slapd Exited with Exit code: 1 main: TLS init def ctx failed: -1 Open LDAP
After enabling the SSL in the Server Admin panel under Open Directory / LDAP My openLDAP will not start. Any help you could give me would be greatly appreciated!
Every 10 seconds the log file updates with:
Jan 31 21:48:26: --- last message repeated 4 times ---
Jan 31 21:48:26 home slapd[1338]: main: TLS init def ctx failed: -1
Jan 31 21:48:26 home slapd[1338]: slapd stopped.
Jan 31 21:48:26 home slapd[1338]: connections_destroy: nothing to destroy.
Jan 31 21:48:36 home slapd[1343]: @(#) $OpenLDAP: slapd 2.3.27 (Oct 4 2007 23:24:38) $
Jan 31 21:48:36 home slapd[1343]: overlay_config(): warning, overlay "dynid" already in list
and in the console log:
1/31/08 9:48:46 PM com.apple.launchd[1] (org.openldap.slapd[1356]) Exited with exit code: 1
I've tried to disable SSL to see if that helps, but, it seems as though even if I uncheck the use SSL box the slapd still will not start. I have also tried editing the ldap.conf and commenting out the
#TLS_REQCERT demand
My ldap.conf file is as per:
#
# LDAP Defaults
#
# See ldap.conf(5) for details
# This file should be world readable but not world writable.
#BASE dc=example, dc=com
#URI ldap://ldap.example.com ldap://ldap-master.example.com:666
#SIZELIMIT 12
#TIMELIMIT 15
#DEREF never
#TLS_REQCERT demand
and my slapd_macosxserver.conf
# See slapd.conf(5) for details on configuration options.
# This file should NOT be world readable.
# This file is maintained by Server Admin.
allow update_anon
#######################################################################
# config database definitions
#######################################################################
database config
rootpw {SMD5}rddHtHIDi0mRFAo01222TvztzY0=
access to *
by set="user/uid & [cn=admin,cn=groups,dc=home,dc=ryanwilson,dc=com]/memberUid" write
by dn.exact="cn=home.ryanwilson.com$,cn=computers,dc=home,dc=ryanwilson,dc=com" write
by sockurl="ldapi://%2Fvar%2Frun%2Fldapi" write
by * read
#######################################################################
# bdb database definitions
#######################################################################
database bdb
suffix "dc=home,dc=ryanwilson,dc=com"
rootdn "uid=root,cn=users,dc=home,dc=ryanwilson,dc=com"
rootpw {SMD5}rddHtHIDi0mRFAo01222TvztzY0=
access to dn.onelevel="cn=users,dc=home,dc=ryanwilson,dc=com" attrs=@apple-user-info
by self write
by set="user/uid & [cn=admin,cn=groups,dc=home,dc=ryanwilson,dc=com]/memberUid" write
by dn.exact="cn=home.ryanwilson.com$,cn=computers,dc=home,dc=ryanwilson,dc=com" write
by sockurl="ldapi://%2Fvar%2Frun%2Fldapi" write
by * read
access to dn.base="cn=resources,dc=home,dc=ryanwilson,dc=com" attrs=children
by set="user/uid & [cn=admin,cn=groups,dc=home,dc=ryanwilson,dc=com]/memberUid" write
by dn.exact="cn=home.ryanwilson.com$,cn=computers,dc=home,dc=ryanwilson,dc=com" write
by sockurl="ldapi://%2Fvar%2Frun%2Fldapi" write
by dynacl/idattr/OP:ADD.exact=USERS write
