![[tokkee]](http://tokkee.org/images/avatar.png){kind=avatar}
index e8cf0484ce7baf9dfefe62753bcc4abc89dfd75d..38ca72b5a6abc00f93916632dd59b7e99cc204b3 100644 (file)
access to dn.base=""
by * read
+access to dn.base="cn=Subschema"
+ by * read
access to dn.subtree=cn=Monitor
by * read
# Access to schema information
-access to dn.subtree=""
- by dn="cn=ldapadmin,dc=gonicus,dc=de" read
+#access to dn.subtree=""
+# by * read
# The userPassword/shadow Emtries by default can be
# changed by the entry owning it if they are authenticated.
# Others should not be able to see it, except the admin
# entry below
-access to attrs=userPassword,sambaPwdLastSet,sambaPwdMustChange,sambaPwdCanChange,shadowMax,shadowExpire
+access to attrs=userPassword,userPKCS12,sambaPwdLastSet,sambaPwdMustChange,sambaPwdCanChange,shadowMax,shadowExpire
by dn="cn=ldapadmin,dc=gonicus,dc=de" write
by dn.regex="uid=[^/]+/admin\+(realm=GONICUS.LOCAL)?" write
by anonymous auth
by self write
by * none
+access to attrs=shadowLastChange
+ by self write
+ by * read
# Deny access to imap/fax/kerberos admin passwords stored
# in ldap tree
by dn="cn=terminal-admin,dc=gonicus,dc=de" write
by dn="cn=ldapadmin,dc=gonicus,dc=de" write
by dn.regex="uid=[^/]+/admin\+(realm=GONICUS.LOCAL)?" write
+ by * none
access to dn.sub="ou=incoming,dc=gonicus,dc=de"
by dn="cn=terminal-admin,dc=gonicus,dc=de" write
by dn="cn=ldapadmin,dc=gonicus,dc=de" write
by dn.regex="uid=[^/]+/admin\+(realm=GONICUS.LOCAL)?" write
+ by * none
# What trees should be readable, depends on your policy. Either
# use this entry and specify what should be readable, or leave
# The backend type, ldbm, is the default standard
database bdb
cachesize 5000
-checkpoint 512 720
mode 0600
# The base of your directory
suffix "dc=gonicus,dc=de"
+checkpoint 512 720
# Sample password is "tester", generate a new one using the mkpasswd
# utility and put the string after {crypt}
rootpw {crypt}OuorOLd3VqvC2
# Indexing
-index default sub
-index uid,mail eq
-index gosaMailAlternateAddress,gosaMailForwardingAddress eq
-index cn,sn,givenName,ou pres,eq,sub
-index objectClass pres,eq
-index uidNumber,gidNumber,memberuid eq
-index gosaSubtreeACL,gosaObject,gosaUser pres,eq
+index default sub
+index uid,mail eq
+index gosaMailAlternateAddress,gosaMailForwardingAddress eq
+index cn,sn,givenName,ou pres,eq,sub
+index objectClass pres,eq
+index uidNumber,gidNumber,memberuid,macAddress eq
+index gosaSubtreeACL,gosaObject,gosaUser pres,eq
+
+# Indexing for Kolab
+#index alias eq,sub
+#index kolabDeleteFlag eq
+#index kolabHomeServer eq
+#index member pres,eq
# Indexing for Samba 3
-index sambaSID eq
-index sambaPrimaryGroupSID eq
-index sambaDomainName eq
-
+index sambaSID eq
+index sambaPrimaryGroupSID eq
+index sambaDomainName eq
+
+# Indexing for DNS/DHCP
+#index zoneName eq
+#index relativeDomainName eq
+#index dhcpHWAddress eq
+#index dhcpClassData eq
+#index dhcpPrimaryDN eq
+#index dhcpSecondaryDN eq
# Where the database file are physically stored
directory "/var/lib/ldap"
-# Make mods (writes entryUuid for kolab...)
+# Log modifications and write entryUUID
lastmod on