Make slapd.conf from snippets, and more...

author: Jonas Smedegaard <dr@jones.dk> 2008-09-16 14:35:52 +0200
committer: Jonas Smedegaard <dr@jones.dk> 2008-09-16 14:35:52 +0200
commit: 65fa4c6f74141e00303f8db3d7fb6a130f85033e (patch)
tree: 75678feb03dc4293b56d479432ec5175922d6885 /ldap/db/10_base.conf.in
parent: a5a0692af0038463fdf888cc55e1967b966d4b59 (diff)
1 files changed, 22 insertions, 0 deletions
diff --git a/ldap/db/10_base.conf.in b/ldap/db/10_base.conf.in
new file mode 100644
index 0000000..0781b3d
--- /dev/null
+++ b/ldap/db/10_base.conf.in
@@ -0,0 +1,22 @@
+# Ensure read access to the base for things like
+# supportedSASLMechanisms.  Without this you may
+# have problems with SASL not knowing what
+# mechanisms are available and the like.
+# Note that this is covered by the 'access to *'
+# ACL below too but if you change that as people
+# are wont to do you'll still need this if you
+# want SASL (and possible other things) to work 
+# happily.
+access to dn.base=""
+	by * read
+
+access to dn.subtree="cn=monitor"
+	by * read
+
+# The admin dn has full write access, everyone else
+# needs further checking
+access to dn.subtree="@SUFFIX@"
+	by dn.exact="cn=admin,@SUFFIX@" write
+	by group/groupOfUniqueNames/uniqueMember="cn=DSA,ou=Administrators,ou=Groups,ou=Access Control,@SUFFIX@" write
+	by group/groupOfUniqueNames/uniqueMember="cn=Replicants,ou=Groups,ou=Access Control,@SUFFIX@" write
+	by * break
author	Jonas Smedegaard <dr@jones.dk>	2008-09-16 14:35:52 +0200
committer	Jonas Smedegaard <dr@jones.dk>	2008-09-16 14:35:52 +0200
commit	65fa4c6f74141e00303f8db3d7fb6a130f85033e (patch)
tree	75678feb03dc4293b56d479432ec5175922d6885 /ldap/db/10_base.conf.in
parent	a5a0692af0038463fdf888cc55e1967b966d4b59 (diff)