# # my patch for vpopmail ldap doesn't include a detailed documenting # on the advanced ldap administration: there is enough good documentation # already written (http://www.openldap.org/doc/admin23/index.html), so # here I'm giving a minimum configuration needed to start. coonardoo@gmail.com # # See slapd.conf(5) for details on configuration options. # This file should NOT be world readable. # This file MUST NOT be world readable # ### include needed schemas include /usr/local/ldap/etc/openldap/schema/core.schema include /usr/local/ldap/etc/openldap/schema/qmailUser.schema #The schema checking can be enforced at the LDAP Sync #consumer site by turning on the schemachecking parameter. schemacheck on ####################################################################### loglevel 0 #loglevel 256 pidfile /usr/local/ldap/var/run/slapd.pid argsfile /usr/local/ldap/var/run/slapd.args idletimeout 30 ### misc security settings #password-hash {SSHA} password-hash {MD5} sizelimit 1024 timelimit 300 backend bdb #backend ldbm readonly off ####################################################################### # db tuning parameters cache 2,000 entries in memory ####################################################################### cachesize 1000 dbcachesize 100000 ####################################################################### # files should be created 'rw' for the owner **only** ####################################################################### mode 0600 ####################################################################### # BDB database definitions ####################################################################### database bdb #Controls whether slapd will automatically maintain the #modifiersName, modifyTimestamp, creatorsName, and #createTimestamp attributes for entries. lastmod on ### define the root suffix we serve suffix "dc=kingdom,dc=lan" ### define a root DN for super-user privileges rootdn "cn=root,dc=kingdom,dc=lan" ### directory containing the database files directory /usr/local/ldap/var/kingdom.lan ### define the password used with rootdn ### This is the Base64 encoded SSHA hash of 'slappasswd -s kingdompass' rootpw {SSHA}7lmFnh2TfCTfWbMVYoZR9xu5a7PPxoHF ####################################################################### # Indices to maintain ####################################################################### index objectClass,uid,uidNumber,gidNumber,loginShell,homeDirectory,userPassword eq,pres index sambaSID,sambaPrimaryGroupSID,sambaDomainName eq index qmailUID,qmailGID eq index cn,sn,ou,mail,givenname eq,pres,sub index memberUID eq,pres,sub ####################################################################### # Database access control definitions ####################################################################### ########## VPOPMAIL ########## # attributes needed by vpopmail access to attrs=cn,sn,name,uid,qmailUser,qmailGID,qmailUID,qmaildomain,userPassword,mailQuota,mailMessageStore,clearPassword by dn="cn=vpopmail,o=vpopmail,ou=UNIX,dc=kingdom,dc=lan" write by * none ## vpopmail needs to be able to create the mail virtual accounts access to dn.base="o=vpopmail,ou=UNIX,dc=kingdom,dc=lan" by dn="cn=vpopmail,o=vpopmail,ou=UNIX,dc=kingdom,dc=lan" write by * none access to dn="o=vpopmail,ou=UNIX,dc=kingdom,dc=lan" by dn="cn=vpopmail,o=vpopmail,ou=UNIX,dc=kingdom,dc=lan" write by * none ####################################################################### # this can be omitted but we leave it: there could be other branch # in the directory, so a bit of paranoia won't be spare. access to * by self read by * none ### # EOF ###