batch@work-isp:~$ sudo sh -c "ls -l /etc/ldap/slapd.d/cn=config/olcDatabase*"
ls: cannot access /etc/ldap/slapd.d/cn=config/olcDatabase*: No such file or directory
batch@work-isp:~$ sudo sh -c "grep olcSuffix: /etc/ldap/slapd.d/cn=config/olcDatabase*"
grep: /etc/ldap/slapd.d/cn=config/olcDatabase*: No such file or directory
batch@work-isp:~$ sudo sh -c "grep olcDbDirectory: /etc/ldap/slapd.d/cn=config/olcDatabase*"
grep: /etc/ldap/slapd.d/cn=config/olcDatabase*: No such file or directory
batch@work-isp:~$ ls /etc/ldap
data ldap.conf ldap.doc sasl2 schema slapd.conf
batch@work-isp:~$ ls -R /etc/ldap
/etc/ldap:
data ldap.conf ldap.doc sasl2 schema slapd.conf
/etc/ldap/data:
aa data.ldif.try1 data.ldif.try3 intervivaz.ldif
data.ldif data.ldif.try2 data.ldif.try4 reload
slapd.conf:
include /etc/ldap/schema/core.schema
##include /etc/ldap/schema/collective.schema
##include /etc/ldap/schema/corba.schema
include /etc/ldap/schema/cosine.schema
##include /etc/ldap/schema/duaconf.schema
##include /etc/ldap/schema/dyngroup.schema
include /etc/ldap/schema/inetorgperson.schema
##include /etc/ldap/schema/java.schema
#include /etc/ldap/schema/misc.schema
include /etc/ldap/schema/nis.schema
##include /etc/ldap/schema/openldap.schema
##include /etc/ldap/schema/ppolicy.schema
##include /etc/ldap/schema/pmi.schema
#include /usr/local/etc/ldap/samba.schema
#include /usr/local/etc/ldap/sq_prefs.schema
#include /usr/local/etc/ldap/squirrelmail.schema.OpenLDAP-2.1.x
include /etc/ldap/schema/authldap.schema
# Where the pid file is put. The init.d script
# will not stop the server if you change this.
pidfile /var/run/slapd/slapd.pid
# List of arguments that were passed to the server
argsfile /var/run/slapd/slapd.args
# Read slapd.conf(5) for possible values
#loglevel none
#loglevel filter stats
loglevel stats
#loglevel 32767
# Where the dynamically loaded modules are stored
modulepath /usr/lib/ldap
moduleload back_hdb
moduleload syncprov
# The maximum number of entries that is returned for a search operation
sizelimit 5000
# The tool-threads parameter sets the actual amount of cpu's that is used
# for indexing.
tool-threads 1
# specific Backend Directives for hdb:
# Backend specific directives apply to this backend until another
# 'backend' directive occurs
database hdb
suffix "dc="domain"
rootdn "cn=admin,dc=domain"
rootpw "{SSHA}<some text for a password>"
directory "/var/lib/ldap"
#add to indexes to the below list
#/etc/init.d/slapd stop
#slapindex -f /etc/ldap/slapd.conf
#cd /var/lib/ldap; chown openldap:openldap *
#/etc/init.d/slapd start
index objectClass,mail,mailbox,associatedDomain eq
index uid eq
index uidNumber eq
index gidNumber eq
# 1) user confirm this is their record
# 2) pam to validate a password for this dn
# 3) pam to change a password for this dn
#we do a start <-> end match so this is for xxx.ltcd.com style
access to dn.regex="^uid=([^,]+),ou=people,dc=([^,]+),dc=([^,]+).dc=([^,]+),dc=domain$"
attrs=userPassword,shadowLastChange
by anonymous auth
by dn.exact="cn=dovecot,dc=global,dc=domain" read
by dn.exact,expand="cn=admin,dc=$2,dc=$3,dc=$4,dc=domain" write
by self write
by * none
#this is start <-> end need for those xxxx.com style
access to dn.regex="^uid=([^,]+),ou=people,dc=([^,]+),dc=([^,]+),dc=domain$"
attrs=userPassword,shadowLastChange
by anonymous auth
by dn.exact="cn=dovecot,dc=global,dc=domain" read
by dn.exact,expand="cn=admin,dc=$2,dc=$3,dc=$4,dc=domain" write
by self write
by * none
#this is start <-> end need for those xxxx.com style
access to dn.regex="^uid=([^,]+),ou=people,dc=([^,]+),dc=([^,]+),dc=domain$"
