Package: slapd
Version: 2.4.11-1
Severity: serious

If I start with /etc/ldap/slapd.d enabled on startup, I become
some failures from the back-config. With only slapd.conf, I
become no errors.

You can test my slapd.d directory with:
slaptest -f /etc/ldap/slapd.conf -F /etc/ldap/slapd.d/

My slapd.conf is attached.


pidfile /var/run/slapd/slapd.pid
argsfile /var/run/slapd/slapd.args
serverID 010 "ldap://ldap.sampledomain.net/";
password-hash {CLEARTEXT}
sasl-secprops noanonymous

modulepath /usr/lib/ldap
moduleload back_bdb
moduleload back_hdb
moduleload back_ldap
moduleload back_monitor
moduleload rwm
moduleload pcache
moduleload accesslog
moduleload dynlist
moduleload syncprov
moduleload ppolicy

backend bdb
backend hdb
backend monitor

include /etc/ldap/schema/core.schema
include /etc/ldap/schema/cosine.schema
include /etc/ldap/schema/dyngroup.schema
include /etc/ldap/schema/inetorgperson.schema
include /etc/ldap/schema/ppolicy.schema

TLSCertificateFile /etc/ssl/certs/sampledomain_cert.pem
TLSCertificateKeyFile /etc/ssl/private/sampledomain_privkey.pem
TLSCipherSuite TLS_RSA_AES_256_CBC_SHA:TLS_RSA_3DES_EDE_CBC_SHA

database config

access to *
       by dn="cn=root,dc=sampledomain,dc=net" write
       by group="cn=DSAmanagers,ou=groups,dc=sampledomain,dc=net" write
       by * none

database ldap
subordinate
suffix "ou=bund.de,dc=sampledomain,dc=net"
rootdn "cn=root,ou=bund.de,dc=sampledomain,dc=net"
uri ldap://x500.bund.de
overlay chain
chain-cache-uri true
overlay rwm
rwm-rewriteEngine on
rwm-suffixmassage "ou=bund.de,dc=sampledomain,dc=net" "o=Bund,c=DE"
overlay pcache
proxycache bdb 1000 1 50 3600
directory "/var/lib/ldap/dc=net/dc=sampledomain/ou=bund.de"
cachesize 1000
dncachesize 2000
idlcachesize 4000
dbconfig set_cachesize 0 10485760 0
dbconfig set_lk_max_objects 1500
dbconfig set_lk_max_locks 1500
dbconfig set_lk_max_lockers 1500
checkpoint 512 30
index objectClass,queryid eq
index telephoneNumber pres,eq,sub
index labeledURI pres,eq,approx
proxycachequeries 1000
proxysavequeries TRUE
proxyattrset 0 telephoneNumber labeledURI
proxytemplate "(&(telephoneNumber=*)(labeledURI=*)" 0 3600
response-callback tail
access to * by * read

database bdb
directory "/var/lib/ldap/dc=net/dc=sampledomain"
suffix "dc=sampledomain,dc=net"
cachesize 1000
dncachesize 2000
idlcachesize 6000
dbconfig set_cachesize 0 10485760 0
dbconfig set_lk_max_objects 1500
dbconfig set_lk_max_locks 1500
dbconfig set_lk_max_lockers 1500
checkpoint 512 30
index objectClass,entryCSN,entryUUID eq
rootdn "cn=root,dc=sampledomain,dc=net"
rootpw "{SSHA}G470pWkcXoWWGsT/npbEsYSoa90NUm11"
authz-regexp uid=(.*),cn=(.*),cn=auth uid=$1,ou=ppolicy,dc=sampledomain,dc=net
authz-policy any
overlay accesslog
logdb "cn=accesslog"
logops abandon bind unbind extended compare search add delete modify modrdn
logpurge 90+00:00 1+00:00
overlay dynlist
dynlist-attrset groupOfURLs memberURL
overlay syncprov
syncprov-checkpoint 100 10
syncprov-sessionlog 1000
overlay ppolicy
ppolicy_default "ou=ppolicy,dc=sampledomain,dc=net"

access to attrs=userPassword
       by group="cn=DSAmanagers,ou=groups,dc=sampledomain,dc=net" write
       by anonymous auth
       by self =dw
       by * none

access to attrs=authzFrom,authzTo
       by group="cn=DSAmanagers,ou=groups,dc=sampledomain,dc=net" write
       by group="cn=DITmanagers,ou=groups,dc=sampledomain,dc=net" write
       by anonymous auth
       by self read
       by * none

access to dn.base="dc=sampledomain,dc=net"
       by group="cn=DSAmanagers,ou=groups,dc=sampledomain,dc=net" write
       by group="cn=DITmanagers,ou=groups,dc=sampledomain,dc=net" write
       by * read

access to dn="ou=ppolicy,dc=sampledomain,dc=net"
       by group="cn=DSAmanagers,ou=groups,dc=sampledomain,dc=net" write
       by group="cn=DITmanagers,ou=groups,dc=sampledomain,dc=net" write
       by users read
       by * none

access to dn="ou=users,dc=sampledomain,dc=net"
       by group="cn=DSAmanagers,ou=groups,dc=sampledomain,dc=net" write
       by group="cn=DITmanagers,ou=groups,dc=sampledomain,dc=net" write
       by users read
       by * none

access to dn.regex="uid=(.*),ou=users,dc=sampledomain,dc=net"
       by group="cn=DSAmanagers,ou=groups,dc=sampledomain,dc=net" write
       by group="cn=DITmanagers,ou=groups,dc=sampledomain,dc=net" write
       by group="cn=staffs,ou=groups,dc=sampledomain,dc=net" read
       by dn.exact,expand="uid=$1,ou=ppolicy,dc=sampledomain,dc=net" read
       by * none

access to dn.sub="cn=AddressBook,dc=sampledomain,dc=net"
       by group="cn=DSAmanagers,ou=groups,dc=sampledomain,dc=net" write
       by group="cn=DITmanagers,ou=groups,dc=sampledomain,dc=net" write
       by group="cn=staffs,ou=groups,dc=sampledomain,dc=net" read
       by * none

access to *
       by group="cn=DSAmanagers,ou=groups,dc=sampledomain,dc=net" write
       by group="cn=DITmanagers,ou=groups,dc=sampledomain,dc=net" write
       by anonymous auth
       by self read
       by * none

database hdb
directory "/var/lib/ldap/cn=accesslog"
suffix "cn=accesslog"
cachesize 1000
dncachesize 3000
idlcachesize 15000
dbconfig set_cachesize 0 10485760 0
dbconfig set_lk_max_objects 1500
dbconfig set_lk_max_locks 1500
dbconfig set_lk_max_lockers 1500
checkpoint 512 30
index objectClass,reqType,reqStart,entryCSN,entryUUID eq
overlay syncprov
syncprov-nopresent TRUE
syncprov-reloadhint TRUE

access to attrs=reqMod val.regex="^userPassword:.*$"
       by dn="cn=root,dc=sampledomain,dc=net" read
       by group="cn=DSAmanagers,ou=groups,dc=sampledomain,dc=net" read
       by * none

access to *
       by dn="cn=root,dc=sampledomain,dc=net" read
       by group="cn=DSAmanagers,ou=groups,dc=sampledomain,dc=net" read
       by group="cn=DITmanagers,ou=groups,dc=sampledomain,dc=net" read
       by * none

database monitor

access to *
       by dn="cn=root,dc=sampledomain,dc=net" read
       by group="cn=DSAmanagers,ou=groups,dc=sampledomain,dc=net" read
       by * none

Reply via email to