From c8b9583ccbca5844c4f2fed7c9ca936f24c177ce Mon Sep 17 00:00:00 2001
From: cajus <cajus@594d385d-05f5-0310-b6e9-bd551577e9d8>
Date: Tue, 16 Nov 2010 09:14:21 +0000
Subject: [PATCH] Added config tree locking

git-svn-id: https://oss.gonicus.de/repositories/gosa/trunk@20233 594d385d-05f5-0310-b6e9-bd551577e9d8
---
 gosa-core/contrib/openldap/slapd.conf | 6 ++++++
 1 file changed, 6 insertions(+)

diff --git a/gosa-core/contrib/openldap/slapd.conf b/gosa-core/contrib/openldap/slapd.conf
index 82e071944..db51ccf7a 100644
--- a/gosa-core/contrib/openldap/slapd.conf
+++ b/gosa-core/contrib/openldap/slapd.conf
@@ -148,6 +148,12 @@ access to attrs=sambaLmPassword,sambaNtPassword
 	by self write
 	by * none 
 
+# The complete config tree should be locked for anonymous access. This
+# rule can be removed if you've non public access, anyway.
+access to dn.sub="ou=configs,ou=systems,dc=gonicus,dc=de"
+	by dn.regex="uid=[^/]+/admin\+(realm=GONICUS.LOCAL)?" write
+    by * none
+
 # What trees should be readable, depends on your policy. Either
 # use this entry and specify what should be readable, or leave
 # the access to * => by * read below untouched
-- 
2.30.2