[Date Prev][Date Next]
[Chronological]
[Thread]
[Top]
Re: ldapdb freezes slapd (ITS#3276)
Howard Chu <openldap-its@OpenLDAP.org> writes:
> Please provide your OpenLDAP slapd.conf and your SASL config file that uses
> ldapdb. There is far too little information here to identify the problem.
>
,----[ sasl smtpd.conf ]
| pwcheck_method: auxprop
| auxprop_plugin: ldapdb
| #ldapdb_uri: ldap://orange.l4b.de:9009
| ldapdb_uri: ldapi://%2Fvar%2Frun%2Fldapi
| ldapdb_id: admanager
| ldapdb_pw: xxxxxxx
| ldapdb_mech: DIGEST-MD5
| # ldapdb_starttls: try
`----
,----[ slapd.conf ]
| include /etc/openldap/schema/core.schema
| include /etc/openldap/schema/misc.schema
| include /etc/openldap/schema/cosine.schema
| include /etc/openldap/schema/inetorgperson.schema
| include /etc/openldap/schema/nis.schema
| include /etc/openldap/schema/combiCalendar.schema
| include /etc/openldap/schema/MailingListen.schema
|
| loglevel 261
| pidfile /var/run/slapd/slapd.pid
| argsfile /var/run/slapd/slapd.args
|
| modulepath /usr/libexec/openldap
| moduleload back_monitor.la
|
| TLSCertificateFile /etc/openldap/cert/marincert.pem
| TLSCertificateKeyFile /etc/openldap/cert/marinkey.pem
| TLSCACertificateFile /etc/openldap/cert/cacert.pem
| TLSCipherSuite HIGH:MEDIUM:+SSLv2
| TLSVerifyClient try
|
| access to dn.base="" by * read
| access to dn.base="cn=Subschema" by * read
|
| database bdb
| suffix "o=avci,c=de"
| rootdn
| rootpw
| cachesize 2000
| checkpoint 512 30
| directory /var/openldap-data/
|
| index cn,sn,uid
| index objectClass eq
| index memberUid eq
|
| access to attrs=userPassword
| by self write
| by anonymous auth
| access to dn.regex="^cn=Mailinglisten,cn=([^,]+),ou=Partner,o=avci,c=de$"
| attrs=children
| by dn.exact,expand="cn=$1,ou=Partner,o=avci,c=de" write continue
| by group.exact="cn=Administratoren,o=avci,c=de" write
| by * none
| access to dn.regex="^cn=([^,]+),ou=Partner,o=avci,c=de$"
| by dn.exact,expand="cn=$1,ou=Partner,o=avci,c=de" read
| by group.exact="cn=Administratoren,o=avci,c=de" write
| by * auth
| access to dn.subtree="ou=adressbuch,o=avci,c=de"
| by dn="cn=admanager,o=avci,c=de" write
| by * read
| access to dn.children="o=avci,c=de"
| by group.exact="cn=administratoren,o=avci,c=de" write
| by users read
| by anonymous auth
|
| sasl-authz-policy to
| sasl-regexp
| uid=(.*),cn=.*,cn=auth
| ldap:///o=avci,c=de??sub?uid=$1
| sasl-regexp
| uid=(.*),cn=.*,cn=auth
| uid=$1,o=avci,c=de
| sasl-regexp uidNumber=(.*)\\+gidNumber=(.*),cn=peercred,cn=external,cn=auth
| ldap:///o=avci,c=de??sub?(&(uidNumber=$1)(gidNumber=$2))
`----
-Dieter
--
Dieter Klünter | Systemberatung
Tel.: +49.40.64861967
Fax : +49.40.64891521
http://www.avci.de