summaryrefslogtreecommitdiff
diff options
context:
space:
mode:
authorAndrew Bartlett <abartlet@samba.org>2008-07-21 09:36:24 +1000
committerAndrew Bartlett <abartlet@samba.org>2008-07-21 09:36:24 +1000
commit706140a1dcc5220739bde0f17afcb32ebc0c130a (patch)
tree2107148f3c62b1f429553605b8ad906160d3b2e8
parent3408a2d18fa61e2a7e3b3e05cc3c454e5e15f2ce (diff)
downloadsamba-706140a1dcc5220739bde0f17afcb32ebc0c130a.tar.gz
samba-706140a1dcc5220739bde0f17afcb32ebc0c130a.tar.bz2
samba-706140a1dcc5220739bde0f17afcb32ebc0c130a.zip
Make invalid 'member' detection work again.
This defines a rootdn globally, and due to OpenLDAP bugs, gives it manage access to the whole database. This makes the memberOf module able to validate the links again, now we have database ACLs. Andrew Bartlett (This used to be commit 9fe3e9f09f89fd92f8a16768e53391ff5f8489ec)
-rw-r--r--source4/setup/slapd.conf4
1 files changed, 4 insertions, 0 deletions
diff --git a/source4/setup/slapd.conf b/source4/setup/slapd.conf
index 495847f7fe..4dcfd2aba7 100644
--- a/source4/setup/slapd.conf
+++ b/source4/setup/slapd.conf
@@ -32,6 +32,7 @@ access to dn.subtree="cn=samba"
access to dn.subtree="${DOMAINDN}"
by dn=cn=samba-admin,cn=samba manage
+ by dn=cn=manager manage
by * none
password-hash {CLEARTEXT}
@@ -40,6 +41,8 @@ include ${LDAPDIR}/modules.conf
defaultsearchbase ${DOMAINDN}
+rootdn cn=Manager
+
${REFINT_CONFIG}
${MEMBEROF_CONFIG}
@@ -47,6 +50,7 @@ ${MEMBEROF_CONFIG}
database ldif
suffix cn=Samba
directory ${LDAPDIR}/db/samba
+rootdn cn=Manager,cn=Samba
database hdb