by dynacl/idattr/OP:DELETE.exact=OWNER write
by * read
access to dn.onelevel="cn=resources,dc=home,dc=ryanwilson,dc=com" attrs=entry
by set="user/uid & [cn=admin,cn=groups,dc=home,dc=ryanwilson,dc=com]/memberUid" write
by dn.exact="cn=home.ryanwilson.com$,cn=computers,dc=home,dc=ryanwilson,dc=com" write
by sockurl="ldapi://%2Fvar%2Frun%2Fldapi" write
by dnattr=creatorsName write
by dynacl/idattr.exact=OWNER write
by * read
access to dn.onelevel="cn=resources,dc=home,dc=ryanwilson,dc=com" attrs=@apple-resource
by set="user/uid & [cn=admin,cn=groups,dc=home,dc=ryanwilson,dc=com]/memberUid" write
by dn.exact="cn=home.ryanwilson.com$,cn=computers,dc=home,dc=ryanwilson,dc=com" write
by sockurl="ldapi://%2Fvar%2Frun%2Fldapi" write
by dynacl/idattr.exact=OWNER write
by * read
access to dn.base="cn=places,dc=home,dc=ryanwilson,dc=com" attrs=children
by set="user/uid & [cn=admin,cn=groups,dc=home,dc=ryanwilson,dc=com]/memberUid" write
by dn.exact="cn=home.ryanwilson.com$,cn=computers,dc=home,dc=ryanwilson,dc=com" write
by sockurl="ldapi://%2Fvar%2Frun%2Fldapi" write
by dynacl/idattr/OP:ADD.exact=USERS write
by dynacl/idattr/OP:DELETE.exact=OWNER write
by * read
access to dn.onelevel="cn=places,dc=home,dc=ryanwilson,dc=com" attrs=entry
by set="user/uid & [cn=admin,cn=groups,dc=home,dc=ryanwilson,dc=com]/memberUid" write
by dn.exact="cn=home.ryanwilson.com$,cn=computers,dc=home,dc=ryanwilson,dc=com" write
by sockurl="ldapi://%2Fvar%2Frun%2Fldapi" write
by dnattr=creatorsName write
by dynacl/idattr.exact=OWNER write
by * read
access to dn.onelevel="cn=places,dc=home,dc=ryanwilson,dc=com" attrs=@apple-resource
by set="user/uid & [cn=admin,cn=groups,dc=home,dc=ryanwilson,dc=com]/memberUid" write
by dn.exact="cn=home.ryanwilson.com$,cn=computers,dc=home,dc=ryanwilson,dc=com" write
by sockurl="ldapi://%2Fvar%2Frun%2Fldapi" write
by dynacl/idattr.exact=OWNER write
by * read
access to dn.base="cn=maps,dc=home,dc=ryanwilson,dc=com" attrs=children
by set="user/uid & [cn=admin,cn=groups,dc=home,dc=ryanwilson,dc=com]/memberUid" write
by dn.exact="cn=home.ryanwilson.com$,cn=computers,dc=home,dc=ryanwilson,dc=com" write
by sockurl="ldapi://%2Fvar%2Frun%2Fldapi" write
by dynacl/idattr/OP:ADD.exact=USERS write
by dynacl/idattr/OP:DELETE.exact=OWNER write
by * read
access to dn.onelevel="cn=maps,dc=home,dc=ryanwilson,dc=com" attrs=entry
by set="user/uid & [cn=admin,cn=groups,dc=home,dc=ryanwilson,dc=com]/memberUid" write
by dn.exact="cn=home.ryanwilson.com$,cn=computers,dc=home,dc=ryanwilson,dc=com" write
by sockurl="ldapi://%2Fvar%2Frun%2Fldapi" write
by dnattr=creatorsName write
by dynacl/idattr.exact=OWNER write
by * read
access to dn.onelevel="cn=maps,dc=home,dc=ryanwilson,dc=com" attrs=@apple-resource
by set="user/uid & [cn=admin,cn=groups,dc=home,dc=ryanwilson,dc=com]/memberUid" write
by dn.exact="cn=home.ryanwilson.com$,cn=computers,dc=home,dc=ryanwilson,dc=com" write
by sockurl="ldapi://%2Fvar%2Frun%2Fldapi" write
by dynacl/idattr.exact=OWNER write
by * read
access to dn.base="cn=people,dc=home,dc=ryanwilson,dc=com" attrs=children
