![[tokkee]](http://tokkee.org/images/avatar.png){kind=avatar}
index 558a2eed47d2288818bad26c49e9c6b3a462d080..689bceae1ab6e23c08193b1aa30df5e5b9e7ff7d 100644 (file)
#include /etc/ldap/schema/phpgwaccount.schema
#include /etc/ldap/schema/phpgwcontact.schema
+# These should be present for nagios plugin to work
+#include /etc/ldap/schema/nagios.schema
+
# Schema check allows for forcing entries to
# match schemas for their objectClasses's
schemacheck on
password-hash {CRYPT}
# Search base
-defaultsearchbase dc=ccib,dc=be
+defaultsearchbase dc=opensides,dc=be
# Where clients are refered to if no
#sasl-authz-policy
#sasl-host gosa.sweatshop.local
#sasl-realm sweatshop.LOCAL
-#sasl-regexp cn=(.*),ou=(.*) cn=$1,ou=$2,ou=people,dc=ccib,dc=be
+#sasl-regexp cn=(.*),ou=(.*) cn=$1,ou=$2,ou=people,dc=opensides,dc=be
#sasl-secprops noanonymous
## Kerberos setup
mode 0600
# The base of your directory
-suffix "dc=ccib,dc=be"
+suffix "dc=opensides,dc=be"
# Sample password is "tester", generate a new one using the mkpasswd
# utility and put the string after {crypt}
-rootdn "cn=ldapadmin,dc=ccib,dc=be"
+rootdn "cn=ldapadmin,dc=opensides,dc=be"
rootpw {crypt}2wTonoD6DWM/A
# Indexing
# Others should not be able to see it, except the admin
# entry below
access to attrs=userPassword,sambaPwdLastSet,sambaPwdMustChange,sambaPwdCanChange,shadowMax,shadowExpire
- by dn="cn=ldapadmin,dc=ccib,dc=be" write
+ by dn="cn=ldapadmin,dc=opensides,dc=be" write
by anonymous auth
by self write
by self read
@@ -170,13 +173,13 @@ access to attrs=userPassword,sambaPwdLastSet,sambaPwdMustChange,sambaPwdCanChang
# Deny access to imap/fax/kerberos admin passwords stored
# in ldap tree
access to attrs=goImapPassword
- by dn="cn=ldapadmin,dc=ccib,dc=be" write
+ by dn="cn=ldapadmin,dc=opensides,dc=be" write
by * none
access to attrs=goKrbPassword
- by dn="cn=ldapadmin,dc=ccib,dc=be" write
+ by dn="cn=ldapadmin,dc=opensides,dc=be" write
by * none
access to attrs=goFaxPassword
- by dn="cn=ldapadmin,dc=ccib,dc=be" write
+ by dn="cn=ldapadmin,dc=opensides,dc=be" write
by * none
# Let servers write last user attribute
# Others should not be able to see it, except the
# admin entry below
access to attrs=sambaLmPassword,sambaNtPassword
- by dn="cn=ldapadmin,dc=ccib,dc=be" write
+ by dn="cn=ldapadmin,dc=opensides,dc=be" write
by anonymous auth
by self write
by self read
by * none
# Enable write create access for the terminal admin
-access to dn="ou=incoming,dc=ccib,dc=be"
- by dn="cn=terminal-admin,dc=ccib,dc=be" write
- by dn="cn=ldapadmin,dc=ccib,dc=be" write
-
-#access to dn=".*,ou=incoming,dc=ccib,dc=be"
-# by dn="cn=terminal-admin,dc=ccib,dc=be" write
-# by dn="cn=ldapadmin,dc=ccib,dc=be" write
+access to dn="ou=incoming,dc=opensides,dc=be"
+ by dn="cn=terminal-admin,dc=opensides,dc=be" write
+ by dn="cn=ldapadmin,dc=opensides,dc=be" write
# What trees should be readable, depends on your policy. Either
# use this entry and specify what should be readable, or leave
# The admin dn has full write access
access to *
- by dn="cn=ldapadmin,dc=ccib,dc=be" =wrscx
+ by dn="cn=ldapadmin,dc=opensides,dc=be" =wrscx
by * read
# Example replication using admin account. This will require taking the
# Replication setup
#replogfile /var/log/ldap-replicalog
#replica host=ldap-2.sweatshop.local
-# binddn="cn=replicator,dc=ccib,dc=be bindmethod=simple credentials=secret
+# binddn="cn=replicator,dc=opensides,dc=be bindmethod=simple credentials=secret
# Dummy database for config replication
#database shell
-#suffix "dc=ccib,dc=shell"
+#suffix "dc=opensides,dc=shell"
#search /etc/ldap/shell/process.pl
#add /etc/ldap/shell/process.pl