spring-security/ldap/slapd.conf

include     /etc/openldap/schema/core.schema
include     /etc/openldap/schema/cosine.schema
include     /etc/openldap/schema/inetorgperson.schema
include     /etc/openldap/schema/ppolicy.schema


pidfile		./build/slapd.pid
argsfile	./build/slapd.args

# Load dynamic backend modules:
modulepath	/usr/lib/openldap/modules
# moduleload	back_ldap.la
# moduleload	back_meta.la
# moduleload	back_monitor.la
# moduleload	back_perl.la

#allow bind_anon
allow bind_v2 bind_anon_dn
#require authc

access to dn.base=""
    by * read

database        bdb
suffix          "dc=springsource,dc=com"
checkpoint      1024    5
cachesize       10000
rootdn          "cn=admin,dc=springsource,dc=com"

rootpw          password

directory       ./build/openldap

index   uid     eq
index   cn      eq
index objectClass eq

access to attrs=userpassword
  by self       =wx
  by anonymous  =x
  by *          none
  
access to dn.subtree="ou=users,dc=springsource,dc=com"
  by self     write
  by *        read


#overlay ppolicy
#ppolicy_default "cn=default,ou=policies,dc=springsource,dc=com"
#ppolicy_use_lockout
#ppolicy_hash_cleartext
Minor slapd config changes 2014-02-11 09:23:54 -05:00			`include /etc/openldap/schema/core.schema`
			`include /etc/openldap/schema/cosine.schema`
			`include /etc/openldap/schema/inetorgperson.schema`
			`include /etc/openldap/schema/ppolicy.schema`
SEC-214: Add functionality to be able to use LDAP password policy request/response controls. Added PasswordPolicyAwareContextSource, ppolicy control implementations (from Sandbox) and modified BindAuthenticator to check for the presence of the response control, adding the control to the retured DirContextAdapter if appropriate. LdapUserDetailsImpl also contains the data for grace logins remaining and time till password expiry. Added OpenLDAP startup script with test data and integration test which operates against the data (must be run manually). 2009-08-18 19:09:16 -04:00

SEC-1661: Use a DistinguishedName to wrap the search base to avoid the need for JNDI escaping. 2011-01-26 12:13:11 -05:00			`pidfile ./build/slapd.pid`
			`argsfile ./build/slapd.args`
SEC-214: Add functionality to be able to use LDAP password policy request/response controls. Added PasswordPolicyAwareContextSource, ppolicy control implementations (from Sandbox) and modified BindAuthenticator to check for the presence of the response control, adding the control to the retured DirContextAdapter if appropriate. LdapUserDetailsImpl also contains the data for grace logins remaining and time till password expiry. Added OpenLDAP startup script with test data and integration test which operates against the data (must be run manually). 2009-08-18 19:09:16 -04:00
			`# Load dynamic backend modules:`
			`modulepath /usr/lib/openldap/modules`
			`# moduleload back_ldap.la`
			`# moduleload back_meta.la`
			`# moduleload back_monitor.la`
			`# moduleload back_perl.la`

Minor slapd config changes 2014-02-11 09:23:54 -05:00			`#allow bind_anon`
			`allow bind_v2 bind_anon_dn`
			`#require authc`
SEC-214: Add functionality to be able to use LDAP password policy request/response controls. Added PasswordPolicyAwareContextSource, ppolicy control implementations (from Sandbox) and modified BindAuthenticator to check for the presence of the response control, adding the control to the retured DirContextAdapter if appropriate. LdapUserDetailsImpl also contains the data for grace logins remaining and time till password expiry. Added OpenLDAP startup script with test data and integration test which operates against the data (must be run manually). 2009-08-18 19:09:16 -04:00
			`access to dn.base=""`
			`by * read`

			`database bdb`
			`suffix "dc=springsource,dc=com"`
			`checkpoint 1024 5`
			`cachesize 10000`
			`rootdn "cn=admin,dc=springsource,dc=com"`

			`rootpw password`

SEC-1661: Use a DistinguishedName to wrap the search base to avoid the need for JNDI escaping. 2011-01-26 12:13:11 -05:00			`directory ./build/openldap`
SEC-214: Add functionality to be able to use LDAP password policy request/response controls. Added PasswordPolicyAwareContextSource, ppolicy control implementations (from Sandbox) and modified BindAuthenticator to check for the presence of the response control, adding the control to the retured DirContextAdapter if appropriate. LdapUserDetailsImpl also contains the data for grace logins remaining and time till password expiry. Added OpenLDAP startup script with test data and integration test which operates against the data (must be run manually). 2009-08-18 19:09:16 -04:00
			`index uid eq`
			`index cn eq`
			`index objectClass eq`

			`access to attrs=userpassword`
			`by self =wx`
			`by anonymous =x`
			`by * none`

Minor slapd config changes 2014-02-11 09:23:54 -05:00			`access to dn.subtree="ou=users,dc=springsource,dc=com"`
SEC-214: Add functionality to be able to use LDAP password policy request/response controls. Added PasswordPolicyAwareContextSource, ppolicy control implementations (from Sandbox) and modified BindAuthenticator to check for the presence of the response control, adding the control to the retured DirContextAdapter if appropriate. LdapUserDetailsImpl also contains the data for grace logins remaining and time till password expiry. Added OpenLDAP startup script with test data and integration test which operates against the data (must be run manually). 2009-08-18 19:09:16 -04:00			`by self write`
			`by * read`


SEC-1670: Take account of JNDI CompositeName escaping in value of SearchResult.getName() when performing a search for a user entry in SpringSecurityLdapTemplate. 2011-02-03 12:57:43 -05:00			`#overlay ppolicy`
			`#ppolicy_default "cn=default,ou=policies,dc=springsource,dc=com"`
			`#ppolicy_use_lockout`
			`#ppolicy_hash_cleartext`
SEC-214: Add functionality to be able to use LDAP password policy request/response controls. Added PasswordPolicyAwareContextSource, ppolicy control implementations (from Sandbox) and modified BindAuthenticator to check for the presence of the response control, adding the control to the retured DirContextAdapter if appropriate. LdapUserDetailsImpl also contains the data for grace logins remaining and time till password expiry. Added OpenLDAP startup script with test data and integration test which operates against the data (must be run manually). 2009-08-18 19:09:16 -04:00