search for: back_meta

...ile /etc/ssl/private/<HOSTNAME>.key >> >> # loglevel 896 = acl-processing,stat,stat2, this logs queries and >> responses >> #????????? -1 = enable all >> loglevel 896 >> >> modulepath /usr/lib/ldap/ >> moduleload? back_ldap >> moduleload? back_meta >> moduleload? memberof >> moduleload? mr_passthru >> >> # Per database settings >> database meta >> >> readonly yes >> protocol-version 3 >> chase-referrals no >> sizelimit 1000 >> suffix "<AD_BASE_DN>" >> >...

...directory # service AND an understanding of referrals. #referral ldap://root.openldap.org pidfile /var/run/slapd/slapd.pid argsfile /var/run/slapd/slapd.args # Load dynamic backend modules: # modulepath /usr/lib/openldap/modules # moduleload back_ldap.la # moduleload back_meta.la # moduleload back_monitor.la # moduleload back_perl.la # Sample security restrictions # Require integrity protection (prevent hijacking) # Define global ACLs to disable default read access. #access to dn.base="" # by * read #access to dn.base="cn=Subschema&quot...

...until AFTER you have a working directory # service AND an understanding of referrals. #referral ldap://root.openldap.org pidfile /var/run/slapd/slapd.pid argsfile /var/run/slapd/slapd.args # Load dynamic backend modules: modulepath /usr/lib/openldap/modules # moduleload back_ldap.la # moduleload back_meta.la # moduleload back_monitor.la # moduleload back_perl.la # Sample security restrictions # Require integrity protection (prevent hijacking) # Require 112-bit (3DES or better) encryption for updates # Require 63-bit encryption for simple bind # security ssf=1 update_ssf=112 simple_bind=64 # Sample...

Der Rowland, We share that concerns actually and of course if there is a way to avoid it, it is always better. Another fellow suggested us an LDAP-Proxy instead (personally have never setup one). What we actually need in our case scenario, is only that service and not the rest of bells and whistles of an RODC. I just was wondering if someone had experience with what happens if one does

...ap/slapd.args loglevel 0 # Load dynamic backend modules: modulepath /usr/lib64/openldap/openldap # moduleload back_shell.so # moduleload back_relay.so # moduleload back_perl.so # moduleload back_passwd.so # moduleload back_null.so # moduleload back_monitor.so # moduleload back_meta.so moduleload back_hdb.so # moduleload back_dnssrv.so #TLS_REQCERT allow TLSVerifyClient allow TLSCertificateFile /etc/ssl/subdomainlvl1-cert.pem TLSCertificateKeyFile /etc/ssl/private/subdomainlvl1-key.pem TLSCACertificateFile /etc/ssl/cbs_cacert.pem # Sample security restrictions #...

...etc/openldap/schema/rfc2307bis.schema include /etc/openldap/schema/samba.schema #include /etc/openldap/schema/nis.schema pidfile /var/run/slapd/slapd.pid argsfile /var/run/slapd/slapd.args # Load dynamic backend modules: modulepath /usr/lib/openldap/modules # moduleload back_ldap.la # moduleload back_meta.la # moduleload back_monitor.la # moduleload back_perl.la access to attrs=userPassword,sambaLMPassword,sambaNTPassword by self write by anonymous auth by * none access to * by * read # if no access controls are present, the default policy # allows anyone and everyone to read anything but restric...

...etc/openldap/schema/rfc2307bis.schema include /etc/openldap/schema/samba.schema #include /etc/openldap/schema/nis.schema pidfile /var/run/slapd/slapd.pid argsfile /var/run/slapd/slapd.args # Load dynamic backend modules: modulepath /usr/lib/openldap/modules # moduleload back_ldap.la # moduleload back_meta.la # moduleload back_monitor.la # moduleload back_perl.la access to attrs=userPassword,sambaLMPassword,sambaNTPassword by self write by anonymous auth by * none access to * by * read # if no access controls are present, the default policy # allows anyone and everyone to read anything but restric...