From d65f58d1597e67b199ee3419cf017491f0a309ec Mon Sep 17 00:00:00 2001
From: Jonas Smedegaard <dr@jones.dk>
Date: Wed, 17 Sep 2008 09:04:06 +0200
Subject: Add horde admin to new SAM admin group with password write access.

---
 ldap/db/20_base.conf.in |  2 +-
 ldap/mkldapdb           | 10 ++++++++++
 2 files changed, 11 insertions(+), 1 deletion(-)

(limited to 'ldap')

diff --git a/ldap/db/20_base.conf.in b/ldap/db/20_base.conf.in
index b7cd9ae..1d78c6a 100644
--- a/ldap/db/20_base.conf.in
+++ b/ldap/db/20_base.conf.in
@@ -4,7 +4,7 @@
 # admin entry below
 access to dn.subtree="ou=SAM,@SUFFIX@" attrs=userpassword,shadowLastChange
         by dn.exact="@ADMIN@" write
-	by dn.exact=”uid=cifsdc,ou=Entities,ou=Access Control,@SUFFIX@" write
+	by group="cn=SAM,ou=Administrators,ou=Access Control,@SUFFIX@" write
         by anonymous auth
         by self write
         by * none
diff --git a/ldap/mkldapdb b/ldap/mkldapdb
index 2e0d34a..4e297c3 100755
--- a/ldap/mkldapdb
+++ b/ldap/mkldapdb
@@ -73,3 +73,13 @@ cn: DSA
 description: Directory System Agent administrators
 uniqueMember: cn=cipux,ou=Entities,ou=Access Control,$basedn
 EOF
+ldapadd -x -h localhost -D "cn=admin,$basedn" -W <<EOF
+dn: cn=SAM,ou=Administrators,ou=Groups,ou=Access Control,$basedn
+objectClass: groupOfUniqueNames
+cn: SAM
+description: Samba and NSS services administrators
+uniqueMember: cn=horde,ou=Entities,ou=Access Control,$basedn
+EOF
+
+# TODO: Add "uid=cifsdc,ou=Entities,ou=Access Control,@SUFFIX@" to group
+#       "cn=SAM,ou=Administrators,ou=Access Control,@SUFFIX@" for samba
-- 
cgit v1.2.3