## slapd 3-way multi-master (delta-syncrepl) configuration ## ------------------------------------------------------- # # The config DIT (cn=config): replicated using syncrepl # The normal DIT (dc=phys,dc=ethz,dc=ch): replicated using delta-syncrepl (accesslog: cn=deltalog) # # The schema definitions and following attributes have been removed in this file: # entryUUID, entryCSN, contextCSN, modifiersName, modifyTimestamp, creatorsName, createTimestamp dn: cn=config objectClass: olcGlobal cn: config olcArgsFile: /var/run/slapd/slapd.args olcPidFile: /var/run/slapd/slapd.pid olcToolThreads: 1 structuralObjectClass: olcGlobal olcLogLevel: sync olcTLSCACertificateFile: /etc/ldap/cert/cacert.pem olcTLSCertificateFile: /etc/ldap/cert/cert.pem olcTLSCertificateKeyFile: /etc/ldap/cert/privkey.pem olcPasswordCryptSaltFormat: $6$rounds=10000$%.16s olcLocalSSF: 512 olcSaslSecProps: noanonymous,noplain,minssf=56 olcTLSCipherSuite: SECURE256:+SECURE128:-VERS-ALL:+VERS-TLS1.2:+VERS-DTLS1.2 :-SHA1:-DHE-DSS:-RSA olcSecurity: ssf=56 olcAuthzRegexp: {0}"uid=(.*),cn=gssapi,cn=auth" ldap:///dc=phys,dc=ethz,dc=ch??sub?(uid=$1) olcServerID: 0x000 ldap://phd-aa1.ethz.ch olcServerID: 0x001 ldap://phd-aa2.ethz.ch olcServerID: 0x002 ldap://phd-aa3.ethz.ch dn: cn=module{0},cn=config objectClass: olcModuleList cn: module{0} olcModulePath: /usr/lib/ldap olcModuleLoad: {0}back_mdb olcModuleLoad: {1}syncprov.la olcModuleLoad: {2}accesslog.la structuralObjectClass: olcModuleList dn: cn=schema,cn=config objectClass: olcSchemaConfig cn: schema structuralObjectClass: olcSchemaConfig dn: cn={0}core,cn=schema,cn=config objectClass: olcSchemaConfig cn: {0}core ... dn: cn={1}cosine,cn=schema,cn=config objectClass: olcSchemaConfig cn: {1}cosine ... dn: cn={2}nis,cn=schema,cn=config objectClass: olcSchemaConfig cn: {2}nis ... dn: cn={3}inetorgperson,cn=schema,cn=config objectClass: olcSchemaConfig cn: {3}inetorgperson ... dn: cn={4}kerberos,cn=schema,cn=config objectClass: olcSchemaConfig cn: {4}kerberos ... dn: olcBackend={0}mdb,cn=config objectClass: olcBackendConfig olcBackend: {0}mdb structuralObjectClass: olcBackendConfig dn: olcDatabase={-1}frontend,cn=config objectClass: olcDatabaseConfig objectClass: olcFrontendConfig olcDatabase: {-1}frontend olcAccess: {0}to * by dn.exact=gidNumber=0+uidNumber=0,cn=peercred,cn=external,cn=auth manage by * break olcAccess: {1}to dn.exact="" by * read olcAccess: {2}to dn.base="cn=Subschema" by * read structuralObjectClass: olcDatabaseConfig olcSizeLimit: size.soft=500 size.hard=500 olcTimeLimit: time.soft=30 time.hard=60 olcPasswordHash: {CRYPT} olcSecurity: ssf=56 dn: olcDatabase={0}config,cn=config objectClass: olcDatabaseConfig olcDatabase: {0}config structuralObjectClass: olcDatabaseConfig