1. Zhang Huangbin
  2. iredmail


iredmail / iRedMail / samples / ldapd.conf

schema "/etc/ldap/core.schema"
schema "/etc/ldap/inetorgperson.schema"
schema "/etc/ldap/nis.schema"
schema "/etc/ldap/amavisd.schema"
schema "/etc/ldap/iredmail.schema"

listen on lo0 secure
#listen on secure
listen on "/var/run/ldapi"

namespace "PH_LDAP_SUFFIX" {
    rootdn  "PH_LDAP_ROOTDN"
    rootpw  "PH_LDAP_ROOTPW"

    index   objectClass
    index   accountStatus

    index   sn
    index   givenName
    index   cn
    index   mail
    index   uid
    index   shadowLastChange
    index   userSenderBccAddress
    index   userRecipientBccAddress

    index   domainName
    index   domainAliasName
    index   domainAdmin
    index   domainGlobalAdmin
    index   domainBackupMX
    index   domainSenderBccAddress
    index   domainRecipientBccAddress

    index   accessPolicy
    index   memberOfGroup

    # Access policies
    # Deny by default.
    deny read,write access to subtree root by any

    # Update by self
    allow write access to subtree root by self

    # Read all mail accounts
    allow read access to subtree "PH_LDAP_BASEDN" by "PH_LDAP_BINDDN"

    # Allow to manage (read+write) mail accounts
    allow read,write access to subtree "PH_LDAP_BASEDN" by "PH_LDAP_ADMIN_DN"
    allow read,write access to subtree "PH_LDAP_ADMIN_BASEDN" by "PH_LDAP_ADMIN_DN"