X-Git-Url: https://git.tokkee.org/?a=blobdiff_plain;f=gosa-core%2Fcontrib%2Fopenldap%2Fslapd.conf;h=46b8cbbc87a49e5ab27ec358a8ca5b5a5424e485;hb=0fb744832aa9692e24c9cb2ec2638059eaab41bd;hp=ba0c98680dc7163279d432c59ce82ce573fb19c8;hpb=a6fe8c9d5d020bef9bfa60150afc6fceb8f13e32;p=gosa.git diff --git a/gosa-core/contrib/openldap/slapd.conf b/gosa-core/contrib/openldap/slapd.conf index ba0c98680..46b8cbbc8 100644 --- a/gosa-core/contrib/openldap/slapd.conf +++ b/gosa-core/contrib/openldap/slapd.conf @@ -14,26 +14,15 @@ include /etc/ldap/schema/inetorgperson.schema include /etc/ldap/schema/openldap.schema include /etc/ldap/schema/nis.schema include /etc/ldap/schema/misc.schema -include /etc/ldap/schema/trust.schema -#include /etc/ldap/schema/krb5-kdc.schema - -# These should be present for GOsa. In case of samba3, -# replace samba.schema and gosa.schema by samba3.schema -# and gosa+samba3.schema. Don't include both and remember -# to adjust the indexing and acl stuff below! -include /etc/ldap/schema/samba.schema -include /etc/ldap/schema/pureftpd.schema -include /etc/ldap/schema/gofon.schema -include /etc/ldap/schema/gosystem.schema -include /etc/ldap/schema/goto.schema -include /etc/ldap/schema/gosa+samba3.schema -include /etc/ldap/schema/gofax.schema -include /etc/ldap/schema/goserver.schema -include /etc/ldap/schema/goto-mime.schema - -# Schema check allows for forcing entries to -# match schemas for their objectClasses's -schemacheck on + +# These should be present for GOsa. Replace all occurencies +# of samba3 by samba2 for use with GOsa and Samba 2. +include /etc/ldap/schema/gosa/samba3.schema +include /etc/ldap/schema/gosa/gosystem.schema +include /etc/ldap/schema/gosa/goto.schema +include /etc/ldap/schema/gosa/goserver.schema +include /etc/ldap/schema/gosa/gosa-samba3.schema +include /etc/ldap/schema/gosa/trust.schema # Security settings # Parameters: sasl, ssf, tls, transport, update_sasl, update_ssf, @@ -60,7 +49,6 @@ password-hash {CRYPT} # Search base defaultsearchbase dc=gonicus,dc=de - # Where clients are refered to if no # match is found locally #referral ldap://some.other.ldap.server @@ -82,10 +70,10 @@ defaultsearchbase dc=gonicus,dc=de # Where the pid file is put. The init.d script # will not stop the server if you change this. -pidfile /var/run/slapd.pid +pidfile /var/run/slapd/slapd.pid # List of arguments that were passed to the server -argsfile /var/run/slapd.args +argsfile /var/run/slapd/slapd.args # Read slapd.conf(5) for possible values loglevel 1024 @@ -125,7 +113,6 @@ access to dn.subtree=cn=Monitor # Others should not be able to see it, except the admin # entry below access to attrs=userPassword,sambaPwdLastSet,sambaPwdMustChange,sambaPwdCanChange,shadowMax,shadowExpire - by dn="cn=ldapadmin,dc=gonicus,dc=de" write by dn.regex="uid=[^/]+/admin\+(realm=GONICUS.LOCAL)?" write by anonymous auth by self write @@ -134,15 +121,12 @@ access to attrs=userPassword,sambaPwdLastSet,sambaPwdMustChange,sambaPwdCanChang # Deny access to imap/fax/kerberos admin passwords stored # in ldap tree access to attrs=goImapPassword - by dn="cn=ldapadmin,dc=gonicus,dc=de" write by dn.regex="uid=[^/]+/admin\+(realm=GONICUS.LOCAL)?" write by * none access to attrs=goKrbPassword - by dn="cn=ldapadmin,dc=gonicus,dc=de" write by dn.regex="uid=[^/]+/admin\+(realm=GONICUS.LOCAL)?" write by * none access to attrs=goFaxPassword - by dn="cn=ldapadmin,dc=gonicus,dc=de" write by dn.regex="uid=[^/]+/admin\+(realm=GONICUS.LOCAL)?" write by * none @@ -155,25 +139,11 @@ access to attrs=gotoLastUser # Others should not be able to see it, except the # admin entry below access to attrs=sambaLmPassword,sambaNtPassword - by dn="cn=ldapadmin,dc=gonicus,dc=de" write by dn.regex="uid=[^/]+/admin\+(realm=GONICUS.LOCAL)?" write by anonymous auth by self write by * none -# Enable write create access for the terminal admin -access to dn="ou=incoming,dc=gonicus,dc=de" - by dn="cn=terminal-admin,dc=gonicus,dc=de" write - by dn="cn=ldapadmin,dc=gonicus,dc=de" write - by dn.regex="uid=[^/]+/admin\+(realm=GONICUS.LOCAL)?" write - by * none - -access to dn.sub="ou=incoming,dc=gonicus,dc=de" - by dn="cn=terminal-admin,dc=gonicus,dc=de" write - by dn="cn=ldapadmin,dc=gonicus,dc=de" write - by dn.regex="uid=[^/]+/admin\+(realm=GONICUS.LOCAL)?" write - by * none - # What trees should be readable, depends on your policy. Either # use this entry and specify what should be readable, or leave # the access to * => by * read below untouched @@ -182,7 +152,6 @@ access to dn.sub="ou=incoming,dc=gonicus,dc=de" # The admin dn has full write access access to * - by dn="cn=ldapadmin,dc=gonicus,dc=de" =wrscx by dn.regex="uid=[^/]+/admin\+(realm=GONICUS.LOCAL)?" =wrscx by * read # by peername="ip=127\.0\.0\.1" read