olcRootDN: cn=dbroot,cn=config olcAccess: {0}to * by group="cn=manage,ou=ldap,dc=phys,dc=ethz,dc=ch" manage by group="cn=syncrepl,ou=ldap,dc=phys,dc=ethz,dc=ch" read by * none olcLimits: {0}group/groupOfNames/member="cn=manage,ou=ldap,dc=phys,dc=ethz,dc=ch" time.soft=unlimited time.hard=unlimited size.soft=unlimited size.hard=unlimited olcLimits: {1}group/groupOfNames/member="cn=syncrepl,ou=ldap,dc=phys,dc=ethz,dc=ch" time.soft=unlimited time.hard=unlimited size.soft=unlimited size.hard=unlimited olcLimits: {2}group/groupOfNames/member="cn=rw,ou=ldap,dc=phys,dc=ethz,dc=ch" time.soft=unlimited time.hard=unlimited size.soft=unlimited size.hard=unlimited olcLimits: {3}group/groupOfNames/member="cn=ro,ou=ldap,dc=phys,dc=ethz,dc=ch" time.soft=unlimited time.hard=unlimited size.soft=unlimited size.hard=unlimited olcLimits: {4}dn.exact="cn=mit-kdc,ou=mit-kerberos,dc=phys,dc=ethz,dc=ch" time.soft=unlimited time.hard=unlimited size.soft=unlimited size.hard=unlimited olcLimits: {5}dn.exact="cn=mit-kadmind,ou=mit-kerberos,dc=phys,dc=ethz,dc=ch" time.soft=unlimited time.hard=unlimited size.soft=unlimited size.hard=unlimited olcSyncrepl: {0}rid=001 provider=ldap://phd-aa1.ethz.ch bindmethod=sasl saslmech=gssapi searchbase="cn=config" type=refreshAndPersist retry="1 600 60 7200 1800 +" network-timeout=1 timeout=5 olcSyncrepl: {1}rid=002 provider=ldap://phd-aa2.ethz.ch bindmethod=sasl saslmech=gssapi searchbase="cn=config" type=refreshAndPersist retry="1 600 60 7200 1800 +" network-timeout=1 timeout=5 olcSyncrepl: {2}rid=003 provider=ldap://phd-aa3.ethz.ch bindmethod=sasl saslmech=gssapi searchbase="cn=config" type=refreshAndPersist retry="1 600 60 7200 1800 +" network-timeout=1 timeout=5 olcMirrorMode: TRUE dn: olcOverlay={0}syncprov,olcDatabase={0}config,cn=config objectClass: olcOverlayConfig objectClass: olcSyncProvConfig olcOverlay: {0}syncprov olcSpCheckpoint: 100 1 structuralObjectClass: olcSyncProvConfig dn: olcDatabase={1}mdb,cn=config objectClass: olcDatabaseConfig objectClass: olcMdbConfig olcDatabase: {1}mdb olcDbDirectory: /var/lib/ldap olcLastMod: TRUE olcDbCheckpoint: 512 30 olcDbIndex: objectClass eq olcDbIndex: cn,uid eq olcDbIndex: uidNumber,gidNumber eq olcDbIndex: member,memberUid eq olcDbIndex: krbPrincipalName eq olcDbIndex: krbPwdPolicyReference eq olcDbIndex: entryUUID eq olcDbIndex: entryCSN eq olcDbMaxSize: 1073741824 structuralObjectClass: olcMdbConfig olcSuffix: dc=phys,dc=ethz,dc=ch olcRootDN: cn=dbroot,dc=phys,dc=ethz,dc=ch olcAccess: {0}to dn.subtree="ou=automount,dc=phys,dc=ethz,dc=ch" by group="cn=manage,ou=ldap,dc=phys,dc=ethz,dc=ch" manage by group="cn=syncrepl,ou=ldap,dc=phys,dc=ethz,dc=ch" read by group="cn=rw,ou=ldap,dc=phys,dc=ethz,dc=ch" write by