summaryrefslogtreecommitdiffstats
diff options
context:
space:
mode:
authorBenjamin Dauvergne <bdauvergne@entrouvert.com>2009-09-22 22:38:02 (GMT)
committerBenjamin Dauvergne <bdauvergne@entrouvert.com>2009-09-22 22:38:02 (GMT)
commit6aae153022bcdf2840eb303b3649ad65172e3728 (patch)
tree0c38bc41fe4db5f83e4745cda26fd02de8cae7bf
parentda45928b474611d9f1b4e88532f02c8e545eeb52 (diff)
downloadpratic-6aae153022bcdf2840eb303b3649ad65172e3728.zip
pratic-6aae153022bcdf2840eb303b3649ad65172e3728.tar.gz
pratic-6aae153022bcdf2840eb303b3649ad65172e3728.tar.bz2
update slapd.conf file from version on the production server
-rw-r--r--idp/ldap/slapd.conf37
1 files changed, 21 insertions, 16 deletions
diff --git a/idp/ldap/slapd.conf b/idp/ldap/slapd.conf
index 80c53f8..e0e7c0a 100644
--- a/idp/ldap/slapd.conf
+++ b/idp/ldap/slapd.conf
@@ -54,6 +54,14 @@ checkpoint 512 30
# 'database' directive occurs
database bdb
+# The base of your directory in database #1
+suffix "dc=pratic59,dc=fr"
+
+# rootdn directive for specifying a superuser on the database. This is needed
+# for syncrepl.
+rootdn "cn=admin,dc=pratic59,dc=fr"
+# this password is 'coin', use slapasswd to generate another
+rootpw {SSHA}8m+x+G7zw4C8hCEa/iYCKcCIB3fNtS6U
# Where the database file are physically stored for database #1
directory "/var/lib/ldap"
@@ -79,32 +87,29 @@ index objectClass eq
# Save the time that the entry gets modified, for database #1
lastmod on
+# Where to store the replica logs for database #1
+# replogfile /var/lib/ldap/replog
-# Les lignes suivantes contiennent la configuration spécifique,
-# un simple s/dc=pratic59,dc=fr/new_suffix/ suffit à changer la racine de
-# l'arbre LDAP pour tout le projet.
-suffix "dc=pratic59,dc=fr"
-rootdn "cn=admin,dc=pratic59,dc=fr"
-# This password is 'coin', use slappasswd to generate another
-rootpw {SSHA}8m+x+G7zw4C8hCEa/iYCKcCIB3fNtS6U
-
-
-# accés au champ mis à jour par authentic lors des logins
access to dn.regex="(ou=[^,]+,.*)$" filter=(objectClass=cdg59agent) attrs=entry,cdg59lastConnectionTime,cdg59lastConnectionDuration
- by group.expand="cn=admin,$1" write
+ by group.expand="cn=admin,$1" write
by dn.regex="uid=[^,]+,ou=admin,dc=pratic59,dc=fr" write
- by self write
- by * read
-
-# accès aux mots de passe
+ by self write
+ by * read
+
+# The userPassword by default can be changed
+# by the entry owning it if they are authenticated.
+# Others should not be able to see it, except the
+# admin entry below
+# These access lines apply to database #1 only
access to dn.regex="uid=[^,]+,(ou=[^,]+,dc=pratic59,dc=fr)" attrs=userPassword
- by group.expand="cn=admin,$1" write
+ by group.expand="cn=admin,$1" write
by dn.regex="uid=[^,]+,ou=admin,dc=pratic59,dc=fr" write
by anonymous auth
by self read
by * auth
access to attrs=userPassword,shadowLastChange
+ by group.expand="cn=admin,$1" write
by dn.regex="uid=[^,]+,ou=admin,dc=pratic59,dc=fr" write
by anonymous auth
by self write