by set="user/uid & [cn=admin,cn=groups,dc=home,dc=ryanwilson,dc=com]/memberUid" write
by dn.exact="cn=home.ryanwilson.com$,cn=computers,dc=home,dc=ryanwilson,dc=com" write
by sockurl="ldapi://%2Fvar%2Frun%2Fldapi" write
by dynacl/idattr/OP:ADD.exact=USERS write
by dynacl/idattr/OP:DELETE.exact=OWNER write
by * read
access to dn.onelevel="cn=people,dc=home,dc=ryanwilson,dc=com" attrs=entry
by set="user/uid & [cn=admin,cn=groups,dc=home,dc=ryanwilson,dc=com]/memberUid" write
by dn.exact="cn=home.ryanwilson.com$,cn=computers,dc=home,dc=ryanwilson,dc=com" write
by sockurl="ldapi://%2Fvar%2Frun%2Fldapi" write
by dnattr=creatorsName write
by dynacl/idattr.exact=OWNER write
by * read
access to dn.onelevel="cn=people,dc=home,dc=ryanwilson,dc=com" attrs=@extensibleObject
by set="user/uid & [cn=admin,cn=groups,dc=home,dc=ryanwilson,dc=com]/memberUid" write
by dn.exact="cn=home.ryanwilson.com$,cn=computers,dc=home,dc=ryanwilson,dc=com" write
by sockurl="ldapi://%2Fvar%2Frun%2Fldapi" write
by dynacl/idattr.exact=OWNER write
by * read
access to dn.onelevel="cn=computers,dc=home,dc=ryanwilson,dc=com" attrs=apple-serviceinfo,apple-serviceslocator,apple-keyword
by self write
by set="user/uid & [cn=admin,cn=groups,dc=home,dc=ryanwilson,dc=com]/memberUid" write
by dn.exact="cn=home.ryanwilson.com$,cn=computers,dc=home,dc=ryanwilson,dc=com" write
by sockurl="ldapi://%2Fvar%2Frun%2Fldapi" write
by * read
access to dn.onelevel="cn=computers,dc=home,dc=ryanwilson,dc=com" attrs=entry,apple-realname,description,macAddress,authAuthority,userPassword
by set="user/uid & [cn=admin,cn=groups,dc=home,dc=ryanwilson,dc=com]/memberUid" write
by dn.exact="cn=home.ryanwilson.com$,cn=computers,dc=home,dc=ryanwilson,dc=com" write
by sockurl="ldapi://%2Fvar%2Frun%2Fldapi" write
by dnattr=creatorsName write
by * read
access to dn.base="cn=computers,dc=home,dc=ryanwilson,dc=com" attrs=children
by set="user/uid & [cn=admin,cn=groups,dc=home,dc=ryanwilson,dc=com]/memberUid" write
by dn.exact="cn=home.ryanwilson.com$,cn=computers,dc=home,dc=ryanwilson,dc=com" write
by sockurl="ldapi://%2Fvar%2Frun%2Fldapi" write
by dynacl/idattr/OP:ADD.exact=USERS write
by * read
access to dn.base="cn=groups,dc=home,dc=ryanwilson,dc=com" attrs=children
by set="user/uid & [cn=admin,cn=groups,dc=home,dc=ryanwilson,dc=com]/memberUid" write
by dn.exact="cn=home.ryanwilson.com$,cn=computers,dc=home,dc=ryanwilson,dc=com" write
by sockurl="ldapi://%2Fvar%2Frun%2Fldapi" write
by dynacl/idattr/OP:ADD.exact=USERS write
by dynacl/idattr/OP:DELETE.exact=OWNER write
by * read
access to dn.onelevel="cn=groups,dc=home,dc=ryanwilson,dc=com" attrs=entry
by set="user/uid & [cn=admin,cn=groups,dc=home,dc=ryanwilson,dc=com]/memberUid" write
by dn.exact="cn=home.ryanwilson.com$,cn=computers,dc=home,dc=ryanwilson,dc=com" write
by sockurl="ldapi://%2Fvar%2Frun%2Fldapi" write
by dnattr=creatorsName write
by dynacl/idattr.exact=OWNER write
by * read
