From 706140a1dcc5220739bde0f17afcb32ebc0c130a Mon Sep 17 00:00:00 2001
From: Andrew Bartlett <abartlet@samba.org>
Date: Mon, 21 Jul 2008 09:36:24 +1000
Subject: Make invalid 'member' detection work again.

This defines a rootdn globally, and due to OpenLDAP bugs, gives it
manage access to the whole database.  This makes the memberOf module
able to validate the links again, now we have database ACLs.

Andrew Bartlett
(This used to be commit 9fe3e9f09f89fd92f8a16768e53391ff5f8489ec)
---
 source4/setup/slapd.conf | 4 ++++
 1 file changed, 4 insertions(+)

(limited to 'source4/setup/slapd.conf')

diff --git a/source4/setup/slapd.conf b/source4/setup/slapd.conf
index 495847f7fe..4dcfd2aba7 100644
--- a/source4/setup/slapd.conf
+++ b/source4/setup/slapd.conf
@@ -32,6 +32,7 @@ access to dn.subtree="cn=samba"
 
 access to dn.subtree="${DOMAINDN}"
        by dn=cn=samba-admin,cn=samba manage
+       by dn=cn=manager manage
        by * none
 
 password-hash   {CLEARTEXT}
@@ -40,6 +41,8 @@ include ${LDAPDIR}/modules.conf
 
 defaultsearchbase ${DOMAINDN}
 
+rootdn cn=Manager
+
 ${REFINT_CONFIG}
 
 ${MEMBEROF_CONFIG}
@@ -47,6 +50,7 @@ ${MEMBEROF_CONFIG}
 database	ldif
 suffix		cn=Samba
 directory       ${LDAPDIR}/db/samba
+rootdn          cn=Manager,cn=Samba
 
 
 database        hdb
-- 
cgit