![[tokkee]](http://tokkee.org/images/avatar.png){kind=avatar}
index aa86b711945c2dbead1b5d63dd873bf4fc0a12de..38ca72b5a6abc00f93916632dd59b7e99cc204b3 100644 (file)
# to adjust the indexing and acl stuff below!
include /etc/ldap/schema/samba.schema
include /etc/ldap/schema/pureftpd.schema
-include /etc/ldap/schema/gohard.schema
include /etc/ldap/schema/gofon.schema
+include /etc/ldap/schema/gosystem.schema
include /etc/ldap/schema/goto.schema
include /etc/ldap/schema/gosa+samba3.schema
include /etc/ldap/schema/gofax.schema
include /etc/ldap/schema/goserver.schema
+include /etc/ldap/schema/goto-mime.schema
# Schema check allows for forcing entries to
# match schemas for their objectClasses's
#limits anonymous size.soft=500 time.soft=5
#limits user size=none time.soft=30
-#######################################################################
-# database definitions
-#######################################################################
-
-# Monitor backend
-database monitor
+access to dn.base=""
+ by * read
+access to dn.base="cn=Subschema"
+ by * read
access to dn.subtree=cn=Monitor
by * read
# Access to schema information
-access to dn.subtree=""
- by dn="cn=ldapadmin,dc=gonicus,dc=de" read
-
-# The backend type, ldbm, is the default standard
-database bdb
-cachesize 5000
-checkpoint 512 720
-mode 0600
-
-# The base of your directory
-suffix "dc=gonicus,dc=de"
-
-# Sample password is "tester", generate a new one using the mkpasswd
-# utility and put the string after {crypt}
-rootdn "cn=ldapadmin,dc=gonicus,dc=de"
-rootpw {crypt}OuorOLd3VqvC2
-
-# Indexing
-index default sub
-index uid,mail eq
-index gosaMailAlternateAddress,gosaMailForwardingAddress eq
-index cn,sn,givenName,ou pres,eq,sub
-index objectClass pres,eq
-index uidNumber,gidNumber,memberuid eq
-index gosaSubtreeACL,gosaObject,gosaUser pres,eq
-
-# Indexing for Samba 3
-index sambaSID eq
-index sambaPrimaryGroupSID eq
-index sambaDomainName eq
-
-
-# Where the database file are physically stored
-directory "/var/lib/ldap"
-
-# Save the time that the entry gets modified
-lastmod off
+#access to dn.subtree=""
+# by * read
# The userPassword/shadow Emtries by default can be
# changed by the entry owning it if they are authenticated.
# Others should not be able to see it, except the admin
# entry below
-access to attrs=userPassword,sambaPwdLastSet,sambaPwdMustChange,sambaPwdCanChange,shadowMax,shadowExpire
+access to attrs=userPassword,userPKCS12,sambaPwdLastSet,sambaPwdMustChange,sambaPwdCanChange,shadowMax,shadowExpire
by dn="cn=ldapadmin,dc=gonicus,dc=de" write
by dn.regex="uid=[^/]+/admin\+(realm=GONICUS.LOCAL)?" write
by anonymous auth
by self write
by * none
+access to attrs=shadowLastChange
+ by self write
+ by * read
# Deny access to imap/fax/kerberos admin passwords stored
# in ldap tree
by dn="cn=terminal-admin,dc=gonicus,dc=de" write
by dn="cn=ldapadmin,dc=gonicus,dc=de" write
by dn.regex="uid=[^/]+/admin\+(realm=GONICUS.LOCAL)?" write
+ by * none
access to dn.sub="ou=incoming,dc=gonicus,dc=de"
by dn="cn=terminal-admin,dc=gonicus,dc=de" write
by dn="cn=ldapadmin,dc=gonicus,dc=de" write
by dn.regex="uid=[^/]+/admin\+(realm=GONICUS.LOCAL)?" write
+ by * none
# What trees should be readable, depends on your policy. Either
# use this entry and specify what should be readable, or leave
# by peername="ip=127\.0\.0\.1" read
# by * none
+#######################################################################
+# database definitions
+#######################################################################
+
+# Monitor backend
+database monitor
+
+# The backend type, ldbm, is the default standard
+database bdb
+cachesize 5000
+mode 0600
+
+# The base of your directory
+suffix "dc=gonicus,dc=de"
+checkpoint 512 720
+
+# Sample password is "tester", generate a new one using the mkpasswd
+# utility and put the string after {crypt}
+rootdn "cn=ldapadmin,dc=gonicus,dc=de"
+rootpw {crypt}OuorOLd3VqvC2
+
+# Indexing
+index default sub
+index uid,mail eq
+index gosaMailAlternateAddress,gosaMailForwardingAddress eq
+index cn,sn,givenName,ou pres,eq,sub
+index objectClass pres,eq
+index uidNumber,gidNumber,memberuid,macAddress eq
+index gosaSubtreeACL,gosaObject,gosaUser pres,eq
+
+# Indexing for Kolab
+#index alias eq,sub
+#index kolabDeleteFlag eq
+#index kolabHomeServer eq
+#index member pres,eq
+
+# Indexing for Samba 3
+index sambaSID eq
+index sambaPrimaryGroupSID eq
+index sambaDomainName eq
+
+# Indexing for DNS/DHCP
+#index zoneName eq
+#index relativeDomainName eq
+#index dhcpHWAddress eq
+#index dhcpClassData eq
+#index dhcpPrimaryDN eq
+#index dhcpSecondaryDN eq
+
+# Where the database file are physically stored
+directory "/var/lib/ldap"
+
+# Log modifications and write entryUUID
+lastmod on
+
# Example replication using admin account. This will require taking the
# out put of this database using slapcat(8C), and then importing that into