SUFFIX@" olcAccess: to dn.subtree="ou=People,@SUFFIX@"
by self read by self read
by dn.subtree="ou=Services,ou=People,@SUFFIX@" read by dn.subtree="ou=Services,ou=People,@SUFFIX@" read
by * none by * none
# allow to read domain attributes for service accounts # allow to read domain attributes for service accounts
olcAccess: to dn.subtree="ou=Domains,@SUFFIX@" olcAccess: to dn.subtree="ou=Domains,@SUFFIX@"
by dn.subtree="ou=Services,ou=People,@SUFFIX@" read by dn.subtree="ou=Services,ou=People,@SUFFIX@" read
# The admin dn (olcRootDN) bypasses ACLs and so has total access, # The admin dn (olcRootDN) bypasses ACLs and so has total access,
# everyone logged in can read everything. # everyone logged in can read everything.
olcAccess: to * olcAccess: to *
by anonymous none by anonymous none
by * read by * read
# memberof overlay manages the memberOf attribute based on referential # memberof overlay manages the memberOf attribute based on referential
# groups # groups
dn: olcOverlay={0}memberof,olcDatabase={1}mdb,cn=config dn: olcOverlay={0}memberof,olcDatabase={1}mdb,cn=config
objectClass: olcConfig objectClass: olcConfig
objectClass: olcMemberOf objectClass: olcMemberOf
objectClass: olcOverlayConfig objectClass: olcOverlayConfig
objectClass: top objectClass: top
olcOverlay: memberof olcOverlay: memberof
# refint overlay preserves referential integrety, by watching for renames of # refint overlay preserves referential integrety, by watching for renames of
# referenced fields # referenced fields
dn: olcOverlay={1}refint,olcDatabase={1}mdb,cn=config dn: olcOverlay={1}refint,olcDatabase={1}mdb,cn=config
objectClass: olcConfig objectClass: olcConfig
objectClass: olcOverlayConfig objectClass: olcOverlayConfig
objectClass: olcRefintConfig objectClass: olcRefintConfig
objectClass: top objectClass: top
olcOverlay: {1}refint olcOverlay: {1}refint
olcRefintAttribute: memberof member manager owner olcRefintAttribute: memberof member manager owner
# ppolicy enforces password policies, such as used algorithm or length # ppolicy enforces password policies, such as used algorithm or length
dn: olcOverlay={2}ppolicy,olcDatabase={1}mdb,cn=config dn: olcOverlay={2}ppolicy,olcDatabase={1}mdb,cn=config
objectClass: olcConfig objectClass: olcConfig
objectClass: olcOverlayConfig objectClass: olcOverlayConfig
objectClass: olcPPolicyConfig objectClass: olcPPolicyConfig
objectClass: top objectClass: top
olcOverlay: {2}ppolicy olcOverlay: {2}ppolicy
olcPPolicyDefault: cn=Default,ou=Policies,@SUFFIX@ olcPPolicyDefault: cn=Default,ou=Policies,@SUFFIX@