[D-community-commits] r251 - trunk/fai-config-dir/files/etc/ldap/slapd.conf
holger at alioth.debian.org
holger at alioth.debian.org
Mon Mar 10 14:04:02 UTC 2008
Author: holger
Date: 2008-03-10 14:04:01 +0000 (Mon, 10 Mar 2008)
New Revision: 251
Modified:
trunk/fai-config-dir/files/etc/ldap/slapd.conf/LDAPSERVER
Log:
more finetuning
Modified: trunk/fai-config-dir/files/etc/ldap/slapd.conf/LDAPSERVER
===================================================================
--- trunk/fai-config-dir/files/etc/ldap/slapd.conf/LDAPSERVER 2008-03-10 13:55:10 UTC (rev 250)
+++ trunk/fai-config-dir/files/etc/ldap/slapd.conf/LDAPSERVER 2008-03-10 14:04:01 UTC (rev 251)
@@ -98,11 +98,11 @@
# Others should not be able to see it, except the
# admin entry below
# These access lines apply to database #1 only
-access to attrs=userPassword,shadowLastChange
- by dn="cn=admin,dc=debian-community,dc=org" write
- by anonymous auth
- by self write
- by * none
+#access to attrs=userPassword,shadowLastChange
+# by dn="cn=admin,dc=debian-community,dc=org" write
+# by anonymous auth
+# by self write
+# by * none
# Ensure read access to the base for things like
# supportedSASLMechanisms. Without this you may
@@ -113,44 +113,38 @@
# are wont to do you'll still need this if you
# want SASL (and possible other things) to work
# happily.
-access to dn.base="" by * read
-# Restrict reading/modification of the password to administration and self
-access to attrs=userpassword,sshrsaauthkey
+access to attrs=userPassword,sshRSAAuthKey
by self write
- by dn="uid=admin,ou=users,dc=debian-community,dc=org" write
- by group="uid=admin,ou=users,dc=debian-community,dc=org" write
+ by dn="cn=LDAP Administrator,ou=users,dc=debian-community,dc=org" write
+ by group="cn=LDAP Administrator,ou=users,dc=debian-community,dc=org" write
by * compare
access to attrs=emailforward
- by dn="uid=admin,ou=users,dc=debian-community,dc=org" write
- by group="uid=admin,ou=users,dc=debian-community,dc=org" write
+ by dn="cn=LDAP Administrator,ou=users,dc=debian-community,dc=org" write
+ by group="cn=LDAP Administrator,ou=users,dc=debian-community,dc=org" write
by self write
- by addr=127.0.0.1 read
- by domain=.*\.debian\.org read
by * none
+
access to attrs=c,l,loginShell,ircNick
- by dn="uid=admin,ou=users,dc=debian-community,dc=org" write
- by group="uid=admin,ou=users,dc=debian-community,dc=org" write
+ by dn="cn=LDAP Administrator,ou=users,dc=debian-community,dc=org" write
+ by group="cn=LDAP Administrator,ou=users,dc=debian-community,dc=org" write
by self write
-access to attrs=facsimileTelephoneNumber,telephoneNumber,postalAddress,postalC
-ode,loginShell,onvacation,privateSub,latitude,longitude
- by dn="uid=admin,ou=users,dc=debian-community,dc=org" write
- by group="uid=admin,ou=users,dc=debian-community,dc=org" write
+
+access to attrs=facsimileTelephoneNumber,telephoneNumber,postalAddress,postalCode,loginShell,onvacation,privateSub,latitude,longitude,icqUin,jabberjid,labeledURI,gender,birthDate,mailDisableMessage,mailCallout,mailGreylisting,mailRBL,mailRHSBL,mailWhitelist
+ by dn="cn=LDAP Administrator,ou=users,dc=debian-community,dc=org" write
+ by group="cn=LDAP Administrator,ou=users,dc=debian-community,dc=org" write
by self write
by dn="uid=.*,ou=users,dc=debian-community,dc=org" read
by * none
-access to *
- by dn="uid=admin,ou=users,dc=debian-community,dc=org" write
- by group="uid=admin,ou=users,dc=debian-community,dc=org" write
-
-# The admin dn has full write access, everyone else
-# can read everything.
access to *
- by dn="cn=admin,dc=debian-community,dc=org" write
+ by dn="cn=LDAP Administrator,ou=users,dc=debian-community,dc=org" write
+ by group="cn=LDAP Administrator,ou=users,dc=debian-community,dc=org" write
by * read
+access to dn.base="" by * read
+
# For Netscape Roaming support, each user gets a roaming
# profile for which they have write access to
#access to dn=".*,ou=Roaming,o=morsnet"
More information about the D-community-commits
mailing list