From 843483d7a6b4cda72cf35e52ab62e85998ea9962 Mon Sep 17 00:00:00 2001 From: Jonas Smedegaard Date: Tue, 16 Sep 2008 22:24:20 +0200 Subject: Avoid space after comma in DN. --- ldap/mkldapdb | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) (limited to 'ldap') diff --git a/ldap/mkldapdb b/ldap/mkldapdb index 623a706..2e0d34a 100755 --- a/ldap/mkldapdb +++ b/ldap/mkldapdb @@ -5,7 +5,7 @@ set -e umask 066 # Resolve some defaults from other system config -basedn="`grep '^BASE\b' /etc/ldap/ldap.conf | sed -e 's/^BASE[[:space:]]\+//'`" +basedn="`grep '^BASE\b' /etc/ldap/ldap.conf | sed -e 's/^BASE[[:space:]]\+//' -e 's/,[[:space:]]\+/,/g'`" dnsdomain="`dnsdomainname`" orgname="" if [ -r /etc/local-ORG/orgname ]; then -- cgit v1.2.3 From 3bc8643d2f270fc2fcd9eace0ca4a5ef2323a26d Mon Sep 17 00:00:00 2001 From: Jonas Smedegaard Date: Wed, 17 Sep 2008 08:52:30 +0200 Subject: Move password access to 20 (from 50). --- ldap/db/20_base.conf.in | 10 ++++++++++ ldap/db/50_base.conf.in | 10 ---------- 2 files changed, 10 insertions(+), 10 deletions(-) create mode 100644 ldap/db/20_base.conf.in delete mode 100644 ldap/db/50_base.conf.in (limited to 'ldap') diff --git a/ldap/db/20_base.conf.in b/ldap/db/20_base.conf.in new file mode 100644 index 0000000..b7cd9ae --- /dev/null +++ b/ldap/db/20_base.conf.in @@ -0,0 +1,10 @@ +# The userPassword by default can be changed +# by the entry owning it if they are authenticated. +# Others should not be able to see it, except the +# admin entry below +access to dn.subtree="ou=SAM,@SUFFIX@" attrs=userpassword,shadowLastChange + by dn.exact="@ADMIN@" write + by dn.exact=”uid=cifsdc,ou=Entities,ou=Access Control,@SUFFIX@" write + by anonymous auth + by self write + by * none diff --git a/ldap/db/50_base.conf.in b/ldap/db/50_base.conf.in deleted file mode 100644 index b7cd9ae..0000000 --- a/ldap/db/50_base.conf.in +++ /dev/null @@ -1,10 +0,0 @@ -# The userPassword by default can be changed -# by the entry owning it if they are authenticated. -# Others should not be able to see it, except the -# admin entry below -access to dn.subtree="ou=SAM,@SUFFIX@" attrs=userpassword,shadowLastChange - by dn.exact="@ADMIN@" write - by dn.exact=”uid=cifsdc,ou=Entities,ou=Access Control,@SUFFIX@" write - by anonymous auth - by self write - by * none -- cgit v1.2.3 From d65f58d1597e67b199ee3419cf017491f0a309ec Mon Sep 17 00:00:00 2001 From: Jonas Smedegaard Date: Wed, 17 Sep 2008 09:04:06 +0200 Subject: Add horde admin to new SAM admin group with password write access. --- ldap/db/20_base.conf.in | 2 +- ldap/mkldapdb | 10 ++++++++++ 2 files changed, 11 insertions(+), 1 deletion(-) (limited to 'ldap') diff --git a/ldap/db/20_base.conf.in b/ldap/db/20_base.conf.in index b7cd9ae..1d78c6a 100644 --- a/ldap/db/20_base.conf.in +++ b/ldap/db/20_base.conf.in @@ -4,7 +4,7 @@ # admin entry below access to dn.subtree="ou=SAM,@SUFFIX@" attrs=userpassword,shadowLastChange by dn.exact="@ADMIN@" write - by dn.exact=”uid=cifsdc,ou=Entities,ou=Access Control,@SUFFIX@" write + by group="cn=SAM,ou=Administrators,ou=Access Control,@SUFFIX@" write by anonymous auth by self write by * none diff --git a/ldap/mkldapdb b/ldap/mkldapdb index 2e0d34a..4e297c3 100755 --- a/ldap/mkldapdb +++ b/ldap/mkldapdb @@ -73,3 +73,13 @@ cn: DSA description: Directory System Agent administrators uniqueMember: cn=cipux,ou=Entities,ou=Access Control,$basedn EOF +ldapadd -x -h localhost -D "cn=admin,$basedn" -W <