group="cn=ro,ou=ldap,dc=phys,dc=ethz,dc=ch" read by * read olcAccess: {1}to dn.subtree="ou=netgroup,dc=phys,dc=ethz,dc=ch" by group="cn=manage,ou=ldap,dc=phys,dc=ethz,dc=ch" manage by group="cn=syncrepl,ou=ldap,dc=phys,dc=ethz,dc=ch" read by group="cn=rw,ou=ldap,dc=phys,dc=ethz,dc=ch" write by group="cn=ro,ou=ldap,dc=phys,dc=ethz,dc=ch" read by * read olcAccess: {2}to attrs=userPassword,shadowLastChange by group="cn=manage,ou=ldap,dc=phys,dc=ethz,dc=ch" manage by group="cn=syncrepl,ou=ldap,dc=phys,dc=ethz,dc=ch" read by group="cn=rw,ou=ldap,dc=phys,dc=ethz,dc=ch" write by group="cn=ro,ou=ldap,dc=phys,dc=ethz,dc=ch" read by anonymous auth by self write by * none olcAccess: {3}to attrs=cn,dc,gecos,gidNumber,homeDirectory,loginShell,member, memberUid,objectClass,ou,sn,uid,uidNumber,uniqueMember,krbPrincipalName,entry by group="cn=manage,ou=ldap,dc=phys,dc=ethz,dc=ch" manage by group="cn=syncrepl,ou=ldap,dc=phys,dc=ethz,dc=ch" read by group="cn=rw,ou=ldap,dc=phys,dc=ethz,dc=ch" write by group="cn=ro,ou=ldap,dc=phys,dc=ethz,dc=ch" read by users read by anonymous auth by * none olcAccess: {4}to * by group="cn=manage,ou=ldap,dc=phys,dc=ethz,dc=ch" manage by group="cn=syncrepl,ou=ldap,dc=phys,dc=ethz,dc=ch" read by group="cn=rw,ou=ldap,dc=phys,dc=ethz,dc=ch" write by group="cn=ro,ou=ldap,dc=phys,dc=ethz,dc=ch" read by * none olcLimits: {0}group/groupOfNames/member="cn=manage,ou=ldap,dc=phys,dc=ethz,dc=ch" time.soft=unlimited time.hard=unlimited size.soft=unlimited size.hard=unlimited olcLimits: {1}group/groupOfNames/member="cn=syncrepl,ou=ldap,dc=phys,dc=ethz,dc=ch" time.soft=unlimited time.hard=unlimited size.soft=unlimited size.hard=unlimited olcLimits: {2}group/groupOfNames/member="cn=rw,ou=ldap,dc=phys,dc=ethz,dc=ch" time.soft=unlimited time.hard=unlimited size.soft=unlimited size.hard=unlimited olcLimits: {3}group/groupOfNames/member="cn=ro,ou=ldap,dc=phys,dc=ethz,dc=ch" time.soft=unlimited time.hard=unlimited size.soft=unlimited size.hard=unlimited olcLimits: {4}dn.exact="cn=mit-kdc,ou=mit-kerberos,dc=phys,dc=ethz,dc=ch" time.soft=unlimited time.hard=unlimited size.soft=unlimited size.hard=unlimited olcLimits: {5}dn.exact="cn=mit-kadmind,ou=mit-kerberos,dc=phys,dc=ethz,dc=ch" time.soft=unlimited time.hard=unlimited size.soft=unlimited size.hard=unlimited olcLimits: {6}dn.this.subtree="ou=automount,dc=phys,dc=ethz,dc=ch" time.soft=30 time.hard=60 size.soft=unlimited size.hard=unlimited olcLimits: {7}dn.this.subtree="ou=netgroup,dc=phys,dc=ethz,dc=ch" time.soft=30 time.hard=60 size.soft=unlimited size.hard=unlimited olcSyncrepl: {0}rid=004 provider=ldap://phd-aa1.ethz.ch bindmethod=sasl saslmech=gssapi searchbase="dc=phys,dc=ethz,dc=ch" type=refreshAndPersist retry="1 600 60 7200 1800 +" network-timeout=1 timeout=5 