diff options
author | Andrew Bartlett <abartlet@samba.org> | 2008-07-21 09:36:24 +1000 |
---|---|---|
committer | Andrew Bartlett <abartlet@samba.org> | 2008-07-21 09:36:24 +1000 |
commit | 706140a1dcc5220739bde0f17afcb32ebc0c130a (patch) | |
tree | 2107148f3c62b1f429553605b8ad906160d3b2e8 | |
parent | 3408a2d18fa61e2a7e3b3e05cc3c454e5e15f2ce (diff) | |
download | samba-706140a1dcc5220739bde0f17afcb32ebc0c130a.tar.gz samba-706140a1dcc5220739bde0f17afcb32ebc0c130a.tar.bz2 samba-706140a1dcc5220739bde0f17afcb32ebc0c130a.zip |
Make invalid 'member' detection work again.
This defines a rootdn globally, and due to OpenLDAP bugs, gives it
manage access to the whole database. This makes the memberOf module
able to validate the links again, now we have database ACLs.
Andrew Bartlett
(This used to be commit 9fe3e9f09f89fd92f8a16768e53391ff5f8489ec)
-rw-r--r-- | source4/setup/slapd.conf | 4 |
1 files changed, 4 insertions, 0 deletions
diff --git a/source4/setup/slapd.conf b/source4/setup/slapd.conf index 495847f7fe..4dcfd2aba7 100644 --- a/source4/setup/slapd.conf +++ b/source4/setup/slapd.conf @@ -32,6 +32,7 @@ access to dn.subtree="cn=samba" access to dn.subtree="${DOMAINDN}" by dn=cn=samba-admin,cn=samba manage + by dn=cn=manager manage by * none password-hash {CLEARTEXT} @@ -40,6 +41,8 @@ include ${LDAPDIR}/modules.conf defaultsearchbase ${DOMAINDN} +rootdn cn=Manager + ${REFINT_CONFIG} ${MEMBEROF_CONFIG} @@ -47,6 +50,7 @@ ${MEMBEROF_CONFIG} database ldif suffix cn=Samba directory ${LDAPDIR}/db/samba +rootdn cn=Manager,cn=Samba database hdb |