Make o=meta non readable by anonymous, add a branch for storing readers accounts (fixes #7672)
This commit is contained in:
parent
3131d8251e
commit
aac655b6c1
|
|
@ -3,13 +3,30 @@ objectClass: olcDatabaseConfig
|
|||
objectClass: olcMdbConfig
|
||||
olcSuffix: o=meta
|
||||
olcDbDirectory: /var/lib/ldap/meta/
|
||||
# Allow reading accesslog only by root
|
||||
olcAccess: {0}to *
|
||||
# Allow authentication of readers accounts
|
||||
olcAccess: {0}to dn.one="ou=readers,o=meta"
|
||||
by anonymous auth
|
||||
by * break
|
||||
# Allow reading meta by readers accounts
|
||||
olcAccess: {1}to *
|
||||
by dn.exact="gidNumber=0+uidNumber=0,cn=peercred,cn=external,cn=auth" write
|
||||
by * read
|
||||
by dn.one="ou=readers,o=meta" read
|
||||
by * none
|
||||
olcLimits: {0}* size.pr=1000 size.prtotal=unlimited
|
||||
|
||||
add o=meta
|
||||
objectClass: organization
|
||||
o: meta
|
||||
description: Méta-annuaire SUPANN
|
||||
|
||||
add ou=readers,o=meta
|
||||
objectClass: organizationalUnit
|
||||
ou: readers
|
||||
|
||||
add uid=reader,ou=readers,o=meta
|
||||
objectClass: inetOrgPerson
|
||||
uid: reader
|
||||
userPassword: reader
|
||||
gn: reader
|
||||
sn: reader
|
||||
cn: reader
|
||||
|
|
|
|||
Reference in New Issue