Last active
August 29, 2015 14:03
-
-
Save elliottwilliams/66450f84444284afdb18 to your computer and use it in GitHub Desktop.
OpenMRS ID LDAP Config
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
# | |
# See slapd.conf(5) for details on configuration options. | |
# This file should NOT be world readable. | |
# | |
include /etc/ldap/schema/core.schema | |
include /etc/ldap/schema/cosine.schema | |
include /etc/ldap/schema/inetorgperson.schema | |
include /etc/ldap/schema/ppolicy.schema | |
pidfile /var/run/slapd/slapd.pid | |
argsfile /var/run/slapd/slapd.args | |
# Load dynamic backend modules: | |
# modulepath /usr/local/Cellar/openldap/2.4.33/libexec/openldap | |
moduleload back_hdb | |
moduleload ppolicy | |
# loglevel none | |
sizelimit unlimited | |
####################################################################### | |
# BDB database definitions | |
####################################################################### | |
# OpenMRS.org Database | |
database hdb | |
suffix "dc=openmrs,dc=org" | |
rootdn "cn=admin,dc=openmrs,dc=org" | |
rootpw secret | |
directory /var/lib/ldap | |
index objectClass eq | |
index cn eq,sub,pres | |
overlay ppolicy | |
ppolicy_default cn=password,ou=policy,dc=openmrs,dc=org | |
ppolicy_hash_cleartext | |
password-hash {SSHA} | |
# ACLs | |
access to attrs=userPassword | |
by dn="uid=gasync,ou=system,dc=openmrs,dc=org" read | |
by dn="uid=omrsid,ou=system,dc=openmrs,dc=org" write | |
by anonymous auth | |
by self write | |
by * none | |
access to attrs=pwdPolicySubentry | |
by dn="uid=omrsid,ou=system,dc=openmrs,dc=org" write | |
by * none | |
access to attrs=pwdChangedTime | |
by dn="uid=gasync,ou=system,dc=openmrs,dc=org" read | |
by dn="uid=omrsid-reset,ou=system,dc=openmrs,dc=org" none | |
access to dn.subtree="ou=users,dc=openmrs,dc=org" | |
by dn="uid=gasync,ou=system,dc=openmrs,dc=org" write | |
by dn="uid=omrsid,ou=system,dc=openmrs,dc=org" write | |
by dn="uid=omrsid-reset,ou=system,dc=openmrs,dc=org" none | |
by self write | |
by users read | |
by * none | |
access to dn.subtree="ou=groups,dc=openmrs,dc=org" | |
by dn="uid=omrsid,ou=system,dc=openmrs,dc=org" write | |
by dn="uid=omrsid-reset,ou=system,dc=openmrs,dc=org" none | |
by self write | |
by users read | |
by * none | |
access to * | |
by self write | |
by dn="uid=omrsid-reset,ou=system,dc=openmrs,dc=org" none | |
by users read | |
by * none |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment