From 424da2513779d64e753a58fd43132a5166c2e945 Mon Sep 17 00:00:00 2001
From: Jonas Smedegaard <dr@jones.dk>
Date: Sun, 26 Oct 2008 23:11:42 +0100
Subject: Separate slapd.conf.d snippets from ldif snippets.

---
 ldap/slapd.conf.d/08_base.conf.in | 10 ++++++++++
 1 file changed, 10 insertions(+)
 create mode 100644 ldap/slapd.conf.d/08_base.conf.in

(limited to 'ldap/slapd.conf.d/08_base.conf.in')

diff --git a/ldap/slapd.conf.d/08_base.conf.in b/ldap/slapd.conf.d/08_base.conf.in
new file mode 100644
index 0000000..1d78c6a
--- /dev/null
+++ b/ldap/slapd.conf.d/08_base.conf.in
@@ -0,0 +1,10 @@
+# The userPassword by default can be changed
+# by the entry owning it if they are authenticated.
+# Others should not be able to see it, except the
+# admin entry below
+access to dn.subtree="ou=SAM,@SUFFIX@" attrs=userpassword,shadowLastChange
+        by dn.exact="@ADMIN@" write
+	by group="cn=SAM,ou=Administrators,ou=Access Control,@SUFFIX@" write
+        by anonymous auth
+        by self write
+        by * none
-- 
cgit v1.2.3