summaryrefslogtreecommitdiffstats
path: root/roles/common-LDAP/templates
diff options
context:
space:
mode:
Diffstat (limited to 'roles/common-LDAP/templates')
-rw-r--r--roles/common-LDAP/templates/etc/ldap/database.ldif.j236
1 files changed, 9 insertions, 27 deletions
diff --git a/roles/common-LDAP/templates/etc/ldap/database.ldif.j2 b/roles/common-LDAP/templates/etc/ldap/database.ldif.j2
index b97201c..cf12f10 100644
--- a/roles/common-LDAP/templates/etc/ldap/database.ldif.j2
+++ b/roles/common-LDAP/templates/etc/ldap/database.ldif.j2
@@ -23,82 +23,64 @@ olcLastMod: TRUE
olcDbCheckpoint: 512 15
# Require LDAPv3 protocol and authentication prior to directory
# operations.
olcRequires: LDAPv3
# TODO: how 'olcAddContentAcl' affects the test suite?
olcAddContentAcl: TRUE
# The root user has all rights on the whole database (when SASL-binding
# on a UNIX socket).
olcRootDN: gidNumber=0+uidNumber=0,cn=peercred,cn=external,cn=auth
#
#
########################################################################
########################################################################
# Performance considerations
#
# To reindex an existing database, you have to
# * Stop slapd sudo service slapd stop
# * Reindex su openldap -c "slapindex -b 'o=mailHosting,dc=fripost,dc=org'"
# * Restart slapd sudo service slapd start
#
+#
+# On single- and dual-core systems, change the maximum number of threads
+# to 8. (The default, 16, is fine for 4- and 8-core systems.)
+#
+# dn: cn=config
+# changetype: modify
+# add: olcThreads
+# olcThreads: 8
+#
# References
# - https://wiki.zimbra.com/wiki/OpenLDAP_Performance_Tuning_5.0
# - http://www.openldap.org/doc/admin24/tuning.html
# - http://www.openldap.org/faq/data/cache/42.html
# - http://www.openldap.org/faq/data/cache/136.html
# - http://www.zytrax.com/books/ldap/apa/indeces.html
#
olcDbIndex: objectClass eq
# Let us make Postfix's life easier. TODO: only if MX, lists.f.o, MDA, etc.
olcDbIndex: fripostIsStatusActive,fvd,fvl,fripostLocalAlias eq
olcDbIndex: fripostOptionalMaildrop pres
# SyncProv/SyncRepl specific indexing.
olcDbIndex: entryCSN,entryUUID eq
#
#
-#
-# 1. On single- and dual-core systems, change the maximum number of
-# threads to 8. (The default, 16, is fine for 4- and 8-core systems.)
-#
-# dn: cn=config
-# changetype: modify
-# add: olcThreads
-# olcThreads: 8
-#
-#
-# 2. It may be a good idea to modify DB_CONFIG, depending on the output
-# of
-#
-# db_stat -mh /var/lib/ldap/fripost | head -16
-#
-# (For optimal performance, the Requested pages found in the cache
-# should be above 95%, and the dirty/clean pages forced from the cache
-# should be 0.)
-#
-# and
-#
-# db_stat -ch /var/lib/ldap/fripost | head -16
-#
-# (For optimal performance, usage should be within 85% of the configured
-# values.)
-#
-#
########################################################################
########################################################################
# Sync Replication
# TODO: replace the simple bind by Kerberos/GSSAPI
#
# References:
# - http://www.openldap.org/doc/admin24/replication.html#Syncrepl
# - http://www.zytrax.com/books/ldap/ch7/#ol-syncrepl-rap
#
{% if 'LDAP-provider' not in group_names %}
olcSyncrepl: rid=000
provider=ldap://{{ LDAP_provider }}
type=refreshAndPersist
retry="5 5 300 +"
searchbase="ou=virtual,o=mailHosting,dc=fripost,dc=org"
attrs=objectClass,fvd,fvl,fripostMaildrop,fripostOptionalMaildrop,fripostLocalAlias,fripostPostmaster,fripostOwner
scope=sub
schemachecking=off
bindmethod=simple
binddn="cn=Postfix,ou=services,o=mailHosting,dc=fripost,dc=org"
generated by cgit v1.2.3 (git 2.25.1) at 2025-09-20 20:27:02 +0000