attrs=userPassword,shadowLastChange
by anonymous auth
by dn.exact="cn=dovecot,dc=global,dc=domain" read
by dn.exact,expand="cn=admin,dc=$2,dc=$3,dc=domain" write
by self write
by * none
# Ensure read access to the base for things like
# supportedSASLMechanisms. Without this you may
# have problems with SASL not knowing what
# mechanisms are available and the like.
# Note that this is covered by the 'access to *'
# ACL below too but if you change that as people
# are wont to do you'll still need this if you
# want SASL (and possible other things) to work
# happily.
access to dn.base="" by * read
# The admin dn has full write access, everyone else
# can read everything.
# by anonymous auth
# by users read
# by self write
# user after logged in do not bind to get uid and lose login name
access to *
by * read
batch@work-isp:~$ sudo sh -c "ls -l /etc/ldap/ slapd.d/ cn=config/ olcDatabase* " slapd.d/ cn=config/ olcDatabase* : No such file or directory
ls: cannot access /etc/ldap/
batch@work-isp:~$ sudo sh -c "grep olcSuffix: /etc/ldap/ slapd.d/ cn=config/ olcDatabase* " slapd.d/ cn=config/ olcDatabase* : No such file or directory
grep: /etc/ldap/
batch@work-isp:~$ sudo sh -c "grep olcDbDirectory: /etc/ldap/ slapd.d/ cn=config/ olcDatabase* " slapd.d/ cn=config/ olcDatabase* : No such file or directory
grep: /etc/ldap/
batch@work-isp:~$ ls /etc/ldap
data ldap.conf ldap.doc sasl2 schema slapd.conf
batch@work-isp:~$ ls -R /etc/ldap
/etc/ldap:
data ldap.conf ldap.doc sasl2 schema slapd.conf
/etc/ldap/data:
aa data.ldif.try1 data.ldif.try3 intervivaz.ldif
data.ldif data.ldif.try2 data.ldif.try4 reload
/etc/ldap/sasl2:
/etc/ldap/schema: schema nis.schema schema. orig cosine.schema misc.ldif openldap.schema
amavis.schema core.schema inetorgperson.
authldap.schema cosine.ldif java.schema openldap.ldif
authldap.
collective.schema duaconf.schema misc.schema pmi.schema
corba.schema dyngroup.schema nadf.schema ppolicy.schema
core.ldif inetorgperson.ldif nis.ldif README
ldap.conf:
#
# LDAP Defaults
#
# See ldap.conf(5) for details
# This file should be world readable but not world writable.
#BASE dc=example,dc=com ldap.example. com ldap:// ldap-master. example. com:666
#URI ldap://
#SIZELIMIT 12
#TIMELIMIT 15
#DEREF never
slapd.conf: schema/ core.schema schema/ collective. schema schema/ corba.schema schema/ cosine. schema schema/ duaconf. schema schema/ dyngroup. schema schema/ inetorgperson. schema schema/ java.schema schema/ misc.schema schema/ nis.schema schema/ openldap. schema schema/ ppolicy. schema schema/ pmi.schema etc/ldap/ samba.schema etc/ldap/ sq_prefs. schema etc/ldap/ squirrelmail. schema. OpenLDAP- 2.1.x schema/ authldap. schema
