Skip to content
Permalink
Browse files
remove extraneous acl, add a few indexes, adjust loglevel
  • Loading branch information
shawnmckinney committed Jan 6, 2022
1 parent c6aab63 commit 82a78af1aa1eee44fbc8ebddd27698e47f0bc8a5
Showing 2 changed files with 6 additions and 7 deletions.
@@ -71,7 +71,8 @@ database @DB_TYPE@
suffix "@LOG_SUFFIX@"
rootdn "@LOG_ROOT_DN@"
rootpw "@LOG_ROOT_PW@"
index objectClass,reqDN,reqAuthzID,reqStart,reqAttr eq
index objectClass,reqDN,reqAuthzID,reqStart,reqAttr eq
index reqMod,reqResult eq
directory "@HISTORY_DB_PATH@"
access to *
by dn.base="@LOG_ROOT_DN@" write
@@ -98,6 +99,7 @@ rootpw "@ROOT_PW@"
index uidNumber,gidNumber,objectclass eq
index cn,sn,ftObjNm,ftOpNm,ftRoleName,uid,ou eq,sub
index ftId,ftPermName,ftRoles,ftUsers,ftRA,ftARA eq
index ftPASet,ftRC,ftSetName eq
index roleOccupant eq

directory "@DEFAULT_DB_PATH@"
@@ -30,7 +30,7 @@ disallow bind_anon
idletimeout 0
sizelimit 5000
timelimit 60
loglevel stats
loglevel 32768
threads 4

pidfile /var/run/openldap/slapd.pid
@@ -63,12 +63,8 @@ suffix "cn=log"
rootdn "cn=Manager,cn=log"
rootpw "{SSHA}pSOV2TpCxj2NMACijkcMko4fGrFopctU"
index objectClass,reqDN,reqAuthzID,reqStart,reqAttr eq
index reqMod,reqResult eq
directory "/var/symas/openldap-data/cn=log"
# Accesslog is readable by replicator and fortress:
access to dn.subtree="cn=log"
by dn.exact="cn=replicator,dc=admin,dc=example,dc=com" read
by dn.exact="cn=fortress-admin,dc=admin,dc=example,dc=com" read
by * break
dbnosync
checkpoint 0 5

@@ -90,6 +86,7 @@ rootpw "{SSHA}pSOV2TpCxj2NMACijkcMko4fGrFopctU"
index uidNumber,gidNumber,objectclass eq
index cn,sn,ftObjNm,ftOpNm,ftRoleName,uid,ou eq,sub
index ftId,ftPermName,ftRoles,ftUsers,ftRA,ftARA eq
index ftPASet,ftRC,ftSetName eq
index roleOccupant eq

# Helps with large group memberships:

0 comments on commit 82a78af

Please sign in to comment.