Create a gist now

Instantly share code, notes, and snippets.

What would you like to do?
openLDAP Proxy with Meta Backend
# /etc/saslauthd.conf
ldap_servers: ldap://127.0.0.1
ldap_search_base: ou=%d,dc=local
ldap_timeout: 10
ldap_filter: (|(uid=%U)(SAMACCOUNTNAME=%U))
ldap_bind_dn: cn=Manager,dc=local
ldap_password: secret
ldap_deref: never
ldap_restart: yes
ldap_scope: sub
ldap_use_sasl: no
ldap_start_tls: no
ldap_version: 3
ldap_auth_method: bind
# Load all the Schemas
include /etc/openldap/schema/corba.schema
include /etc/openldap/schema/core.schema
include /etc/openldap/schema/cosine.schema
include /etc/openldap/schema/duaconf.schema
include /etc/openldap/schema/dyngroup.schema
include /etc/openldap/schema/inetorgperson.schema
include /etc/openldap/schema/java.schema
include /etc/openldap/schema/misc.schema
include /etc/openldap/schema/nis.schema
include /etc/openldap/schema/openldap.schema
include /etc/openldap/schema/ppolicy.schema
include /etc/openldap/schema/collective.schema
# Allow LDAPv2 client connections. This is NOT the default.
allow bind_v2
pidfile /var/run/openldap/slapd.pid
argsfile /var/run/openldap/slapd.args
# The next three lines allow use of TLS for encrypting connections using a
# dummy test certificate which you can generate by running
# /usr/libexec/openldap/generate-server-cert.sh. Your client software may balk
# at self-signed certificates, however.
TLSCACertificatePath /etc/openldap/certs
TLSCertificateFile "\"OpenLDAP Server\""
TLSCertificateKeyFile /etc/openldap/certs/password
#######################################################################
# database definitions
#######################################################################
database bdb
suffix "dc=proxy,dc=ldap"
rootdn "cn=Manager,dc=proxy,dc=ldap"
rootpw secret
# The database directory MUST exist prior to running slapd AND
# should only be accessible by the slapd and slap tools.
# Mode 700 recommended.
directory /var/lib/ldap
# Indices to maintain for this database
index objectClass eq,pres
index ou,cn,mail,surname,givenname eq,pres,sub
index uidNumber,gidNumber,loginShell eq,pres
index uid,memberUid eq,pres,sub
index nisMapName,nisMapEntry eq,pres,sub
# Auth options
####################################
sasl-host localhost
sasl-secprops none
password-hash {CLEARTEXT}
# Meta Databases
database meta
suffix "dc=local"
rootdn "cn=Manager,dc=local"
rootpw secret
# zimbra
uri ldap://zimbra-server.example.com/ou=zimbra,dc=local
lastmod off
suffixmassage "ou=zimbra,dc=local" "ou=people,dc=example,dc=com"
idassert-bind bindmethod=simple
binddn="uid=zimbra,cn=admins,cn=zimbra"
credentials="password"
mode=none
flags=non-prescriptive
idassert-authzFrom "dn.exact:cn=Manager,dc=local"
# Samba4
uri ldap://samba4-server.example.com/ou=samba4,dc=local
lastmod off
suffixmassage "ou=samba4,dc=local" "ou=users,dc=example,dc=com"
idassert-bind bindmethod=simple
binddn="cn=manager,cn=users,dc=example,dc=com"
credentials="password"
mode=none
flags=non-prescriptive
idassert-authzFrom "dn.exact:cn=Manager,dc=local"
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment