From: cajus <cajus@594d385d-05f5-0310-b6e9-bd551577e9d8>
Date: Tue, 16 Nov 2010 09:14:21 +0000 (+0000)
Subject: Added config tree locking
X-Git-Url: https://git.tokkee.org/?a=commitdiff_plain;h=c8b9583ccbca5844c4f2fed7c9ca936f24c177ce;p=gosa.git

Added config tree locking


git-svn-id: https://oss.gonicus.de/repositories/gosa/trunk@20233 594d385d-05f5-0310-b6e9-bd551577e9d8
---

diff --git a/gosa-core/contrib/openldap/slapd.conf b/gosa-core/contrib/openldap/slapd.conf
index 82e071944..db51ccf7a 100644
--- a/gosa-core/contrib/openldap/slapd.conf
+++ b/gosa-core/contrib/openldap/slapd.conf
@@ -148,6 +148,12 @@ access to attrs=sambaLmPassword,sambaNtPassword
 	by self write
 	by * none 
 
+# The complete config tree should be locked for anonymous access. This
+# rule can be removed if you've non public access, anyway.
+access to dn.sub="ou=configs,ou=systems,dc=gonicus,dc=de"
+	by dn.regex="uid=[^/]+/admin\+(realm=GONICUS.LOCAL)?" write
+    by * none
+
 # What trees should be readable, depends on your policy. Either
 # use this entry and specify what should be readable, or leave
 # the access to * => by * read below untouched