[D-community-commits] r247 - in trunk/fai-config-dir: files/etc/ldap/slapd.conf scripts/LDAPSERVER
holger at alioth.debian.org
holger at alioth.debian.org
Mon Mar 10 13:39:33 UTC 2008
Author: holger
Date: 2008-03-10 13:39:32 +0000 (Mon, 10 Mar 2008)
New Revision: 247
Modified:
trunk/fai-config-dir/files/etc/ldap/slapd.conf/LDAPSERVER
trunk/fai-config-dir/scripts/LDAPSERVER/10-slapd
Log:
finish udldap setup
Modified: trunk/fai-config-dir/files/etc/ldap/slapd.conf/LDAPSERVER
===================================================================
--- trunk/fai-config-dir/files/etc/ldap/slapd.conf/LDAPSERVER 2008-03-10 13:31:38 UTC (rev 246)
+++ trunk/fai-config-dir/files/etc/ldap/slapd.conf/LDAPSERVER 2008-03-10 13:39:32 UTC (rev 247)
@@ -80,6 +80,9 @@
dbconfig set_lk_max_lockers 1500
# Indexing options for database #1
+index uid eq
+index keyfingerprint eq
+index cn,sn approx,sub,eq
index objectClass eq
# Save the time that the entry gets modified, for database #1
@@ -110,6 +113,36 @@
# happily.
access to dn.base="" by * read
+# Restrict reading/modification of the password to administration and self
+access to attrs=userpassword,sshrsaauthkey
+ by self write
+ by dn="uid=admin,ou=users,dc=debian-community,dc=org" write
+ by group="uid=admin,ou=users,dc=debian-community,dc=org" write
+ by * compare
+
+access to attrs=emailforward
+ by dn="uid=admin,ou=users,dc=debian-community,dc=org" write
+ by group="uid=admin,ou=users,dc=debian-community,dc=org" write
+ by self write
+ by addr=127.0.0.1 read
+ by domain=.*\.debian\.org read
+ by * none
+access to attrs=c,l,loginShell,ircNick
+ by dn="uid=admin,ou=users,dc=debian-community,dc=org" write
+ by group="uid=admin,ou=users,dc=debian-community,dc=org" write
+ by self write
+access to attrs=facsimileTelephoneNumber,telephoneNumber,postalAddress,postalC
+ode,loginShell,onvacation,privateSub,latitude,longitude
+ by dn="uid=admin,ou=users,dc=debian-community,dc=org" write
+ by group="uid=admin,ou=users,dc=debian-community,dc=org" write
+ by self write
+ by dn="uid=.*,ou=users,dc=debian-community,dc=org" read
+ by * none
+access to *
+ by dn="uid=admin,ou=users,dc=debian-community,dc=org" write
+ by group="uid=admin,ou=users,dc=debian-community,dc=org" write
+
+
# The admin dn has full write access, everyone else
# can read everything.
access to *
Modified: trunk/fai-config-dir/scripts/LDAPSERVER/10-slapd
===================================================================
--- trunk/fai-config-dir/scripts/LDAPSERVER/10-slapd 2008-03-10 13:31:38 UTC (rev 246)
+++ trunk/fai-config-dir/scripts/LDAPSERVER/10-slapd 2008-03-10 13:39:32 UTC (rev 247)
@@ -19,24 +19,31 @@
echo -n "Creating initial LDAP directory..."
TMPFILE=`mktemp`
cat > $TMPFILE <<- EOF
+dn: dc=org
+dc: net
+objectClass: top
+objectClass: domain
+
dn: dc=debian-community,dc=org
+dc: visi
objectClass: top
-objectClass: dcObject
-objectClass: organization
-o: debian-community
-dc: debian-community
+objectClass: domain
-dn: cn=admin,dc=debian-community,dc=org
-objectClass: simpleSecurityObject
-objectClass: organizationalRole
-cn: admin
-description: LDAP administrator
-userPassword: {crypt}DdkbhPPiiqExA
+dn: ou=users,dc=debian-community,dc=org
+ou: users
+objectClass: top
+objectClass: organizationalUnit
-dn: ou=People,dc=debian-community,dc=org
-ou: People
-objectClass: organizationalUnit
+dn: uid=admin,ou=users,dc=debian-community,dc=org
+uid: admin
+cn: LDAP administrator
objectClass: top
+objectClass: groupOfNames
+userPassword: {crypt}DdkbhPPiiqExA
+member: uid=jgg,ou=users,dc=debian-community,dc=org
+member: uid=joey,ou=users,dc=debian-community,dc=org
+member: uid=troup,ou=users,dc=debian-community,dc=org
+mail: holger at debian-community.org
EOF
cat $TMPFILE | $ROOTCMD slapadd
rm $TMPFILE
More information about the D-community-commits
mailing list