# Where the database file are physically stored
directory "/var/lib/ldap"
+moduleload constraint
+overlay constraint
+constraint_attribute keyfingerprint regex ^([0-9A-F]{40})$
+
# Indexing options
index gecos,cn,sn,uid,ircNick,hostname,emailForward pres,eq,sub,approx
index keyfingerprint,homeDirectory,objectClass,loginShell,supplementaryGid pres,eq
# allow keyring maint to write to the keyFingerPrint attribute
# (make an exception for adm for security reasons)
access to filter="(!(supplementaryGid=adm))" attrs=keyFingerPrint
- by dn="cn=Keyring Maintainers,ou=users,@@DN@@" write
+ by group="cn=Keyring Maintainers,ou=users,@@DN@@" write
by * break
# allow users write access to an explicit subset of their fields