diff options
Diffstat (limited to 'source4/setup/slapd.conf')
| -rw-r--r-- | source4/setup/slapd.conf | 39 |
1 files changed, 30 insertions, 9 deletions
diff --git a/source4/setup/slapd.conf b/source4/setup/slapd.conf index 15b9d3104e..b1ce6f6492 100644 --- a/source4/setup/slapd.conf +++ b/source4/setup/slapd.conf @@ -5,17 +5,36 @@ include ${LDAPDIR}/backend-schema.schema pidfile ${LDAPDIR}/slapd.pid argsfile ${LDAPDIR}/slapd.args sasl-realm ${DNSDOMAIN} -access to * by * write -allow update_anon +#authz-regexp +# uid=([^,]*),cn=${DNSDOMAIN},cn=digest-md5,cn=auth +# ldap:///${DOMAINDN}??sub?(samAccountName=\$1) -authz-regexp - uid=([^,]*),cn=${DNSDOMAIN},cn=digest-md5,cn=auth - ldap:///${DOMAINDN}??sub?(samAccountName=\$1) +#authz-regexp +# uid=([^,]*),cn=([^,]*),cn=digest-md5,cn=auth +# ldap:///${DOMAINDN}??sub?(samAccountName=\$1) authz-regexp uid=([^,]*),cn=([^,]*),cn=digest-md5,cn=auth - ldap:///${DOMAINDN}??sub?(samAccountName=\$1) + ldap:///cn=samba??one?(cn=\$1) + +authz-regexp + uid=([^,]*),cn=([^,]*),cn=ntlm,cn=auth + ldap:///cn=samba??one?(cn=\$1) + +access to dn.base="" + by dn=cn=samba-admin,cn=samba manage + by anonymous read + by * read + +access to dn.subtree="cn=samba" + by anonymous auth + +access to dn.subtree="${DOMAINDN}" + by dn=cn=samba-admin,cn=samba manage + by * read + +password-hash {CLEARTEXT} include ${LDAPDIR}/modules.conf @@ -23,6 +42,11 @@ defaultsearchbase ${DOMAINDN} ${MEMBEROF_CONFIG} +database ldif +suffix cn=Samba +directory ${LDAPDIR}/db/samba + + database hdb suffix ${SCHEMADN} directory ${LDAPDIR}/db/schema @@ -78,9 +102,6 @@ index dnsRoot eq index nETBIOSName eq index cn eq -rootdn ${LDAPMANAGERDN} -rootpw ${LDAPMANAGERPASS} - #syncprov is stable in OpenLDAP 2.3, and available in 2.2. #We only need this for the contextCSN attribute anyway.... overlay syncprov |