1 # provider slapd config -- for testing 2 # $OpenLDAP$ 3 ## This work is part of OpenLDAP Software <http://www.openldap.org/>. 4 ## 5 ## Copyright 1998-2024 The OpenLDAP Foundation. 6 ## All rights reserved. 7 ## 8 ## Redistribution and use in source and binary forms, with or without 9 ## modification, are permitted only as authorized by the OpenLDAP 10 ## Public License. 11 ## 12 ## A copy of this license is available in the file LICENSE in the 13 ## top-level directory of the distribution or, alternatively, at 14 ## <http://www.OpenLDAP.org/license.html>. 15 16 #ucdata-path ./ucdata 17 include @SCHEMADIR@/core.schema 18 include @SCHEMADIR@/cosine.schema 19 include @SCHEMADIR@/inetorgperson.schema 20 include @SCHEMADIR@/openldap.schema 21 include @SCHEMADIR@/nis.schema 22 pidfile @TESTDIR@/slapd.1.pid 23 argsfile @TESTDIR@/slapd.1.args 24 25 #mod#modulepath ../servers/slapd/back-@BACKEND@/ 26 #mod#moduleload back_@BACKEND@.la 27 #ldapmod#modulepath ../servers/slapd/back-ldap/ 28 #ldapmod#moduleload back_ldap.la 29 #rwmmod#modulepath ../servers/slapd/overlays/ 30 #rwmmod#moduleload rwm.la 31 32 ####################################################################### 33 # database definitions 34 ####################################################################### 35 36 authz-policy both 37 authz-regexp "^uid=manager,.+" "cn=Manager,dc=example,dc=com" 38 authz-regexp "^uid=admin/([^,]+),.+" "ldap:///ou=Admin,dc=example,dc=com??sub?(cn=$1)" 39 authz-regexp "^uid=it/([^,]+),.+" "ldap:///ou=People,dc=example,dc=it??sub?(uid=$1)" 40 authz-regexp "^uid=(us/)?([^,]+),.+" "ldap:///ou=People,dc=example,dc=com??sub?(uid=$2)" 41 42 # 43 # normal installations should protect root dse, 44 # cn=monitor, cn=schema, and cn=config 45 # 46 47 access to attrs=userpassword 48 by self =wx 49 by anonymous =x 50 51 access to dn.exact="" 52 by * read 53 54 access to * 55 by users read 56 by * search 57 58 database @BACKEND@ 59 60 suffix "dc=example,dc=com" 61 rootdn "cn=Manager,dc=example,dc=com" 62 rootpw secret 63 #null#bind on 64 #~null~#directory @TESTDIR@/db.1.a 65 #indexdb#index objectClass eq 66 #indexdb#index cn,sn,uid pres,eq,sub 67 68 access to dn.exact="cn=Proxy,ou=Admin,dc=example,dc=com" 69 attrs=authzTo 70 by dn.exact="cn=Proxy,ou=Admin,dc=example,dc=com" =wx 71 by * =x 72 73 database @BACKEND@ 74 75 suffix "dc=example,dc=it" 76 rootdn "cn=Manager,dc=example,dc=it" 77 rootpw secret 78 #~null~#directory @TESTDIR@/db.2.a 79 #indexdb#index objectClass eq 80 #indexdb#index cn,sn,uid pres,eq,sub 81 82 database ldap 83 suffix "o=Example,c=US" 84 uri "@URI1@" 85 86 #sasl#idassert-bind bindmethod=sasl binddn="cn=Proxy US,ou=Admin,dc=example,dc=com" authcId="admin/proxy US" credentials="proxy" @SASL_MECH@ mode=self 87 #nosasl#idassert-bind bindmethod=simple binddn="cn=Proxy US,ou=Admin,dc=example,dc=com" credentials="proxy" mode=self 88 89 # authorizes database 90 idassert-authzFrom "dn.subtree:dc=example,dc=it" 91 92 overlay rwm 93 rwm-suffixmassage "dc=example,dc=com" 94 95 database ldap 96 suffix "o=Esempio,c=IT" 97 uri "@URI1@" 98 99 acl-bind bindmethod=simple binddn="cn=Proxy IT,ou=Admin,dc=example,dc=com" credentials="proxy" 100 idassert-bind bindmethod=simple binddn="cn=Proxy IT,ou=Admin,dc=example,dc=com" credentials="proxy" authzId="dn:cn=Sandbox,ou=Admin,dc=example,dc=com" 101 102 # authorizes database 103 idassert-authzFrom "dn.subtree:dc=example,dc=com" 104 # authorizes anonymous 105 idassert-authzFrom "dn.exact:" 106 107 overlay rwm 108 rwm-suffixmassage "dc=example,dc=com" 109 110 access to attrs=entry,cn,sn,mail 111 by users read 112 113 access to * 114 by dn.exact="cn=Proxy IT,ou=Admin,o=Esempio,c=IT" read 115 by group.exact="cn=Authorizable,ou=Groups,o=Esempio,c=IT" read 116 by dn.exact="cn=Sandbox,ou=Admin,dc=example,dc=com" search 117 by * none 118 119 database monitor 120 rootdn "cn=monitor" 121 rootpw monitor 122
Indexes created Wed Mar 04 05:31:52 UTC 2026