access to dn.onelevel="cn=groups,dc=home,dc=ryanwilson,dc=com" attrs=apple-group-nestedgroup,apple-group-realname,description,apple-serviceslo cator,apple-user-picture,apple-group-services,apple-contactguid,apple-ownerguid, jpegPhoto,labeledURI,apple-selfwrite
by set="user/uid & [cn=admin,cn=groups,dc=home,dc=ryanwilson,dc=com]/memberUid" write
by dn.exact="cn=home.ryanwilson.com$,cn=computers,dc=home,dc=ryanwilson,dc=com" write
by sockurl="ldapi://%2Fvar%2Frun%2Fldapi" write
by dynacl/idattr.exact=OWNER write
by * read
access to dn.onelevel="cn=groups,dc=home,dc=ryanwilson,dc=com" attrs=apple-group-memberguid
by set="user/uid & [cn=admin,cn=groups,dc=home,dc=ryanwilson,dc=com]/memberUid" write
by dn.exact="cn=home.ryanwilson.com$,cn=computers,dc=home,dc=ryanwilson,dc=com" write
by sockurl="ldapi://%2Fvar%2Frun%2Fldapi" write
by dynacl/idattr.exact=OWNER write
by dynacl/idattr/BOOLATTR:apple-selfwrite;SELFATTR:apple-generateduid.exact=SELFWR ITE write
by * read
access to dn.onelevel="cn=groups,dc=home,dc=ryanwilson,dc=com" attrs=memberUid
by set="user/uid & [cn=admin,cn=groups,dc=home,dc=ryanwilson,dc=com]/memberUid" write
by dn.exact="cn=home.ryanwilson.com$,cn=computers,dc=home,dc=ryanwilson,dc=com" write
by sockurl="ldapi://%2Fvar%2Frun%2Fldapi" write
by dynacl/idattr.exact=OWNER write
by dynacl/idattr/BOOLATTR:apple-selfwrite;SELFATTR:uid.exact=SELFWRITE write
by * read
access to *
by set="user/uid & [cn=admin,cn=groups,dc=home,dc=ryanwilson,dc=com]/memberUid" write
by dn.exact="cn=home.ryanwilson.com$,cn=computers,dc=home,dc=ryanwilson,dc=com" write
by sockurl="ldapi://%2Fvar%2Frun%2Fldapi" write
by * read
sasl-regexp
uid=host/(. ),cn=.,cn=gssapi,cn=auth
"uid=$1,cn=computers,dc=home,dc=ryanwilson,dc=com"
sasl-regexp
uid=(. [$]),cn=.,cn=auth
"cn=$1,cn=computers,dc=home,dc=ryanwilson,dc=com"
sasl-regexp
uid=(. ),cn=.*,cn=.,cn=auth
"uid=$1,cn=users,dc=home,dc=ryanwilson,dc=com"
sasl-regexp
uid=(. ),cn=.,cn=auth
"uid=$1,cn=users,dc=home,dc=ryanwilson,dc=com"
# use crypt passwords to support older clients
password-hash {CRYPT}
password-crypt-salt-format "%.2s"
# The database directory MUST exist prior to running slapd AND
# should only be accessible by the slapd/tools. Mode 700 recommended.
directory /var/db/openldap/openldap-data
# checkpoint the database every 10MB of logging and every 1 hour
checkpoint 10240 60
# Indices to maintain
index cn,sn,uid,apple-serviceslocator pres,eq,approx,sub
index uidNumber,gidNumber eq
index memberUid eq
index sambaSID,rid eq
index sambaPrimaryGroupSID eq
index apple-generateduid eq
index ou eq
index apple-group-realname eq
index macAddress eq
index apple-category eq
index apple-computers eq
index apple-networkview eq
index apple-group-memberguid eq
index apple-group-nestedgroup eq
index objectClass eq
timelimit 60
idletimeout 300
cachesize 20000
idlcachesize 10000
Every 10 seconds the log file updates with:
Jan 31 21:48:26: --- last message repeated 4 times ---
Jan 31 21:48:26 home slapd[1338]: main: TLS init def ctx failed: -1
Jan 31 21:48:26 home slapd[1338]: slapd stopped.
