/usr/share/slapd/slapd.init.ldif is in slapd 2.4.42+dfsg-2ubuntu3.
This file is owned by root:root, with mode 0o644.
The actual contents of the file can be viewed below.
1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45 46 47 48 49 50 51 52 53 54 55 56 57 58 59 60 61 62 63 64 65 66 67 68 69 70 71 72 73 74 75 76 77 78 79 80 81 82 83 84 85 86 87 88 89 90 91 92 93 94 95 96 97 98 99 | # Global config:
dn: cn=config
objectClass: olcGlobal
cn: config
# Where the pid file is put. The init.d script
# will not stop the server if you change this.
olcPidFile: /var/run/slapd/slapd.pid
# List of arguments that were passed to the server
olcArgsFile: /var/run/slapd/slapd.args
# Read slapd-config(5) for possible values
olcLogLevel: none
# The tool-threads parameter sets the actual amount of cpu's that is used
# for indexing.
olcToolThreads: 1
# Frontend settings
dn: olcDatabase={-1}frontend,cn=config
objectClass: olcDatabaseConfig
objectClass: olcFrontendConfig
olcDatabase: {-1}frontend
# The maximum number of entries that is returned for a search operation
olcSizeLimit: 500
# Allow unlimited access to local connection from the local root user
olcAccess: {0}to * by dn.exact=gidNumber=0+uidNumber=0,cn=peercred,cn=external,cn=auth manage by * break
# Allow unauthenticated read access for schema and base DN autodiscovery
olcAccess: {1}to dn.exact="" by * read
olcAccess: {2}to dn.base="cn=Subschema" by * read
# Config db settings
dn: olcDatabase=config,cn=config
objectClass: olcDatabaseConfig
olcDatabase: config
# Allow unlimited access to local connection from the local root user
olcAccess: to * by dn.exact=gidNumber=0+uidNumber=0,cn=peercred,cn=external,cn=auth manage by * break
# Load schemas
dn: cn=schema,cn=config
objectClass: olcSchemaConfig
cn: schema
include: file:///etc/ldap/schema/core.ldif
include: file:///etc/ldap/schema/cosine.ldif
include: file:///etc/ldap/schema/nis.ldif
include: file:///etc/ldap/schema/inetorgperson.ldif
# Load module
dn: cn=module{0},cn=config
objectClass: olcModuleList
cn: module{0}
# Where the dynamically loaded modules are stored
olcModulePath: /usr/lib/ldap
olcModuleLoad: back_@BACKEND@
# Set defaults for the backend
dn: olcBackend=@BACKEND@,cn=config
objectClass: olcBackendConfig
olcBackend: @BACKEND@
# The database definition.
dn: olcDatabase=@BACKEND@,cn=config
objectClass: olcDatabaseConfig
objectClass: @BACKENDOBJECTCLASS@
olcDatabase: @BACKEND@
# Checkpoint the database periodically in case of system
# failure and to speed slapd shutdown.
olcDbCheckpoint: 512 30
@BACKENDOPTIONS@
# Save the time that the entry gets modified, for database #1
olcLastMod: TRUE
# The base of your directory in database #1
olcSuffix: @SUFFIX@
# Where the database file are physically stored for database #1
olcDbDirectory: /var/lib/ldap
# olcRootDN directive for specifying a superuser on the database. This
# is needed for syncrepl.
olcRootDN: cn=admin,@SUFFIX@
olcRootPW: @PASSWORD@
# Indexing options for database #1
olcDbIndex: objectClass eq
olcDbIndex: cn,uid eq
olcDbIndex: uidNumber,gidNumber eq
olcDbIndex: member,memberUid eq
# The userPassword by default can be changed by the entry owning it if
# they are authenticated. Others should not be able to see it, except
# the admin entry above.
olcAccess: to attrs=userPassword
by self write
by anonymous auth
by * none
# Allow update of authenticated user's shadowLastChange attribute.
# Updating it on password change is implemented at least by libpam-ldap,
# libpam-ldapd, and the slapo-smbk5pwd overlay.
olcAccess: to attrs=shadowLastChange
by self write
by * read
# The admin dn (olcRootDN) bypasses ACLs and so has total access,
# everyone else can read everything.
olcAccess: to *
by * read
|