From e8dfa06d45b4aaa784b9f8795f4197451aed4188 Mon Sep 17 00:00:00 2001
From: Andrew Bartlett <abartlet@samba.org>
Date: Wed, 3 Jan 2007 05:31:50 +0000
Subject: r20495: Further notes on joining with fedora DS.

Add in a hook for adding an ACI, needed to allow anonymous access
until we hook across a SYSTEM token to the LDAP server.

Andrew Bartlett
(This used to be commit f45504e2714680978f101b4a98516686a17531df)
---
 source4/setup/fedora-ds-init.ldif   | 3 ++-
 source4/setup/provision             | 8 ++++++--
 source4/setup/provision_basedn.ldif | 1 +
 3 files changed, 9 insertions(+), 3 deletions(-)

(limited to 'source4/setup')

diff --git a/source4/setup/fedora-ds-init.ldif b/source4/setup/fedora-ds-init.ldif
index f7d350c550..83cdb6b392 100644
--- a/source4/setup/fedora-ds-init.ldif
+++ b/source4/setup/fedora-ds-init.ldif
@@ -22,5 +22,6 @@ nsslapd-suffix: dc=tammy,dc=abartlet,dc=net
 #
 
 
-# provision with --ldap-backend=ldap://localhost:4389 --ldap-module=nsuniqueid
+# provision with --ldap-backend=ldap://localhost:4389 --ldap-module=nsuniqueid --aci='aci: (targetattr = "*") (version 3.0;acl "full access to all by all";allow (all)(userdn = "ldap:///anyone");)'
+
 
diff --git a/source4/setup/provision b/source4/setup/provision
index 8912b28792..8f1d422f51 100755
--- a/source4/setup/provision
+++ b/source4/setup/provision
@@ -31,7 +31,8 @@ options = GetOptions(ARGV,
 		'blank',
 		'ldap-base',
 		'ldap-backend=s',
-                'ldap-module=s');
+                'ldap-module=s',
+                'aci=s');
 
 if (options == undefined) {
    println("Failed to parse options");
@@ -81,7 +82,7 @@ provision [options]
  --ldap-base			output only an LDIF file, suitable for creating an LDAP baseDN
  --ldap-backend LDAPSERVER      LDAP server to use for this provision
  --ldap-module= MODULE          LDB mapping module to use for the LDAP backend
-
+ --aci=         ACI             An arbitary LDIF fragment, particularly useful to loading a backend ACI value into a target LDAP server
 You must provide at least a realm and domain
 
 ");
@@ -112,6 +113,9 @@ for (r in options) {
 	var key = strupper(join("", split("-", r)));
 	subobj[key] = options[r];
 }
+if (options["aci"] != undefined) {
+	println("set ACI: " + subobj["ACI"]);
+}
 
 if (options["ldap-backend"] != undefined) {
 	subobj["LDAPMODULES"] = subobj["LDAPMODULE"] + ",paged_searches";
diff --git a/source4/setup/provision_basedn.ldif b/source4/setup/provision_basedn.ldif
index ab79319f20..e8cf8005f3 100644
--- a/source4/setup/provision_basedn.ldif
+++ b/source4/setup/provision_basedn.ldif
@@ -6,5 +6,6 @@ objectClass: top
 objectClass: domain
 objectClass: domainDNS
 ${EXTENSIBLEOBJECT}
+${ACI}
 dc: ${RDN_DC}
 
-- 
cgit