Add horde admin to new SAM admin group with password write access.

author: Jonas Smedegaard <dr@jones.dk> 2008-09-17 09:04:06 +0200
committer: Jonas Smedegaard <dr@jones.dk> 2008-09-17 09:04:06 +0200
commit: d65f58d1597e67b199ee3419cf017491f0a309ec (patch)
tree: 5b7065dbc3f26f24abc92d04219debf85a434aa6 /ldap
parent: 3bc8643d2f270fc2fcd9eace0ca4a5ef2323a26d (diff)
2 files changed, 11 insertions, 1 deletions
diff --git a/ldap/db/20_base.conf.in b/ldap/db/20_base.conf.in
index b7cd9ae..1d78c6a 100644
--- a/ldap/db/20_base.conf.in
+++ b/ldap/db/20_base.conf.in
@@ -4,7 +4,7 @@
 # admin entry below
 access to dn.subtree="ou=SAM,@SUFFIX@" attrs=userpassword,shadowLastChange
         by dn.exact="@ADMIN@" write
-	by dn.exact=”uid=cifsdc,ou=Entities,ou=Access Control,@SUFFIX@" write
+	by group="cn=SAM,ou=Administrators,ou=Access Control,@SUFFIX@" write
         by anonymous auth
         by self write
         by * none
diff --git a/ldap/mkldapdb b/ldap/mkldapdb
index 2e0d34a..4e297c3 100755
--- a/ldap/mkldapdb
+++ b/ldap/mkldapdb
@@ -73,3 +73,13 @@ cn: DSA
 description: Directory System Agent administrators
 uniqueMember: cn=cipux,ou=Entities,ou=Access Control,$basedn
 EOF
+ldapadd -x -h localhost -D "cn=admin,$basedn" -W <<EOF
+dn: cn=SAM,ou=Administrators,ou=Groups,ou=Access Control,$basedn
+objectClass: groupOfUniqueNames
+cn: SAM
+description: Samba and NSS services administrators
+uniqueMember: cn=horde,ou=Entities,ou=Access Control,$basedn
+EOF
+
+# TODO: Add "uid=cifsdc,ou=Entities,ou=Access Control,@SUFFIX@" to group
+#       "cn=SAM,ou=Administrators,ou=Access Control,@SUFFIX@" for samba
author	Jonas Smedegaard <dr@jones.dk>	2008-09-17 09:04:06 +0200
committer	Jonas Smedegaard <dr@jones.dk>	2008-09-17 09:04:06 +0200
commit	d65f58d1597e67b199ee3419cf017491f0a309ec (patch)
tree	5b7065dbc3f26f24abc92d04219debf85a434aa6 /ldap
parent	3bc8643d2f270fc2fcd9eace0ca4a5ef2323a26d (diff)