diff options
| author | Rene Mayrhofer <rene@mayrhofer.eu.org> | 2006-05-22 05:12:18 +0000 |
|---|---|---|
| committer | Rene Mayrhofer <rene@mayrhofer.eu.org> | 2006-05-22 05:12:18 +0000 |
| commit | aa0f5b38aec14428b4b80e06f90ff781f8bca5f1 (patch) | |
| tree | 95f3d0c8cb0d59d88900dbbd72110d7ab6e15b2a /testing/hosts/winnetou/etc/openldap | |
| parent | 7c383bc22113b23718be89fe18eeb251942d7356 (diff) | |
| download | vyos-strongswan-aa0f5b38aec14428b4b80e06f90ff781f8bca5f1.tar.gz vyos-strongswan-aa0f5b38aec14428b4b80e06f90ff781f8bca5f1.zip | |
Import initial strongswan 2.7.0 version into SVN.
Diffstat (limited to 'testing/hosts/winnetou/etc/openldap')
| -rw-r--r-- | testing/hosts/winnetou/etc/openldap/ldif.txt | 40 | ||||
| -rw-r--r-- | testing/hosts/winnetou/etc/openldap/slapd.conf | 68 |
2 files changed, 108 insertions, 0 deletions
diff --git a/testing/hosts/winnetou/etc/openldap/ldif.txt b/testing/hosts/winnetou/etc/openldap/ldif.txt new file mode 100644 index 000000000..3eca4d6c6 --- /dev/null +++ b/testing/hosts/winnetou/etc/openldap/ldif.txt @@ -0,0 +1,40 @@ +dn: o=Linux strongSwan, c=CH +objectclass: organization +o: Linux strongSwan + +dn: cn=Manager,o=Linux strongSwan, c=CH +objectclass: organizationalRole +cn: Manager + +dn: cn=strongSwan Root CA, o=Linux strongSwan, c=CH +objectClass: organizationalRole +cn: strongSwan Root CA +objectClass: certificationAuthority +authorityRevocationList;binary:< file:///etc/openssl/strongswan.crl +certificateRevocationList;binary:< file:///etc/openssl/strongswan.crl +cACertificate;binary:< file:///etc/openssl/strongswanCert.der + +dn: ou=Research, o=Linux strongSwan, c=CH +objectclass: organizationalUnit +ou: Research + +dn: cn=Research CA, ou=Research, o=Linux strongSwan, c=CH +objectClass: organizationalRole +cn: Research CA +objectClass: certificationAuthority +authorityRevocationList;binary:< file:///etc/openssl/research/research.crl +certificateRevocationList;binary:< file:///etc/openssl/research/research.crl +cACertificate;binary:< file:///etc/openssl/research/researchCert.der + +dn: ou=Sales, o=Linux strongSwan, c=CH +objectclass: organizationalUnit +ou: Sales + +dn: cn=Sales CA, ou=Sales, o=Linux strongSwan, c=CH +objectClass: organizationalRole +cn: Sales CA +objectClass: certificationAuthority +authorityRevocationList;binary:< file:///etc/openssl/sales/sales.crl +certificateRevocationList;binary:< file:///etc/openssl/sales/sales.crl +cACertificate;binary:< file:///etc/openssl/sales/salesCert.der + diff --git a/testing/hosts/winnetou/etc/openldap/slapd.conf b/testing/hosts/winnetou/etc/openldap/slapd.conf new file mode 100644 index 000000000..4558ee2e2 --- /dev/null +++ b/testing/hosts/winnetou/etc/openldap/slapd.conf @@ -0,0 +1,68 @@ +# +# See slapd.conf(5) for details on configuration options. +# This file should NOT be world readable. +# +include /etc/openldap/schema/core.schema + +# Define global ACLs to disable default read access. + +# Do not enable referrals until AFTER you have a working directory +# service AND an understanding of referrals. +#referral ldap://root.openldap.org + +pidfile /var/run/openldap/slapd.pid +argsfile /var/run/openldap/slapd.args + +# Load dynamic backend modules: +# modulepath /usr/lib/openldap/openldap +# moduleload back_bdb.la +# moduleload back_ldap.la +# moduleload back_ldbm.la +# moduleload back_passwd.la +# moduleload back_shell.la + +# Sample security restrictions +# Require integrity protection (prevent hijacking) +# Require 112-bit (3DES or better) encryption for updates +# Require 63-bit encryption for simple bind +# security ssf=1 update_ssf=112 simple_bind=64 + +# Sample access control policy: +# Root DSE: allow anyone to read it +# Subschema (sub)entry DSE: allow anyone to read it +# Other DSEs: +# Allow self write access +# Allow authenticated users read access +# Allow anonymous users to authenticate +# Directives needed to implement policy: +# access to dn.base="" by * read +# access to dn.base="cn=Subschema" by * read +# access to * +# by self write +# by users read +# by anonymous auth +# +# if no access controls are present, the default policy +# allows anyone and everyone to read anything but restricts +# updates to rootdn. (e.g., "access to * by * read") +# +# rootdn can always read and write EVERYTHING! + +####################################################################### +# BDB database definitions +####################################################################### + +database bdb +checkpoint 32 30 # <kbyte> <min> +suffix "o=Linux strongSwan,c=CH" +rootdn "cn=Manager,o=Linux strongSwan,c=CH" +# Cleartext passwords, especially for the rootdn, should +# be avoid. See slappasswd(8) and slapd.conf(5) for details. +# Use of strong authentication encouraged. +rootpw tuxmux +# The database directory MUST exist prior to running slapd AND +# should only be accessible by the slapd and slap tools. +# Mode 700 recommended. +directory /var/lib/openldap-data +# Indices to maintain +index objectClass eq |