Novell LINUX ENTERPRISE SERVER 10 - INSTALLATION AND ADMINISTRATION 11-05-2007 Installation Manual page 685

This first directive in slapd.conf, shown in
Directive for Schemes"
is organized. The entry core.schema is required. Additionally required schemes are
appended to this directive. Find information in the included OpenLDAP documentation.
Example 36.3 slapd.conf: pidfile and argsfile
pidfile /var/run/slapd/slapd.pid
argsfile /var/run/slapd/slapd.args
These two files contain the PID (process ID) and some of the arguments with which
the slapd process is started. There is no need for modifications here.
Example 36.4 slapd.conf: Access Control
# Sample Access Control
# Allow read access of root DSE
# Allow self write access
# Allow authenticated users read access
# Allow anonymous users to authenticate
# access to dn="" by * read
access to * by self write
by users read
by anonymous auth
#
# if no access controls are present, the default is:
# Allow read by all
#
# rootdn can always write!
Example 36.4, "slapd.conf: Access Control"
.conf that regulates the access permissions for the LDAP directory on the server. The
settings made here in the global section of slapd.conf are valid as long as no custom
access rules are declared in the database-specific section. These would overwrite the
global declarations. As presented here, all users have read access to the directory, but
only the administrator (rootdn) can write to this directory. Access control regulation
in LDAP is a highly complex process. The following tips can help:
• Every access rule has the following structure:
access to <what> by <who> <access>
(page 666), specifies the scheme by which the LDAP directory
Example 36.2, "slapd.conf: Include
(page 667) is the excerpt from slapd
LDAP—A Directory Service 667