From 65fa4c6f74141e00303f8db3d7fb6a130f85033e Mon Sep 17 00:00:00 2001
From: Jonas Smedegaard <dr@jones.dk>
Date: Tue, 16 Sep 2008 14:35:52 +0200
Subject: Make slapd.conf from snippets, and more...

---
 ldap/db/10_base.conf.in | 22 ++++++++++++++++++++++
 1 file changed, 22 insertions(+)
 create mode 100644 ldap/db/10_base.conf.in

(limited to 'ldap/db/10_base.conf.in')

diff --git a/ldap/db/10_base.conf.in b/ldap/db/10_base.conf.in
new file mode 100644
index 0000000..0781b3d
--- /dev/null
+++ b/ldap/db/10_base.conf.in
@@ -0,0 +1,22 @@
+# Ensure read access to the base for things like
+# supportedSASLMechanisms.  Without this you may
+# have problems with SASL not knowing what
+# mechanisms are available and the like.
+# Note that this is covered by the 'access to *'
+# ACL below too but if you change that as people
+# are wont to do you'll still need this if you
+# want SASL (and possible other things) to work 
+# happily.
+access to dn.base=""
+	by * read
+
+access to dn.subtree="cn=monitor"
+	by * read
+
+# The admin dn has full write access, everyone else
+# needs further checking
+access to dn.subtree="@SUFFIX@"
+	by dn.exact="cn=admin,@SUFFIX@" write
+	by group/groupOfUniqueNames/uniqueMember="cn=DSA,ou=Administrators,ou=Groups,ou=Access Control,@SUFFIX@" write
+	by group/groupOfUniqueNames/uniqueMember="cn=Replicants,ou=Groups,ou=Access Control,@SUFFIX@" write
+	by * break
-- 
cgit v1.2.3