Hy everyone ! I am aware it is a pretty old version of OpenLDAP, but, it has been working in production for almost a year now without any problem. Master -> Slave I have no log on the master, and only "syncrepl logging" on the slave. |
# Fichier de configuration slapd.conf DIT # Directives globales ucdata-path /appli/projects/ldap-ael/openldap_2.3.11/ucdata/ include /appli/projects/ldap-ael/openldap_2.3.11/conf/openldap/schema/core.schema include /appli/projects/ldap-ael/openldap_2.3.11/conf/openldap/schema/corba.schema include /appli/projects/ldap-ael/openldap_2.3.11/conf/openldap/schema/cosine.schema include /appli/projects/ldap-ael/openldap_2.3.11/conf/openldap/schema/inetorgperson.schema include /appli/projects/ldap-ael/openldap_2.3.11/conf/openldap/schema/java.schema include /appli/projects/ldap-ael/openldap_2.3.11/conf/openldap/schema/misc.schema include /appli/projects/ldap-ael/openldap_2.3.11/conf/openldap/schema/nds.schema include /appli/projects/ldap-ael/openldap_2.3.11/conf/openldap/schema/nis.schema include /appli/projects/ldap-ael/openldap_2.3.11/conf/openldap/schema/openldap.schema include /appli/projects/ldap-ael/openldap_2.3.11/conf/openldap/schema/dit.schema include /appli/projects/ldap-ael/openldap_2.3.11/conf/openldap/schema/ael.schema # Directives base de donnees database bdb # Support de la replication par syncrepl overlay syncprov syncprov-checkpoint 100 10 syncprov-sessionlog 1000 # Mode lecture seul sur l'annuaire active #readonly on suffix "c=fr" directory /appli/projects/ldap-ael/openldap_2.3.11/openldap-data pidfile /var/projects/ldap-ael/openldap_2.3.11/run/slapd.pid argsfile /var/projects/ldap-ael/openldap_2.3.11/slapd.args replogfile /appli/projects/ldap-ael/openldap_2.3.11/openldap-data/audit.ldif # 15 min d'inactivit eet le serveur ferme la connexion idletimeout 900 # stats log connexions/operations/result loglevel 0 password-hash {SHA} #referral ldap://annusec1.edfgdf.fr # 100 entrees maximum retournees par un search sizelimit 100 # 10 min max pour une requte LDAP timelimit 600 # limitation de la taille des buffers de stockage des PDU LDAP, sur des connexions authentifiees ou non. sockbuf_max_incoming 261143 sockbuf_max_incoming_auth 44194303 # 5 connexions anonymes maximum dans la file d'attente conn_max_pending 5 # 10 connexions authentifiees maximum dans la file d'attente conn_max_pending_auth 10 # Positionnement des facteurs de securite #security ssf=112 # Desactivation des acces anonymes #disallow bind_anon # Activation des attributs LDAP d'audit #lastmod on #TLSCipherSuite HIGH:MEDIUM # CA signed certificate and server cert entries: #TLSCipherSuite HIGH:MEDIUM:+SSLv2 #TLSCACertificateFile /appli/projects/ael_qe/openldap_2.3.11/openldap-data/server.pem #TLSCertificateFile /appli/projects/ael_qe/openldap_2.3.11/openldap-data/server.pem #TLSCertificateKeyFile /appli/projects/ael_qe/openldap_2.3.11/openldap-data/server.pem # Use the following if client authentication is required #TLSVerifyClient demand # ... or not desired at all #TLSVerifyClient never # Les index index default eq index objectClass,seeAlso index cn,sn eq,sub index mail,givenName,uid pres,eq,sub index aelCompteBloque eq # For syncrepl index entryCSN,entryUUID eq # Specifique au backend bdb #cachesize 2000 #checkpoint 2000 10 #dbnosync cachesize 2000000 checkpoint 5000 10 dbnosync dirtyread rootdn cn=admin,c=fr rootpw PASSWORD # tool-threads=nb processeurs du serveur #tool-threads 4 #concurrency 64 #threads 64 # Les ACLs access to attr=userPassword by dn="cn=admin,c=fr" write by dn="cn=replicator,c=fr" read by dn="cn=aelAdmin,c=fr" write by self write by anonymous auth by dn.regex="cn=(.+),ou=administrateurs,o=((edf(gdf)?)