diff options
Diffstat (limited to 'ldap/db/10_base.conf.in')
| -rw-r--r-- | ldap/db/10_base.conf.in | 22 |
1 files changed, 22 insertions, 0 deletions
diff --git a/ldap/db/10_base.conf.in b/ldap/db/10_base.conf.in new file mode 100644 index 0000000..0781b3d --- /dev/null +++ b/ldap/db/10_base.conf.in @@ -0,0 +1,22 @@ +# Ensure read access to the base for things like +# supportedSASLMechanisms. Without this you may +# have problems with SASL not knowing what +# mechanisms are available and the like. +# Note that this is covered by the 'access to *' +# ACL below too but if you change that as people +# are wont to do you'll still need this if you +# want SASL (and possible other things) to work +# happily. +access to dn.base="" + by * read + +access to dn.subtree="cn=monitor" + by * read + +# The admin dn has full write access, everyone else +# needs further checking +access to dn.subtree="@SUFFIX@" + by dn.exact="cn=admin,@SUFFIX@" write + by group/groupOfUniqueNames/uniqueMember="cn=DSA,ou=Administrators,ou=Groups,ou=Access Control,@SUFFIX@" write + by group/groupOfUniqueNames/uniqueMember="cn=Replicants,ou=Groups,ou=Access Control,@SUFFIX@" write + by * break |