[root@mldap ~]# egrep -v "#|^$" /etc/openldap/slapd.conf
# include 行代表当前OpenLDAP 服务包含的schema 文件
include /etc/openldap/schema/corba.schema
include /etc/openldap/schema/core.schema
include /etc/openldap/schema/cosine.schema
include /etc/openldap/schema/duaconf.schema
include /etc/openldap/schema/dyngroup.schema
include /etc/openldap/schema/inetorgperson.schema
include /etc/openldap/schema/java.schema
include /etc/openldap/schema/misc.schema
include /etc/openldap/schema/nis.schema
include /etc/openldap/schema/openldap.schema
include /etc/openldap/schema/ppolicy.schema
include /etc/openldap/schema/collective.schema
include /etc/openldap/schema/sudo.schema
include /etc/openldap/schema/openssh-lpk-openldap.schema
# OpenLDAP 服务允许连接的客户端版本。
allow bind_v2
# OpenLDAP 进程启动时,pid 文件存放路径。
pidfile /var/run/openldap/slapd.pid
# OpenLDAP 参数文件存放的路径。
argsfile /var/run/openldap/slapd.args
# 传输加密的配置信息
TLSCACertificatePath /etc/openldap/certs
TLSCertificateFile "\"OpenLDAP Server\""
TLSCertificateKeyFile /etc/openldap/certs/password
database config
access to *
by dn.exact="gidNumber=0+uidNumber=0,cn=peercred,cn=external,cn=auth" manage
by * none
database monitor
access to *
by dn.exact="gidNumber=0+uidNumber=0,cn=peercred,cn=external,cn=auth" read
by dn.exact="cn=admin,dc=wzlinux,dc=com" read
by * none
# 指定OpenLDAP 数据库类型。
database bdb
# 指定OpenLDAP 服务域名(DN)
suffix "dc=wzlinux,dc=com"
checkpoint 1024 15
# 指定OpenLDAP 服务管理员信息。
rootdn "cn=admin,dc=wzlinux,dc=com"
# 指定OpenLDAP 服务管理员密码,使用slappasswd -s your_password来获取加密密码
rootpw {SSHA}hjqcrGsPL6H58QAS0QHBvihVS7x2HHKG
# 指定OpenLDAP 数据库文件的存放目录。
directory /var/lib/ldap
# 创建OpenLDAP 索引。
index objectClass eq,pres
index ou,cn,mail,surname,givenname eq,pres,sub
index uidNumber,gidNumber,loginShell eq,pres
index uid,memberUid eq,pres,sub
index nisMapName,nisMapEntry eq,pres,sub