include /etc/ldap/
##include /etc/ldap/
##include /etc/ldap/
include /etc/ldap/
##include /etc/ldap/
##include /etc/ldap/
include /etc/ldap/
##include /etc/ldap/
#include /etc/ldap/
include /etc/ldap/
##include /etc/ldap/
##include /etc/ldap/
##include /etc/ldap/
#include /usr/local/
#include /usr/local/
#include /usr/local/
include /etc/ldap/
# Where the pid file is put. The init.d script slapd/slapd. pid
# will not stop the server if you change this.
pidfile /var/run/
# List of arguments that were passed to the server slapd/slapd. args
argsfile /var/run/
# Read slapd.conf(5) for possible values
#loglevel none
#loglevel filter stats
loglevel stats
#loglevel 32767
# Where the dynamically loaded modules are stored
modulepath /usr/lib/ldap
moduleload back_hdb
moduleload syncprov
# The maximum number of entries that is returned for a search operation
sizelimit 5000
# The tool-threads parameter sets the actual amount of cpu's that is used
# for indexing.
tool-threads 1
# specific Backend Directives for hdb: dc=domain"
# Backend specific directives apply to this backend until another
# 'backend' directive occurs
database hdb
suffix "dc="domain"
rootdn "cn=admin,
rootpw "{SSHA}<some text for a password>"
directory "/var/lib/ldap"
#add to indexes to the below list slapd.conf
#/etc/init.d/slapd stop
#slapindex -f /etc/ldap/
#cd /var/lib/ldap; chown openldap:openldap *
#/etc/init.d/slapd start
index objectClass, mail,mailbox, associatedDomai n eq
index uid eq
index uidNumber eq
index gidNumber eq
dbconfig set_cachesize 0 2097152 0
dbconfig set_lk_max_objects 1500
dbconfig set_lk_max_locks 1500
dbconfig set_lk_max_lockers 1500
lastmod on
# 1) user confirm this is their record "^uid=( [^,]+), ou=people, dc=([^, ]+),dc= ([^,]+) .dc=([^ ,]+),dc= domain$ " userPassword, shadowLastChang e "cn=dovecot, dc=global, dc=domain" read expand= "cn=admin, dc=$2,dc= $3,dc=$ 4,dc=domain" write
# 2) pam to validate a password for this dn
# 3) pam to change a password for this dn
#we do a start <-> end match so this is for xxx.ltcd.com style
access to dn.regex=
attrs=
by anonymous auth
by dn.exact=
by dn.exact,
by self write
by * none
#this is start <-> end need for those xxxx.com style "^uid=( [^,]+), ou=people, dc=([^, ]+),dc= ([^,]+) ,dc=domain$ " userPassword, shadowLastChang e "cn=dovecot, dc=global, dc=domain" read expand= "cn=admin, dc=$2,dc= $3,dc=$ 4,dc=domain" write
access to dn.regex=
attrs=
by anonymous auth
by dn.exact=
by dn.exact,
by self write
by * none
#this is start <-> end need for those xxxx.com style "^uid=( [^,]+), ou=people, dc=([^, ]+),dc= ([^,]+) ,dc=domain$ " userPassword, shadowLastChang e "cn=dovecot, dc=global, dc=domain" read expand= "cn=admin, dc=$2,dc= $3,dc=domain" write
access to dn.regex=
attrs=
by anonymous auth
by dn.exact=
by dn.exact,
by self write
by * none
# Ensure read access to the base for things like chanisms. Without this you may
# supportedSASLMe
# have problems with SASL not knowing what
# mechanisms are available and the like.
# Note that this is covered by the 'access to *'
# ACL below too but if you change that as people
# are wont to do you'll still need this if you
# want SASL (and possible other things) to work
# happily.
access to dn.base="" by * read
# The admin dn has full write access, everyone else
# can read everything.
# by anonymous auth
# by users read
# by self write
# user after logged in do not bind to get uid and lose login name
access to *
by * read