From 6fe6c1410ccc773c91c3097c5eeff3f58e96431d Mon Sep 17 00:00:00 2001 From: Darks Date: Thu, 21 Nov 2019 11:16:20 +0100 Subject: [PATCH] --- LDAP.md | 80 ++------------------------------------------------------- 1 file changed, 2 insertions(+), 78 deletions(-) diff --git a/LDAP.md b/LDAP.md index 2abc66b..d0827d1 100644 --- a/LDAP.md +++ b/LDAP.md @@ -49,82 +49,6 @@ Autre : Peut-être serait-il pertinent d'avoir une ou pour les utilisateurs. Ou simplement un arbre un peu plus complet. À voir selon les besoins. -## Fichiers de conf +## Aide pour la configuration -`/etc/openldap/sldap.conf` - -``` -# -# See slapd.conf(5) for details on configuration options. -# This file should NOT be world readable. -# -include /etc/openldap/schema/core.schema -include /etc/openldap/schema/cosine.schema -include /etc/openldap/schema/inetorgperson.schema -include /etc/openldap/schema/nis.schema - -# Define global ACLs to disable default read access. - -# Do not enable referrals until AFTER you have a working directory -# service AND an understanding of referrals. -#referral ldap://root.openldap.org - -pidfile /run/openldap/slapd.pid -argsfile /run/openldap/slapd.args - -# Load dynamic backend modules: -# modulepath /usr/lib/openldap -# moduleload back_mdb.la -# moduleload back_ldap.la - -# Sample security restrictions -# Require integrity protection (prevent hijacking) -# Require 112-bit (3DES or better) encryption for updates -# Require 63-bit encryption for simple bind -# security ssf=1 update_ssf=112 simple_bind=64 - -# Sample access control policy: -# Root DSE: allow anyone to read it -# Subschema (sub)entry DSE: allow anyone to read it -# Other DSEs: -# Allow self write access -# Allow authenticated users read access -# Allow anonymous users to authenticate -# Directives needed to implement policy: -# access to dn.base="" by * read -# access to dn.base="cn=Subschema" by * read -# access to * -# by self write -# by users read -# by anonymous auth -# -# if no access controls are present, the default policy -# allows anyone and everyone to read anything but restricts -# updates to rootdn. (e.g., "access to * by * read") -# -# rootdn can always read and write EVERYTHING! - -####################################################################### -# MDB database definitions -####################################################################### - -database mdb -maxsize 1073741824 -suffix "o=planet-casio" -rootdn "cn=ldap-root,o=planet-casio" -# Cleartext passwords, especially for the rootdn, should -# be avoid. See slappasswd(8) and slapd.conf(5) for details. -# Use of strong authentication encouraged. -rootpw somesecret -# The database directory MUST exist prior to running slapd AND -# should only be accessible by the slapd and slap tools. -# Mode 700 recommended. -directory /var/lib/openldap/openldap-data -# Indices to maintain -index objectClass eq -index uid pres,eq -index mail pres,sub,eq -index cn pres,sub,eq -index sn pres,sub,eq -index dc eq -``` \ No newline at end of file +(OpenLDAP sur l'Arch Wiki)[https://wiki.archlinux.org/index.php/OpenLDAP#Configuration] \ No newline at end of file