X-Git-Url: https://git.adam-barratt.org.uk/?a=blobdiff_plain;f=doc%2Fslapd-config.txt;h=bf4417689e4c2990d37a90120091f193a55fee35;hb=91e87667ac77b0814130822608305c7c689e815f;hp=0cc754635ec617a7bd40907c11f90049e326b7cf;hpb=c50d88536a4feb3087d1aa802e110250cb2861fc;p=mirror%2Fuserdir-ldap.git

diff --git a/doc/slapd-config.txt b/doc/slapd-config.txt
index 0cc7546..bf44176 100644
--- a/doc/slapd-config.txt
+++ b/doc/slapd-config.txt
@@ -1,45 +1,53 @@
 Most of the configuration of the ldap server has to do with getting correct
 access controls to keep the data safe. Here is a sample:
 
-# Turn on automatic last modification time 
-lastmod on
-
-# Index some things
-index uid eq
-index keyfingerprint eq
-index cn,sn approx,sub,eq
-
-# Administrate 
-#rootdn "uid=admin,ou=users,dc=debian,dc=org"
-#rootpw 
-
-# Restrict reading/modification of the password to administration and self
-access to attrs=userpassword
-        by self write
-        by dn="uid=admin,ou=users,dc=debian,dc=org" write
-        by * compare	
-
-# Reading of eamil forward is restricted by machine
-access to attrs=emailforward
-        by dn="uid=admin,ou=users,dc=debian,dc=org" write
-        by self write
-        by addr=127.0.0.1 read
-	by domain=.*\.debian\.org read
-	by * none
-	
-# Public self modifyable attributes
-access to attrs=c,l,loginShell,ircNick,labeledURL
-        by dn="uid=admin,ou=users,dc=debian,dc=org" write
-        by self write
-	
-# Private self modifyable fields that are still viewable by other users
-# in the directory.
-access to attrs=facsimileTelephoneNumber,telephoneNumber,postalAddress,postalCode,loginShell,onvacation
-        by dn="uid=admin,ou=users,dc=debian,dc=org" write
-        by self write
-	by dn="uid=.*,ou=users,dc=debian,dc=org" read
-	by * none
-	
-# Remainder	
-access to * 
-        by dn="uid=admin,ou=users,dc=debian,dc=org" write
+
+# only allow plain text auth when we do crypto
+security simple_bind=128
+
+# and the database definition
+include /etc/ldap/userdir-ldap-slapd.conf
+
+# Overlays are useful to enforce constraints:
+
+moduleload /usr/lib/ldap/unique.so
+overlay unique
+unique_uri ldap:///ou=users,dc=debian,dc=org?uidNumber,uid,keyFingerPrint?sub
+unique_uri ldap:///ou=groups,dc=debian,dc=org?gidNumber,cn?sub
+
+# End----------
+
+Note that in more modern versions of slapd, the "by addr" and "by domain"
+syntax has changed and the following should be used instead:
+        by peername.ip=127.0.0.1 read
+        by domain.subtree=debian.org read
+
+
+
+Here is the initial seed file to import and setup the proper entries:
+
+dn: dc=org
+dc: net
+objectClass: top
+objectClass: domain
+
+dn: dc=debian,dc=org
+dc: visi
+objectClass: top
+objectClass: domain
+
+dn: ou=users,dc=debian,dc=org
+ou: users
+objectClass: top
+objectClass: organizationalUnit
+
+dn: uid=admin,ou=users,dc=debian,dc=org
+uid: admin
+cn: LDAP administrator
+objectClass: top
+objectClass: groupOfNames
+userPassword: {crypt}?????
+member: uid=jgg,ou=users,dc=debian,dc=org
+member: uid=joey,ou=users,dc=debian,dc=org
+member: uid=troup,ou=users,dc=debian,dc=org
+mail: debian-admin@debian.org