summaryrefslogtreecommitdiff
diff options
context:
space:
mode:
authorAndrew Bartlett <abartlet@samba.org>2007-01-03 05:31:50 +0000
committerGerald (Jerry) Carter <jerry@samba.org>2007-10-10 14:36:00 -0500
commite8dfa06d45b4aaa784b9f8795f4197451aed4188 (patch)
tree6c854d4cff4e28cd78f69b16ea4b5d279ce099b6
parent43b715a96d4abe73b9478456ced498d58a9077d4 (diff)
downloadsamba-e8dfa06d45b4aaa784b9f8795f4197451aed4188.tar.gz
samba-e8dfa06d45b4aaa784b9f8795f4197451aed4188.tar.bz2
samba-e8dfa06d45b4aaa784b9f8795f4197451aed4188.zip
r20495: Further notes on joining with fedora DS.
Add in a hook for adding an ACI, needed to allow anonymous access until we hook across a SYSTEM token to the LDAP server. Andrew Bartlett (This used to be commit f45504e2714680978f101b4a98516686a17531df)
-rw-r--r--source4/scripting/libjs/provision.js1
-rw-r--r--source4/setup/fedora-ds-init.ldif3
-rwxr-xr-xsource4/setup/provision8
-rw-r--r--source4/setup/provision_basedn.ldif1
4 files changed, 10 insertions, 3 deletions
diff --git a/source4/scripting/libjs/provision.js b/source4/scripting/libjs/provision.js
index 96e55bc4ae..954335d335 100644
--- a/source4/scripting/libjs/provision.js
+++ b/source4/scripting/libjs/provision.js
@@ -701,6 +701,7 @@ function provision_guess()
subobj.LDAPMODULE = "entryUUID";
subobj.LDAPMODULES = "objectguid";
subobj.EXTENSIBLEOBJECT = "# no objectClass: extensibleObject for local ldb";
+ subobj.ACI = "# no aci for local ldb";
return subobj;
}
diff --git a/source4/setup/fedora-ds-init.ldif b/source4/setup/fedora-ds-init.ldif
index f7d350c550..83cdb6b392 100644
--- a/source4/setup/fedora-ds-init.ldif
+++ b/source4/setup/fedora-ds-init.ldif
@@ -22,5 +22,6 @@ nsslapd-suffix: dc=tammy,dc=abartlet,dc=net
#
-# provision with --ldap-backend=ldap://localhost:4389 --ldap-module=nsuniqueid
+# provision with --ldap-backend=ldap://localhost:4389 --ldap-module=nsuniqueid --aci='aci: (targetattr = "*") (version 3.0;acl "full access to all by all";allow (all)(userdn = "ldap:///anyone");)'
+
diff --git a/source4/setup/provision b/source4/setup/provision
index 8912b28792..8f1d422f51 100755
--- a/source4/setup/provision
+++ b/source4/setup/provision
@@ -31,7 +31,8 @@ options = GetOptions(ARGV,
'blank',
'ldap-base',
'ldap-backend=s',
- 'ldap-module=s');
+ 'ldap-module=s',
+ 'aci=s');
if (options == undefined) {
println("Failed to parse options");
@@ -81,7 +82,7 @@ provision [options]
--ldap-base output only an LDIF file, suitable for creating an LDAP baseDN
--ldap-backend LDAPSERVER LDAP server to use for this provision
--ldap-module= MODULE LDB mapping module to use for the LDAP backend
-
+ --aci= ACI An arbitary LDIF fragment, particularly useful to loading a backend ACI value into a target LDAP server
You must provide at least a realm and domain
");
@@ -112,6 +113,9 @@ for (r in options) {
var key = strupper(join("", split("-", r)));
subobj[key] = options[r];
}
+if (options["aci"] != undefined) {
+ println("set ACI: " + subobj["ACI"]);
+}
if (options["ldap-backend"] != undefined) {
subobj["LDAPMODULES"] = subobj["LDAPMODULE"] + ",paged_searches";
diff --git a/source4/setup/provision_basedn.ldif b/source4/setup/provision_basedn.ldif
index ab79319f20..e8cf8005f3 100644
--- a/source4/setup/provision_basedn.ldif
+++ b/source4/setup/provision_basedn.ldif
@@ -6,5 +6,6 @@ objectClass: top
objectClass: domain
objectClass: domainDNS
${EXTENSIBLEOBJECT}
+${ACI}
dc: ${RDN_DC}