index ba0c98680dc7163279d432c59ce82ce573fb19c8..46b8cbbc87a49e5ab27ec358a8ca5b5a5424e485 100644 (file)
include /etc/ldap/schema/openldap.schema
include /etc/ldap/schema/nis.schema
include /etc/ldap/schema/misc.schema
include /etc/ldap/schema/openldap.schema
include /etc/ldap/schema/nis.schema
include /etc/ldap/schema/misc.schema
-include /etc/ldap/schema/trust.schema
-#include /etc/ldap/schema/krb5-kdc.schema
-
-# These should be present for GOsa. In case of samba3,
-# replace samba.schema and gosa.schema by samba3.schema
-# and gosa+samba3.schema. Don't include both and remember
-# to adjust the indexing and acl stuff below!
-include /etc/ldap/schema/samba.schema
-include /etc/ldap/schema/pureftpd.schema
-include /etc/ldap/schema/gofon.schema
-include /etc/ldap/schema/gosystem.schema
-include /etc/ldap/schema/goto.schema
-include /etc/ldap/schema/gosa+samba3.schema
-include /etc/ldap/schema/gofax.schema
-include /etc/ldap/schema/goserver.schema
-include /etc/ldap/schema/goto-mime.schema
-
-# Schema check allows for forcing entries to
-# match schemas for their objectClasses's
-schemacheck on
+
+# These should be present for GOsa. Replace all occurencies
+# of samba3 by samba2 for use with GOsa and Samba 2.
+include /etc/ldap/schema/gosa/samba3.schema
+include /etc/ldap/schema/gosa/gosystem.schema
+include /etc/ldap/schema/gosa/goto.schema
+include /etc/ldap/schema/gosa/goserver.schema
+include /etc/ldap/schema/gosa/gosa-samba3.schema
+include /etc/ldap/schema/gosa/trust.schema
# Security settings
# Parameters: sasl, ssf, tls, transport, update_sasl, update_ssf,
# Security settings
# Parameters: sasl, ssf, tls, transport, update_sasl, update_ssf,
# Search base
defaultsearchbase dc=gonicus,dc=de
# Search base
defaultsearchbase dc=gonicus,dc=de
-
# Where clients are refered to if no
# match is found locally
#referral ldap://some.other.ldap.server
# Where clients are refered to if no
# match is found locally
#referral ldap://some.other.ldap.server
# Where the pid file is put. The init.d script
# will not stop the server if you change this.
# Where the pid file is put. The init.d script
# will not stop the server if you change this.
-pidfile /var/run/slapd.pid
+pidfile /var/run/slapd/slapd.pid
# List of arguments that were passed to the server
# List of arguments that were passed to the server
-argsfile /var/run/slapd.args
+argsfile /var/run/slapd/slapd.args
# Read slapd.conf(5) for possible values
loglevel 1024
# Read slapd.conf(5) for possible values
loglevel 1024
# Others should not be able to see it, except the admin
# entry below
access to attrs=userPassword,sambaPwdLastSet,sambaPwdMustChange,sambaPwdCanChange,shadowMax,shadowExpire
# Others should not be able to see it, except the admin
# entry below
access to attrs=userPassword,sambaPwdLastSet,sambaPwdMustChange,sambaPwdCanChange,shadowMax,shadowExpire
- by dn="cn=ldapadmin,dc=gonicus,dc=de" write
by dn.regex="uid=[^/]+/admin\+(realm=GONICUS.LOCAL)?" write
by anonymous auth
by self write
by dn.regex="uid=[^/]+/admin\+(realm=GONICUS.LOCAL)?" write
by anonymous auth
by self write
@@ -134,15 +121,12 @@ access to attrs=userPassword,sambaPwdLastSet,sambaPwdMustChange,sambaPwdCanChang
# Deny access to imap/fax/kerberos admin passwords stored
# in ldap tree
access to attrs=goImapPassword
# Deny access to imap/fax/kerberos admin passwords stored
# in ldap tree
access to attrs=goImapPassword
- by dn="cn=ldapadmin,dc=gonicus,dc=de" write
by dn.regex="uid=[^/]+/admin\+(realm=GONICUS.LOCAL)?" write
by * none
access to attrs=goKrbPassword
by dn.regex="uid=[^/]+/admin\+(realm=GONICUS.LOCAL)?" write
by * none
access to attrs=goKrbPassword
- by dn="cn=ldapadmin,dc=gonicus,dc=de" write
by dn.regex="uid=[^/]+/admin\+(realm=GONICUS.LOCAL)?" write
by * none
access to attrs=goFaxPassword
by dn.regex="uid=[^/]+/admin\+(realm=GONICUS.LOCAL)?" write
by * none
access to attrs=goFaxPassword
- by dn="cn=ldapadmin,dc=gonicus,dc=de" write
by dn.regex="uid=[^/]+/admin\+(realm=GONICUS.LOCAL)?" write
by * none
by dn.regex="uid=[^/]+/admin\+(realm=GONICUS.LOCAL)?" write
by * none
# Others should not be able to see it, except the
# admin entry below
access to attrs=sambaLmPassword,sambaNtPassword
# Others should not be able to see it, except the
# admin entry below
access to attrs=sambaLmPassword,sambaNtPassword
- by dn="cn=ldapadmin,dc=gonicus,dc=de" write
by dn.regex="uid=[^/]+/admin\+(realm=GONICUS.LOCAL)?" write
by anonymous auth
by self write
by * none
by dn.regex="uid=[^/]+/admin\+(realm=GONICUS.LOCAL)?" write
by anonymous auth
by self write
by * none
-# Enable write create access for the terminal admin
-access to dn="ou=incoming,dc=gonicus,dc=de"
- by dn="cn=terminal-admin,dc=gonicus,dc=de" write
- by dn="cn=ldapadmin,dc=gonicus,dc=de" write
- by dn.regex="uid=[^/]+/admin\+(realm=GONICUS.LOCAL)?" write
- by * none
-
-access to dn.sub="ou=incoming,dc=gonicus,dc=de"
- by dn="cn=terminal-admin,dc=gonicus,dc=de" write
- by dn="cn=ldapadmin,dc=gonicus,dc=de" write
- by dn.regex="uid=[^/]+/admin\+(realm=GONICUS.LOCAL)?" write
- by * none
-
# What trees should be readable, depends on your policy. Either
# use this entry and specify what should be readable, or leave
# the access to * => by * read below untouched
# What trees should be readable, depends on your policy. Either
# use this entry and specify what should be readable, or leave
# the access to * => by * read below untouched
# The admin dn has full write access
access to *
# The admin dn has full write access
access to *
- by dn="cn=ldapadmin,dc=gonicus,dc=de" =wrscx
by dn.regex="uid=[^/]+/admin\+(realm=GONICUS.LOCAL)?" =wrscx
by * read
# by peername="ip=127\.0\.0\.1" read
by dn.regex="uid=[^/]+/admin\+(realm=GONICUS.LOCAL)?" =wrscx
by * read
# by peername="ip=127\.0\.0\.1" read