- Corrected attr in place of attrs

[gosa.git] / contrib / openldap / slapd.conf

diff --git a/contrib/openldap/slapd.conf b/contrib/openldap/slapd.conf
index 5ab60813c62ac43ca2c8fcfff34c5a0dfea228e4..38ca72b5a6abc00f93916632dd59b7e99cc204b3 100644 (file)
--- a/contrib/openldap/slapd.conf
+++ b/contrib/openldap/slapd.conf
@@ -112,6 +112,8 @@ moduleload      back_monitor
 
 access to dn.base=""
         by * read
+access to dn.base="cn=Subschema"
+       by * read
 
 access to dn.subtree=cn=Monitor
         by * read
@@ -124,12 +126,15 @@ access to dn.subtree=cn=Monitor
 # changed by the entry owning it if they are authenticated.
 # Others should not be able to see it, except the admin
 # entry below
-access to attrs=userPassword,sambaPwdLastSet,sambaPwdMustChange,sambaPwdCanChange,shadowMax,shadowExpire
+access to attrs=userPassword,userPKCS12,sambaPwdLastSet,sambaPwdMustChange,sambaPwdCanChange,shadowMax,shadowExpire
        by dn="cn=ldapadmin,dc=gonicus,dc=de" write
        by dn.regex="uid=[^/]+/admin\+(realm=GONICUS.LOCAL)?" write
        by anonymous auth
        by self write
        by * none 
+access to attrs=shadowLastChange
+        by self write
+        by * read
 
 # Deny access to imap/fax/kerberos admin passwords stored
 # in ldap tree
@@ -215,7 +220,7 @@ index   uid,mail                                                    eq
 index   gosaMailAlternateAddress,gosaMailForwardingAddress             eq
 index   cn,sn,givenName,ou                                             pres,eq,sub
 index   objectClass                                                    pres,eq
-index   uidNumber,gidNumber,memberuid                                  eq
+index   uidNumber,gidNumber,memberuid,macAddress               eq
 index   gosaSubtreeACL,gosaObject,gosaUser                             pres,eq
 
 # Indexing for Kolab