logbase="cn=deltalog" logfilter="(&(objectClass=auditWriteObject)(reqResult=0))" syncdata=accesslog olcSyncrepl: {1}rid=005 provider=ldap://phd-aa2.ethz.ch bindmethod=sasl saslmech=gssapi searchbase="dc=phys,dc=ethz,dc=ch" type=refreshAndPersist retry="1 600 60 7200 1800 +" network-timeout=1 timeout=5 logbase="cn=deltalog" logfilter="(&(objectClass=auditWriteObject)(reqResult=0))" syncdata=accesslog olcSyncrepl: {2}rid=006 provider=ldap://phd-aa3.ethz.ch bindmethod=sasl saslmech=gssapi searchbase="dc=phys,dc=ethz,dc=ch" type=refreshAndPersist retry="1 600 60 7200 1800 +" network-timeout=1 timeout=5 logbase="cn=deltalog" logfilter="(&(objectClass=auditWriteObject)(reqResult=0))" syncdata=accesslog olcMirrorMode: TRUE dn: olcOverlay={0}accesslog,olcDatabase={1}mdb,cn=config objectClass: olcAccessLogConfig olcOverlay: {0}accesslog olcAccessLogDB: cn=deltalog olcAccessLogOps: writes olcAccessLogPurge: 7+00:00 1+00:00 olcAccessLogSuccess: TRUE structuralObjectClass: olcAccessLogConfig dn: olcOverlay={1}syncprov,olcDatabase={1}mdb,cn=config objectClass: olcOverlayConfig objectClass: olcSyncProvConfig olcOverlay: {1}syncprov olcSpCheckpoint: 10000 1 structuralObjectClass: olcSyncProvConfig dn: olcDatabase={2}mdb,cn=config objectClass: olcDatabaseConfig objectClass: olcMdbConfig olcDatabase: {2}mdb olcDbDirectory: /var/lib/ldap/deltalog olcSuffix: cn=deltalog olcRootDN: cn=deltalog,cn=config olcDbIndex: default eq olcDbIndex: entryCSN,objectClass,reqEnd,reqResult,reqStart olcDbMaxSize: 1073741824 structuralObjectClass: olcMdbConfig olcAccess: {0}to * by group="cn=manage,ou=ldap,dc=phys,dc=ethz,dc=ch" manage by group="cn=syncrepl,ou=ldap,dc=phys,dc=ethz,dc=ch" read by group="cn=rw,ou=ldap,dc=phys,dc=ethz,dc=ch" write by group="cn=ro,ou=ldap,dc=phys,dc=ethz,dc=ch" read by * none olcLimits: {0}group/groupOfNames/member="cn=manage,ou=ldap,dc=phys,dc=ethz,dc=ch" time.soft=unlimited time.hard=unlimited size.soft=unlimited size.hard =unlimited olcLimits: {1}group/groupOfNames/member="cn=syncrepl,ou=ldap,dc=phys,dc=ethz,dc=ch" time.soft=unlimited time.hard=unlimited size.soft=unlimited size.hard=unlimited olcLimits: {2}group/groupOfNames/member="cn=rw,ou=ldap,dc=phys,dc=ethz,dc=ch" time.soft=unlimited time.hard=unlimited size.soft=unlimited size.hard=unlimited olcLimits: {3}group/groupOfNames/member="cn=ro,ou=ldap,dc=phys,dc=ethz,dc=ch" time.soft=unlimited time.hard=unlimited size.soft=unlimited size.hard=unlimited dn: olcOverlay={0}syncprov,olcDatabase={2}mdb,cn=config objectClass: olcOverlayConfig objectClass: olcSyncProvConfig olcOverlay: {0}syncprov olcSpCheckpoint: 10000 10 olcSpNoPresent: TRUE olcSpReloadHint: TRUE structuralObjectClass: olcSyncProvConfig # Last modified: Tue Jul 11 07:36:39 CEST 2017