|gazdefrance),c=fr" write by * none access to dn="ou=clients,o=edf,c=fr" by self write by dn.base="cn=aelAdmin,c=fr" write by dn="cn=replicator,c=fr" read by * read access to dn="o=edf,c=fr" by * read access to dn="cn=aelAdmin,c=fr" by self write by anonymous auth by dn="cn=replicator,c=fr" read by * none access to * by dn="cn=admin,c=fr" write by dn="cn=aelAdmin,c=fr" write by dn="cn=replicator,c=fr" read by * none # Definition du monitoring database monitor access to * by dn.exact="cn=admin,c=fr" write by dn.children="ou=administrateurs,o=edf,c=fr" read by dn.children="ou=administrateurs,o=edfgdf,c=fr" read by dn.children="ou=administrateurs,o=gazdefrance,c=fr" read by * none
# Fichier de configuration slapd.conf DIT # Directives globales ucdata-path /appli/projects/ldap-ael/openldap_2.3.11/ucdata/ include /appli/projects/ldap-ael/openldap_2.3.11/conf/openldap/schema/core.schema include /appli/projects/ldap-ael/openldap_2.3.11/conf/openldap/schema/corba.schema include /appli/projects/ldap-ael/openldap_2.3.11/conf/openldap/schema/cosine.schema include /appli/projects/ldap-ael/openldap_2.3.11/conf/openldap/schema/inetorgperson.schema include /appli/projects/ldap-ael/openldap_2.3.11/conf/openldap/schema/java.schema include /appli/projects/ldap-ael/openldap_2.3.11/conf/openldap/schema/misc.schema include /appli/projects/ldap-ael/openldap_2.3.11/conf/openldap/schema/nds.schema include /appli/projects/ldap-ael/openldap_2.3.11/conf/openldap/schema/nis.schema include /appli/projects/ldap-ael/openldap_2.3.11/conf/openldap/schema/openldap.schema include /appli/projects/ldap-ael/openldap_2.3.11/conf/openldap/schema/dit.schema include /appli/projects/ldap-ael/openldap_2.3.11/conf/openldap/schema/ael.schema # Directives base de donnees database bdb # Mode lecture seul sur l'annuaire active #readonly on suffix "c=fr" directory /appli/projects/ldap-ael/openldap_2.3.11/openldap-data pidfile /var/projects/ldap-ael/openldap_2.3.11/run/slapd.pid argsfile /var/projects/ldap-ael/openldap_2.3.11/slapd.args replogfile /appli/projects/ldap-ael/openldap_2.3.11/openldap-data/audit.ldif # 15 min d'inactivit eet le serveur ferme la connexion idletimeout 900 # stats log connexions/operations/result loglevel 0 password-hash {SHA} #referral ldap://annusec1.edfgdf.fr # 100 entrees maximum retournees par un search sizelimit 100 # 10 min max pour une requte LDAP timelimit 600 # limitation de la taille des buffers de stockage des PDU LDAP, sur des connexions authentifiees ou non. sockbuf_max_incoming 261143 sockbuf_max_incoming_auth 44194303 # 5 connexions anonymes maximum dans la file d'attente conn_max_pending 5 # 10 connexions authentifiees maximum dans la file d'attente conn_max_pending_auth 10 # Positionnement des facteurs de securite #security ssf=112 # Desactivation des acces anonymes #disallow bind_anon # Activation des attributs LDAP d'audit #lastmod on #TLSCipherSuite HIGH:MEDIUM # CA signed certificate and server cert entries: #TLSCipherSuite HIGH:MEDIUM:+SSLv2 #TLSCACertificateFile /appli/projects/ael_qe/openldap_2.3.11/openldap-data/server.pem #TLSCertificateFile /appli/projects/ael_qe/openldap_2.3.11/openldap-data/server.pem #TLSCertificateKeyFile /appli/projects/ael_qe/openldap_2.3.11/openldap-data/server.pem # Use the following if client authentication is required #TLSVerifyClient demand # ... or not desired at all #TLSVerifyClient never # Les index index default eq index objectClass,seeAlso index cn,sn eq,sub index mail,givenName,uid pres,eq,sub index aelCompteBloque eq # For syncrepl index entryCSN,entryUUID eq # Specifique au backend bdb #cachesize 2000 #checkpoint 2000 10 #dbnosync cachesize 2000000 checkpoint 5000 10 dbnosync dirtyread rootdn cn=admin,c=fr rootpw PASSWD # tool-threads=nb processeurs du serveur #tool-threads 4 #concurrency 64 #threads 64 # Les ACLs access to attr=userPassword by dn="cn=admin,c=fr" write by dn="cn=aelAdmin,c=fr" write by self write by anonymous auth by dn.regex="cn=(.+),ou=administrateurs,o=((edf(gdf)?)|gazdefrance),c=fr" write by * none access to dn="ou=clients,o=edf,c=fr" by self write by dn.base="cn=aelAdmin,c=fr" write by * read access to dn="o=edf,c=fr" by * read access to dn="cn=aelAdmin,c=fr" by self write by anonymous auth by * none access to * by dn="cn=admin,c=fr" write by dn="cn=aelAdmin,c=fr" write by * none syncrepl rid=1 provider=ldap://pcyfz02asp.edfgdf.fr:2390 binddn="cn=replicator,c=fr" bindmethod=simple credentials=replicator searchbase="c=fr" filter="(objectClass=*)" attrs="*" schemachecking=off scope=sub type=refreshOnly retry="30 20 300 24" interval=00:00:00:30 # Definition du monitoring database monitor access to * by dn.exact="cn=admin,c=fr" write by dn.children="ou=administrateurs,o=edf,c=fr" read by dn.children="ou=administrateurs,o=edfgdf,c=fr" read by dn.children="ou=administrateurs,o=gazdefrance,c=fr" read by * none