X-Git-Url: https://git.adam-barratt.org.uk/?a=blobdiff_plain;f=userdir-ldap-slapd.conf.in;h=dfd094ea3d613e176b77fe81d808f21e96cd3740;hb=fe12f1a9d872cd6570ff1744b60629e8c26601f8;hp=c966a2930c731094629ac090a7f950d0368634f3;hpb=ce97fece60c8f085f73f3d71c1c09ab6bef96111;p=mirror%2Fuserdir-ldap.git

diff --git a/userdir-ldap-slapd.conf.in b/userdir-ldap-slapd.conf.in
index c966a29..dfd094e 100644
--- a/userdir-ldap-slapd.conf.in
+++ b/userdir-ldap-slapd.conf.in
@@ -12,6 +12,7 @@ overlay accesslog
 logdb cn=log
 logops writes
 logold (objectclass=top)
+logpurge 90+00:00 1+00:00
 
 moduleload      constraint
 overlay constraint
@@ -47,7 +48,7 @@ access to filter="(!(supplementaryGid=adm))" attrs=keyFingerPrint
 	by * break
 
 # allow users write access to an explicit subset of their fields
-access to attrs=c,l,loginShell,ircNick,labeledURI,icqUIN,jabberJID,onVacation,birthDate,mailDisableMessage,gender,emailforward,mailCallout,mailGreylisting,mailRBL,mailRHSBL,mailWhitelist,mailContentInspectionAction,mailDefaultOptions,facsimileTelephoneNumber,telephoneNumber,postalAddress,postalCode,loginShell,onVacation,privateSub,latitude,longitude,VoIP,userPassword,sudoPassword,bATVToken
+access to attrs=c,l,loginShell,ircNick,labeledURI,icqUIN,jabberJID,onVacation,birthDate,mailDisableMessage,gender,emailforward,mailCallout,mailGreylisting,mailRBL,mailRHSBL,mailWhitelist,mailContentInspectionAction,mailDefaultOptions,facsimileTelephoneNumber,telephoneNumber,postalAddress,postalCode,loginShell,onVacation,privateSub,latitude,longitude,VoIP,userPassword,sudoPassword,webPassword,voipPassword,bATVToken
 	by self write
 	by * break
 
@@ -57,7 +58,7 @@ access to attrs=c,l,loginShell,ircNick,labeledURI,icqUIN,jabberJID,onVacation,bi
 ##
 
 # allow authn/z by anyone
-access to attrs=userPassword,sudoPassword,bATVToken
+access to attrs=userPassword,sudoPassword,webPassword,voipPassword,bATVToken
 	by * compare
 
 # readable only by self
@@ -69,13 +70,13 @@ access to attrs=sshrsaauthkey
 access to attrs=activity-pgp,activity-from,dnsZoneEntry,c,l,loginShell,onVacation,birthDate,mailDisableMessage,gender,emailforward,mailCallout,mailGreylisting,mailRBL,mailRHSBL,mailWhitelist,mailContentInspectionAction,mailDefaultOptions
 	by peername.ip=127.0.0.1 read
 	by domain=alioth.debian.org none
-	by domain.subtree=debian.org read
-	by dn.regex="uid=.*,ou=users,dc=debian,dc=org" read
+	by domain.subtree=@@DOMAIN@@ read
+	by dn.regex="uid=.*,ou=users,@@DN@@" read
 	by * none
 
 # authenticated user readable
 access to attrs=facsimileTelephoneNumber,telephoneNumber,postalAddress,postalCode,privateSub,latitude,longitude,VoIP
-	by dn.regex="uid=.*,ou=users,dc=debian,dc=org" read
+	by dn.regex="uid=.*,ou=users,@@DN@@" read
 	by * none
 
 
@@ -92,7 +93,7 @@ sizelimit 10000
 
 index reqStart eq
 access to *
-	by group="cn=LDAP Administrator,ou=users,dc=debian,dc=org" write
-	by dn="uid=sshdist,ou=users,dc=debian,dc=org" read
+	by group="cn=LDAP Administrator,ou=users,@@DN@@" write
+	by dn="uid=sshdist,ou=users,@@DN@@" read
 	by * none