starlingx/integ
Code Issues Proposed changes
integ/ldap/openldap/files/slapd.conf.cgcs
Scott Little bab9bb6b69 Internal restructuring of stx-integ 
Create new directories:
   ceph
   config
   config-files
   filesystem
   kernel
   kernel/kernel-modules
   ldap
   logging
   strorage-drivers
   tools
   utilities
   virt

Retire directories:
   connectivity
   core
   devtools
   support
   extended

Delete two packages:
   tgt
   irqbalance

Relocated packages:
   base/
      dhcp
      initscripts
      libevent
      lighttpd
      linuxptp
      memcached
      net-snmp
      novnc
      ntp
      openssh
      pam
      procps
      sanlock
      shadow
      sudo
      systemd
      util-linux
      vim
      watchdog

   ceph/
      python-cephclient

   config/
      facter
      puppet-4.8.2
      puppet-modules

   filesystem/
      e2fsprogs
      nfs-utils
      nfscheck

   kernel/
      kernel-std
      kernel-rt

   kernel/kernel-modules/
      mlnx-ofa_kernel

   ldap/
      nss-pam-ldapd
      openldap

   logging/
      syslog-ng
      logrotate

   networking/
      lldpd
      iproute
      mellanox
      python-ryu
      mlx4-config

   python/
      python-2.7.5
      python-django
      python-gunicorn
      python-setuptools
      python-smartpm
      python-voluptuous

   security/
      shim-signed
      shim-unsigned
      tboot

   strorage-drivers/
      python-3parclient
      python-lefthandclient

   virt/
      cloud-init
      libvirt
      libvirt-python
      qemu

   tools/
      storage-topology
      vm-topology

   utilities/
      tis-extensions
      namespace-utils
      nova-utils
      update-motd

Change-Id: I37ade764d873c701b35eac5881eb40412ba64a86
Story: 2002801
Task: 22687
Signed-off-by: Scott Little <scott.little@windriver.com>
2018-08-01 10:06:31 -04:00

118 lines
3.6 KiB
Plaintext
Raw Blame History

#
# See slapd.conf(5) for details on configuration options.
# This file should NOT be world readable.
#
include /etc/openldap/schema/core.schema
include /etc/openldap/schema/cosine.schema
include /etc/openldap/schema/inetorgperson.schema
include /etc/openldap/schema/nis.schema
include /etc/openldap/schema/ppolicy.schema
include /etc/openldap/schema/sudo.schema
# Define global ACLs to disable default read access.
# Do not enable referrals until AFTER you have a working directory
# service AND an understanding of referrals.
#referral ldap://root.openldap.org
pidfile /var/run/slapd.pid
argsfile /var/run/slapd.args
# uniquely identifies this server
serverID 001
# Load dynamic backend modules:
modulepath /usr/libexec/openldap
moduleload back_mdb.la
moduleload ppolicy.la
moduleload syncprov.la
# Sample security restrictions
# Require integrity protection (prevent hijacking)
# Require 112-bit (3DES or better) encryption for updates
# Require 63-bit encryption for simple bind
# security ssf=1 update_ssf=112 simple_bind=64
# Sample access control policy:
# Root DSE: allow anyone to read it
# Subschema (sub)entry DSE: allow anyone to read it
# Other DSEs:
# Allow self write access
# Allow authenticated users read access
# Allow anonymous users to authenticate
# Directives needed to implement policy:
#access to dn.base="" by * read
#access to dn.base="cn=Subschema" by * read
#access to *
# by self write
# by anonymous auth
# by * read
#
# if no access controls are present, the default policy
# allows anyone and everyone to read anything but restricts
# updates to rootdn. (e.g., "access to * by * read")
#
# rootdn can always read and write EVERYTHING!
#######################################################################
# BDB database definitions
#######################################################################
database mdb
suffix "dc=cgcs,dc=local"
rootdn "cn=ldapadmin,dc=cgcs,dc=local"
# Cleartext passwords, especially for the rootdn, should
# be avoid. See slappasswd(8) and slapd.conf(5) for details.
# Use of strong authentication encouraged.
rootpw _LDAPADMIN_PW_
# The database directory MUST exist prior to running slapd AND
# should only be accessible by the slapd and slap tools.
# Mode 700 recommended.
directory /var/lib/openldap-data
# Maximum size
maxsize 1073741824
# Indices to maintain
index cn eq
index objectClass eq
index uid eq,pres,sub
index uidNumber eq
index gidNumber eq
index memberUid eq
index sudoUser eq,sub
access to *
by self write
by * read
loglevel none
overlay ppolicy
ppolicy_default "cn=default,ou=policies,dc=cgcs,dc=local"
ppolicy_use_lockout
# NOTE:
# syncrepl directives for each of the other masters
syncrepl rid=000
provider=ldap://controller-1
type=refreshAndPersist
retry="5 5 300 +"
searchbase="dc=cgcs,dc=local"
attrs="*,+"
bindmethod=simple
binddn="cn=ldapadmin,dc=cgcs,dc=local"
credentials=_LDAPADMIN_PW_
# syncprov specific indexing (add others as required)
index entryCSN eq
index entryUUID eq
# ...
# # mirror mode essential to allow writes
# # and must appear after all syncrepl directives
mirrormode TRUE
#
# # define the provider to use the syncprov overlay
# # (last directives in database section)
overlay syncprov
# # contextCSN saved to database every 100 updates or ten minutes
syncprov-checkpoint 1 1
View Git Blame Copy Permalink