Jan 31 21:48:26 home slapd[1338]: connections_destroy: nothing to destroy.
Jan 31 21:48:36 home slapd[1343]: @(#) $OpenLDAP: slapd 2.3.27 (Oct 4 2007 23:24:38) $
Jan 31 21:48:36 home slapd[1343]: overlay_config(): warning, overlay "dynid" already in list
and in the console log:
1/31/08 9:48:46 PM com.apple.launchd[1] (org.openldap.slapd[1356]) Exited with exit code: 1
I've tried to disable SSL to see if that helps, but, it seems as though even if I uncheck the use SSL box the slapd still will not start. I have also tried editing the ldap.conf and commenting out the
#TLS_REQCERT demand
My ldap.conf file is as per:
#
# LDAP Defaults
#
# See ldap.conf(5) for details
# This file should be world readable but not world writable.
#BASE dc=example, dc=com
#URI ldap://ldap.example.com ldap://ldap-master.example.com:666
#SIZELIMIT 12
#TIMELIMIT 15
#DEREF never
#TLS_REQCERT demand
and my slapd_macosxserver.conf
# See slapd.conf(5) for details on configuration options.
# This file should NOT be world readable.
# This file is maintained by Server Admin.
allow update_anon
#######################################################################
# config database definitions
#######################################################################
database config
rootpw {SMD5}rddHtHIDi0mRFAo01222TvztzY0=
access to *
by set="user/uid & [cn=admin,cn=groups,dc=home,dc=ryanwilson,dc=com]/memberUid" write
by dn.exact="cn=home.ryanwilson.com$,cn=computers,dc=home,dc=ryanwilson,dc=com" write
by sockurl="ldapi://%2Fvar%2Frun%2Fldapi" write
by * read
#######################################################################
# bdb database definitions
#######################################################################
database bdb
suffix "dc=home,dc=ryanwilson,dc=com"
rootdn "uid=root,cn=users,dc=home,dc=ryanwilson,dc=com"
rootpw {SMD5}rddHtHIDi0mRFAo01222TvztzY0=
access to dn.onelevel="cn=users,dc=home,dc=ryanwilson,dc=com" attrs=@apple-user-info
by self write
by set="user/uid & [cn=admin,cn=groups,dc=home,dc=ryanwilson,dc=com]/memberUid" write
by dn.exact="cn=home.ryanwilson.com$,cn=computers,dc=home,dc=ryanwilson,dc=com" write
by sockurl="ldapi://%2Fvar%2Frun%2Fldapi" write
by * read
access to dn.base="cn=resources,dc=home,dc=ryanwilson,dc=com" attrs=children
by set="user/uid & [cn=admin,cn=groups,dc=home,dc=ryanwilson,dc=com]/memberUid" write
by dn.exact="cn=home.ryanwilson.com$,cn=computers,dc=home,dc=ryanwilson,dc=com" write
by sockurl="ldapi://%2Fvar%2Frun%2Fldapi" write
by dynacl/idattr/OP:ADD.exact=USERS write
by dynacl/idattr/OP:DELETE.exact=OWNER write
by * read
access to dn.onelevel="cn=resources,dc=home,dc=ryanwilson,dc=com" attrs=entry
by set="user/uid & [cn=admin,cn=groups,dc=home,dc=ryanwilson,dc=com]/memberUid" write
by dn.exact="cn=home.ryanwilson.com$,cn=computers,dc=home,dc=ryanwilson,dc=com" write
