slapd.conf
The configuration file /etc/openldap/slapd.conf contains the among other things following attitudes:
- the Schemas,which can be loaded,
- the on zero "log level placed"
(LDAP takes over all authentifications and access right examinations there, provides even the smallest "log level" for overflowing log files),
- the access rights (see below),
- the "suffix" (in other configuration files usually "ldapbase" or simply "cousin" mentioned),
that in myLinux the server must have always the form "dc=<SUBDOMAIN>, dc=<TOPLEVELDOMAIN >", for example "dc=fourier group, dc=de", the distinguished name of the LDAP administrator, the password of the LDAP administrator in the plain language (the Setup-Skripts extracts this password from file and stores it in the user manager, that it for different actions like the creation the path to the data base files),
- the indices which can be put on for fast access to configuration data of sendmail,
- the authentification date of pam_ldap and address data by Mailclients such as Outlook, and *last the paths to SSL certificates.
Access rights
The assignment of access rights on the LDAP listing was already described under LDAP in the section "dedicated access to "LDAP".
Explicit setting up access rights is thereby quite simply ("... by DN =... write"). The difficulty consists of fact is, that with the distribution by write rights no safety gaps may be opened.
For Example in order to reserve the creation of UNIX users or groups only the LDAP administrator, the creation of such objects in the file must "contacts" be forbidden - this goes only, by making the selection of attributes typical for these objects (passwords, ID numbers) impossible.
Also certain system-critical attributes may not be changed within user and group objects (ID numbers, passwords, group and user name).