X-Git-Url: https://git.adam-barratt.org.uk/?a=blobdiff_plain;f=doc%2Fslapd-config.txt;h=1804081e6c241185b3727405b09b24c8f4c669e1;hb=fe66cb2a8ed7feb74119e353625d48a6a3fcff41;hp=0cc754635ec617a7bd40907c11f90049e326b7cf;hpb=c50d88536a4feb3087d1aa802e110250cb2861fc;p=mirror%2Fuserdir-ldap.git

diff --git a/doc/slapd-config.txt b/doc/slapd-config.txt
index 0cc7546..1804081 100644
--- a/doc/slapd-config.txt
+++ b/doc/slapd-config.txt
@@ -11,35 +11,70 @@ index cn,sn approx,sub,eq
 
 # Administrate 
 #rootdn "uid=admin,ou=users,dc=debian,dc=org"
-#rootpw 
+#rootpw
 
 # Restrict reading/modification of the password to administration and self
-access to attrs=userpassword
+access to attrs=userpassword,sshrsaauthkey
         by self write
         by dn="uid=admin,ou=users,dc=debian,dc=org" write
-        by * compare	
+        by group="uid=admin,ou=users,dc=debian,dc=org" write
+        by * compare    
 
-# Reading of eamil forward is restricted by machine
 access to attrs=emailforward
         by dn="uid=admin,ou=users,dc=debian,dc=org" write
+        by group="uid=admin,ou=users,dc=debian,dc=org" write
         by self write
         by addr=127.0.0.1 read
-	by domain=.*\.debian\.org read
-	by * none
-	
-# Public self modifyable attributes
-access to attrs=c,l,loginShell,ircNick,labeledURL
+        by domain=.*\.debian\.org read
+        by * none
+access to attrs=c,l,loginShell,ircNick
         by dn="uid=admin,ou=users,dc=debian,dc=org" write
+        by group="uid=admin,ou=users,dc=debian,dc=org" write
         by self write
-	
-# Private self modifyable fields that are still viewable by other users
-# in the directory.
-access to attrs=facsimileTelephoneNumber,telephoneNumber,postalAddress,postalCode,loginShell,onvacation
+access to attrs=facsimileTelephoneNumber,telephoneNumber,postalAddress,postalC
+ode,loginShell,onvacation,privateSub,latitude,longitude
         by dn="uid=admin,ou=users,dc=debian,dc=org" write
+        by group="uid=admin,ou=users,dc=debian,dc=org" write
         by self write
-	by dn="uid=.*,ou=users,dc=debian,dc=org" read
-	by * none
-	
-# Remainder	
+        by dn="uid=.*,ou=users,dc=debian,dc=org" read
+        by * none
 access to * 
         by dn="uid=admin,ou=users,dc=debian,dc=org" write
+        by group="uid=admin,ou=users,dc=debian,dc=org" write
+
+# End----------
+
+Note that in more modern versions of slapd, the "by addr" and "by domain"
+syntax has changed and the following should be used instead:
+        by peername.ip=127.0.0.1 read
+        by domain.subtree=debian.org read
+
+
+
+Here is the initial seed file to import and setup the proper entries:
+
+dn: dc=org
+dc: net
+objectClass: top
+objectClass: domain
+
+dn: dc=debian,dc=org
+dc: visi
+objectClass: top
+objectClass: domain
+
+dn: ou=users,dc=debian,dc=org
+ou: users
+objectClass: top
+objectClass: organizationalUnit
+
+dn: uid=admin,ou=users,dc=debian,dc=org
+uid: admin
+cn: LDAP administrator
+objectClass: top
+objectClass: groupOfNames
+userPassword: {crypt}?????
+member: uid=jgg,ou=users,dc=debian,dc=org
+member: uid=joey,ou=users,dc=debian,dc=org
+member: uid=troup,ou=users,dc=debian,dc=org
+mail: debian-admin@debian.org