by sockurl="ldapi://%2Fvar%2Frun%2Fldapi" write
by dnattr=creatorsName write
by dynacl/idattr.exact=OWNER write
by * read
access to dn.onelevel="cn=resources,dc=home,dc=ryanwilson,dc=com" attrs=@apple-resource
by set="user/uid & [cn=admin,cn=groups,dc=home,dc=ryanwilson,dc=com]/memberUid" write
by dn.exact="cn=home.ryanwilson.com$,cn=computers,dc=home,dc=ryanwilson,dc=com" write
by sockurl="ldapi://%2Fvar%2Frun%2Fldapi" write
by dynacl/idattr.exact=OWNER write
by * read
access to dn.base="cn=places,dc=home,dc=ryanwilson,dc=com" attrs=children
by set="user/uid & [cn=admin,cn=groups,dc=home,dc=ryanwilson,dc=com]/memberUid" write
by dn.exact="cn=home.ryanwilson.com$,cn=computers,dc=home,dc=ryanwilson,dc=com" write
by sockurl="ldapi://%2Fvar%2Frun%2Fldapi" write
by dynacl/idattr/OP:ADD.exact=USERS write
by dynacl/idattr/OP:DELETE.exact=OWNER write
by * read
access to dn.onelevel="cn=places,dc=home,dc=ryanwilson,dc=com" attrs=entry
by set="user/uid & [cn=admin,cn=groups,dc=home,dc=ryanwilson,dc=com]/memberUid" write
by dn.exact="cn=home.ryanwilson.com$,cn=computers,dc=home,dc=ryanwilson,dc=com" write
by sockurl="ldapi://%2Fvar%2Frun%2Fldapi" write
by dnattr=creatorsName write
by dynacl/idattr.exact=OWNER write
by * read
access to dn.onelevel="cn=places,dc=home,dc=ryanwilson,dc=com" attrs=@apple-resource
by set="user/uid & [cn=admin,cn=groups,dc=home,dc=ryanwilson,dc=com]/memberUid" write
by dn.exact="cn=home.ryanwilson.com$,cn=computers,dc=home,dc=ryanwilson,dc=com" write
by sockurl="ldapi://%2Fvar%2Frun%2Fldapi" write
by dynacl/idattr.exact=OWNER write
by * read
access to dn.base="cn=maps,dc=home,dc=ryanwilson,dc=com" attrs=children
by set="user/uid & [cn=admin,cn=groups,dc=home,dc=ryanwilson,dc=com]/memberUid" write
by dn.exact="cn=home.ryanwilson.com$,cn=computers,dc=home,dc=ryanwilson,dc=com" write
by sockurl="ldapi://%2Fvar%2Frun%2Fldapi" write
by dynacl/idattr/OP:ADD.exact=USERS write
by dynacl/idattr/OP:DELETE.exact=OWNER write
by * read
access to dn.onelevel="cn=maps,dc=home,dc=ryanwilson,dc=com" attrs=entry
by set="user/uid & [cn=admin,cn=groups,dc=home,dc=ryanwilson,dc=com]/memberUid" write
by dn.exact="cn=home.ryanwilson.com$,cn=computers,dc=home,dc=ryanwilson,dc=com" write
by sockurl="ldapi://%2Fvar%2Frun%2Fldapi" write
by dnattr=creatorsName write
by dynacl/idattr.exact=OWNER write
by * read
access to dn.onelevel="cn=maps,dc=home,dc=ryanwilson,dc=com" attrs=@apple-resource
by set="user/uid & [cn=admin,cn=groups,dc=home,dc=ryanwilson,dc=com]/memberUid" write
by dn.exact="cn=home.ryanwilson.com$,cn=computers,dc=home,dc=ryanwilson,dc=com" write
by sockurl="ldapi://%2Fvar%2Frun%2Fldapi" write
by dynacl/idattr.exact=OWNER write
by * read
access to dn.base="cn=people,dc=home,dc=ryanwilson,dc=com" attrs=children
by set="user/uid & [cn=admin,cn=groups,dc=home,dc=ryanwilson,dc=com]/memberUid" write
