[D-community-commits] r247 - in trunk/fai-config-dir: files/etc/ldap/slapd.conf scripts/LDAPSERVER

holger at alioth.debian.org holger at alioth.debian.org
Mon Mar 10 13:39:33 UTC 2008


Author: holger
Date: 2008-03-10 13:39:32 +0000 (Mon, 10 Mar 2008)
New Revision: 247

Modified:
   trunk/fai-config-dir/files/etc/ldap/slapd.conf/LDAPSERVER
   trunk/fai-config-dir/scripts/LDAPSERVER/10-slapd
Log:
finish udldap setup

Modified: trunk/fai-config-dir/files/etc/ldap/slapd.conf/LDAPSERVER
===================================================================
--- trunk/fai-config-dir/files/etc/ldap/slapd.conf/LDAPSERVER	2008-03-10 13:31:38 UTC (rev 246)
+++ trunk/fai-config-dir/files/etc/ldap/slapd.conf/LDAPSERVER	2008-03-10 13:39:32 UTC (rev 247)
@@ -80,6 +80,9 @@
 dbconfig set_lk_max_lockers 1500
 
 # Indexing options for database #1
+index uid eq
+index keyfingerprint eq
+index cn,sn approx,sub,eq
 index           objectClass eq
 
 # Save the time that the entry gets modified, for database #1
@@ -110,6 +113,36 @@
 # happily.
 access to dn.base="" by * read
 
+# Restrict reading/modification of the password to administration and self
+access to attrs=userpassword,sshrsaauthkey
+        by self write
+        by dn="uid=admin,ou=users,dc=debian-community,dc=org" write
+        by group="uid=admin,ou=users,dc=debian-community,dc=org" write
+        by * compare
+
+access to attrs=emailforward
+        by dn="uid=admin,ou=users,dc=debian-community,dc=org" write
+        by group="uid=admin,ou=users,dc=debian-community,dc=org" write
+        by self write
+        by addr=127.0.0.1 read
+        by domain=.*\.debian\.org read
+        by * none
+access to attrs=c,l,loginShell,ircNick
+        by dn="uid=admin,ou=users,dc=debian-community,dc=org" write
+        by group="uid=admin,ou=users,dc=debian-community,dc=org" write
+        by self write
+access to attrs=facsimileTelephoneNumber,telephoneNumber,postalAddress,postalC
+ode,loginShell,onvacation,privateSub,latitude,longitude
+        by dn="uid=admin,ou=users,dc=debian-community,dc=org" write
+        by group="uid=admin,ou=users,dc=debian-community,dc=org" write
+        by self write
+        by dn="uid=.*,ou=users,dc=debian-community,dc=org" read
+        by * none
+access to *
+        by dn="uid=admin,ou=users,dc=debian-community,dc=org" write
+        by group="uid=admin,ou=users,dc=debian-community,dc=org" write
+
+
 # The admin dn has full write access, everyone else
 # can read everything.
 access to *

Modified: trunk/fai-config-dir/scripts/LDAPSERVER/10-slapd
===================================================================
--- trunk/fai-config-dir/scripts/LDAPSERVER/10-slapd	2008-03-10 13:31:38 UTC (rev 246)
+++ trunk/fai-config-dir/scripts/LDAPSERVER/10-slapd	2008-03-10 13:39:32 UTC (rev 247)
@@ -19,24 +19,31 @@
     echo -n "Creating initial LDAP directory..."
     TMPFILE=`mktemp`
     cat > $TMPFILE <<- EOF 
+dn: dc=org
+dc: net
+objectClass: top
+objectClass: domain
+
 dn: dc=debian-community,dc=org
+dc: visi
 objectClass: top
-objectClass: dcObject
-objectClass: organization
-o: debian-community
-dc: debian-community
+objectClass: domain
 
-dn: cn=admin,dc=debian-community,dc=org
-objectClass: simpleSecurityObject
-objectClass: organizationalRole
-cn: admin
-description: LDAP administrator
-userPassword: {crypt}DdkbhPPiiqExA
+dn: ou=users,dc=debian-community,dc=org
+ou: users
+objectClass: top
+objectClass: organizationalUnit
 
-dn: ou=People,dc=debian-community,dc=org
-ou: People
-objectClass: organizationalUnit
+dn: uid=admin,ou=users,dc=debian-community,dc=org
+uid: admin
+cn: LDAP administrator
 objectClass: top
+objectClass: groupOfNames
+userPassword: {crypt}DdkbhPPiiqExA
+member: uid=jgg,ou=users,dc=debian-community,dc=org
+member: uid=joey,ou=users,dc=debian-community,dc=org
+member: uid=troup,ou=users,dc=debian-community,dc=org
+mail: holger at debian-community.org
 EOF
    cat $TMPFILE | $ROOTCMD slapadd 
    rm $TMPFILE




More information about the D-community-commits mailing list