This is an old revision of the document!
Here is the slapd.conf afternet uses for reference:
# load syncrepl provider support, replacing slurpd #moduleload syncprov # This is the main slapd configuration file. See slapd.conf(5) for more # info on the configuration options. ####################################################################### # Global Directives: # Features to permit #allow bind_v2 # Schema and objectClass definitions include /etc/ldap/schema/core.schema include /etc/ldap/schema/cosine.schema include /etc/ldap/schema/nis.schema include /etc/ldap/schema/inetorgperson.schema include /etc/ldap/schema/inetorganon.schema # Schema check allows for forcing entries to # match schemas for their objectClasses's #schemacheck on # Where the pid file is put. The init.d script # will not stop the server if you change this. pidfile /var/run/slapd/slapd.pid # List of arguments that were passed to the server argsfile /var/run/slapd/slapd.args # Read slapd.conf(5) for possible values # 1 trace function calls # 2 debug packet handling # 4 heavy trace debugging # 8 connection management # 16 print out packets sent and received # 32 search filter processing # 64 configuration file processing # 128 access control list processing # 256 stats log connections/operations/results # 512 stats log entries sent # 1024 print communication with shell backends # 2048 entry parsing #loglevel 392 #loglevel 2043 #loglevel 0 #loglevel 64 #loglevel any loglevel 14 #loglevel 184 # Where the dynamically loaded modules are stored modulepath /usr/lib/ldap moduleload back_bdb ####################################################################### # SSL: # Uncomment the following lines to enable SSL and use the default # snakeoil certificates. TLSCACertificateFile /etc/ssl/certs/afternet.pem TLSCertificateFile /etc/ssl/certs/ssl-ldap1bare.pem TLSCertificateKeyFile /etc/ssl/private/ssl-ldap1.key ####################################################################### # Specific Backend Directives for bdb: # Backend specific directives apply to this backend until another # 'backend' directive occurs backend bdb #cachesize 1000000 #dbcachesize 10000000 ####################################################################### # Specific Backend Directives for 'other': # Backend specific directives apply to this backend until another # 'backend' directive occurs #backend <other> ####################################################################### # Specific Directives for database #1, of type bdb: # Database specific directives apply to this databasse until another # 'database' directive occurs database bdb modulepath /usr/lib/ldap moduleload syncprov overlay syncprov syncprov-checkpoint 100 10 syncprov-sessionlog 100 # The base of your directory in database #1 suffix "dc=afternet,dc=org" checkpoint 512 30 rootdn "cn=admin,dc=afternet,dc=org" rootpw ********* # Where the database file are physically stored for database #1 directory "/var/lib/ldap" # Indexing options for database #1 index objectClass,uid,userPassword,mail eq # Save the time that the entry gets modified, for database #1 lastmod on # The userPassword by default can be changed # by the entry owning it if they are authenticated. # Others should not be able to see it, except the # admin entry below # These access lines apply to database #1 only access to attrs=userPassword by dn="cn=admin,dc=afternet,dc=org" write by dn="uid=rubin,ou=Users,dc=afternet,dc=org" write by dn="cn=replicator,dc=afternet,dc=org" read by anonymous auth by self write by * none access to attrs=mail by dn="cn=admin,dc=afternet,dc=org" write by dn="cn=sympa,dc=afternet,dc=org" read by dn="uid=rubin,ou=Users,dc=afternet,dc=org" write by dn="cn=replicator,dc=afternet,dc=org" read by anonymous none by self write by * none # Ensure read access to the base for things like # supportedSASLMechanisms. Without this you may # have problems with SASL not knowing what # mechanisms are available and the like. # Note that this is covered by the 'access to *' # ACL below too but if you change that as people # are wont to do you'll still need this if you # want SASL (and possible other things) to work # happily. access to dn.base="" by * read # The admin dn has full write access, everyone else # can read everything. access to * by dn="cn=admin,dc=afternet,dc=org" write by dn="uid=rubin,ou=Users,dc=afternet,dc=org" write by dn="cn=replicator,dc=afternet,dc=org" read by * read TLSVerifyClient never sizelimit unlimited