by dn.exact="cn=home.ryanwilson.com$,cn=computers,dc=home,dc=ryanwilson,dc=com" write
by sockurl="ldapi://%2Fvar%2Frun%2Fldapi" write
by dynacl/idattr/OP:ADD.exact=USERS write
by dynacl/idattr/OP:DELETE.exact=OWNER write
by * read
access to dn.onelevel="cn=people,dc=home,dc=ryanwilson,dc=com" attrs=entry
by set="user/uid & [cn=admin,cn=groups,dc=home,dc=ryanwilson,dc=com]/memberUid" write
by dn.exact="cn=home.ryanwilson.com$,cn=computers,dc=home,dc=ryanwilson,dc=com" write
by sockurl="ldapi://%2Fvar%2Frun%2Fldapi" write
by dnattr=creatorsName write
by dynacl/idattr.exact=OWNER write
by * read
access to dn.onelevel="cn=people,dc=home,dc=ryanwilson,dc=com" attrs=@extensibleObject
by set="user/uid & [cn=admin,cn=groups,dc=home,dc=ryanwilson,dc=com]/memberUid" write
by dn.exact="cn=home.ryanwilson.com$,cn=computers,dc=home,dc=ryanwilson,dc=com" write
by sockurl="ldapi://%2Fvar%2Frun%2Fldapi" write
by dynacl/idattr.exact=OWNER write
by * read
access to dn.onelevel="cn=computers,dc=home,dc=ryanwilson,dc=com" attrs=apple-serviceinfo,apple-serviceslocator,apple-keyword
by self write
by set="user/uid & [cn=admin,cn=groups,dc=home,dc=ryanwilson,dc=com]/memberUid" write
by dn.exact="cn=home.ryanwilson.com$,cn=computers,dc=home,dc=ryanwilson,dc=com" write
by sockurl="ldapi://%2Fvar%2Frun%2Fldapi" write
by * read
access to dn.onelevel="cn=computers,dc=home,dc=ryanwilson,dc=com" attrs=entry,apple-realname,description,macAddress,authAuthority,userPassword
by set="user/uid & [cn=admin,cn=groups,dc=home,dc=ryanwilson,dc=com]/memberUid" write
by dn.exact="cn=home.ryanwilson.com$,cn=computers,dc=home,dc=ryanwilson,dc=com" write
by sockurl="ldapi://%2Fvar%2Frun%2Fldapi" write
by dnattr=creatorsName write
by * read
access to dn.base="cn=computers,dc=home,dc=ryanwilson,dc=com" attrs=children
by set="user/uid & [cn=admin,cn=groups,dc=home,dc=ryanwilson,dc=com]/memberUid" write
by dn.exact="cn=home.ryanwilson.com$,cn=computers,dc=home,dc=ryanwilson,dc=com" write
by sockurl="ldapi://%2Fvar%2Frun%2Fldapi" write
by dynacl/idattr/OP:ADD.exact=USERS write
by * read
access to dn.base="cn=groups,dc=home,dc=ryanwilson,dc=com" attrs=children
by set="user/uid & [cn=admin,cn=groups,dc=home,dc=ryanwilson,dc=com]/memberUid" write
by dn.exact="cn=home.ryanwilson.com$,cn=computers,dc=home,dc=ryanwilson,dc=com" write
by sockurl="ldapi://%2Fvar%2Frun%2Fldapi" write
by dynacl/idattr/OP:ADD.exact=USERS write
by dynacl/idattr/OP:DELETE.exact=OWNER write
by * read
access to dn.onelevel="cn=groups,dc=home,dc=ryanwilson,dc=com" attrs=entry
by set="user/uid & [cn=admin,cn=groups,dc=home,dc=ryanwilson,dc=com]/memberUid" write
by dn.exact="cn=home.ryanwilson.com$,cn=computers,dc=home,dc=ryanwilson,dc=com" write
by sockurl="ldapi://%2Fvar%2Frun%2Fldapi" write
by dnattr=creatorsName write
by dynacl/idattr.exact=OWNER write
by * read
access to dn.onelevel="cn=groups,dc=home,dc=ryanwilson,dc=com" attrs=apple-group-nestedgroup,apple-group-realname,description,apple-serviceslo cator,apple-user-picture,apple-group-services,apple-contactguid,apple-ownerguid, jpegPhoto,labeledURI,apple-selfwrite
by set="user/uid & [cn=admin,cn=groups,dc=home,dc=ryanwilson,dc=com]/memberUid" write
by dn.exact="cn=home.ryanwilson.com$,cn=computers,dc=home,dc=ryanwilson,dc=com" write
by sockurl="ldapi://%2Fvar%2Frun%2Fldapi" write
by dynacl/idattr.exact=OWNER write
by * read
access to dn.onelevel="cn=groups,dc=home,dc=ryanwilson,dc=com" attrs=apple-group-memberguid
by set="user/uid & [cn=admin,cn=groups,dc=home,dc=ryanwilson,dc=com]/memberUid" write
by dn.exact="cn=home.ryanwilson.com$,cn=computers,dc=home,dc=ryanwilson,dc=com" write
by sockurl="ldapi://%2Fvar%2Frun%2Fldapi" write
by dynacl/idattr.exact=OWNER write
by dynacl/idattr/BOOLATTR:apple-selfwrite;SELFATTR:apple-generateduid.exact=SELFWR ITE write
by * read
access to dn.onelevel="cn=groups,dc=home,dc=ryanwilson,dc=com" attrs=memberUid
by set="user/uid & [cn=admin,cn=groups,dc=home,dc=ryanwilson,dc=com]/memberUid" write
by dn.exact="cn=home.ryanwilson.com$,cn=computers,dc=home,dc=ryanwilson,dc=com" write
by sockurl="ldapi://%2Fvar%2Frun%2Fldapi" write
by dynacl/idattr.exact=OWNER write
by dynacl/idattr/BOOLATTR:apple-selfwrite;SELFATTR:uid.exact=SELFWRITE write
by * read
access to *
by set="user/uid & [cn=admin,cn=groups,dc=home,dc=ryanwilson,dc=com]/memberUid" write
by dn.exact="cn=home.ryanwilson.com$,cn=computers,dc=home,dc=ryanwilson,dc=com" write
by sockurl="ldapi://%2Fvar%2Frun%2Fldapi" write
by * read
sasl-regexp
uid=host/(. ),cn=.,cn=gssapi,cn=auth
"uid=$1,cn=computers,dc=home,dc=ryanwilson,dc=com"
sasl-regexp
uid=(. [$]),cn=.,cn=auth
"cn=$1,cn=computers,dc=home,dc=ryanwilson,dc=com"
sasl-regexp
uid=(. ),cn=.*,cn=.,cn=auth
"uid=$1,cn=users,dc=home,dc=ryanwilson,dc=com"
sasl-regexp
uid=(. ),cn=.,cn=auth
"uid=$1,cn=users,dc=home,dc=ryanwilson,dc=com"
# use crypt passwords to support older clients
password-hash {CRYPT}
password-crypt-salt-format "%.2s"
# The database directory MUST exist prior to running slapd AND
# should only be accessible by the slapd/tools. Mode 700 recommended.
directory /var/db/openldap/openldap-data
# checkpoint the database every 10MB of logging and every 1 hour
checkpoint 10240 60
# Indices to maintain
index cn,sn,uid,apple-serviceslocator pres,eq,approx,sub
index uidNumber,gidNumber eq
index memberUid eq
index sambaSID,rid eq
index sambaPrimaryGroupSID eq
index apple-generateduid eq
index ou eq
index apple-group-realname eq
index macAddress eq
index apple-category eq
index apple-computers eq
index apple-networkview eq
index apple-group-memberguid eq
index apple-group-nestedgroup eq
index objectClass eq
timelimit 60
idletimeout 300
cachesize 20000
idlcachesize 10000
macpro, Mac OS X (10.5.1)