X-Git-Url: https://git.adam-barratt.org.uk/?a=blobdiff_plain;f=userdir-ldap-slapd.conf.in;h=f586e398498b0d74e160979536276d1110eca004;hb=a3437bcd185d533199ebd7c3e0f69b816cc904af;hp=6b7017390bad3768d3e9f414548825a04a712c26;hpb=0c22206af0642d8dc73c0c2622721bf69cb706bf;p=mirror%2Fuserdir-ldap.git

diff --git a/userdir-ldap-slapd.conf.in b/userdir-ldap-slapd.conf.in
index 6b70173..f586e39 100644
--- a/userdir-ldap-slapd.conf.in
+++ b/userdir-ldap-slapd.conf.in
@@ -8,16 +8,9 @@ suffix          "@@DN@@"
 directory       "/var/lib/ldap"
 
 # Indexing options
-index uid eq
-index keyfingerprint eq
-index cn,sn sub,eq
-index dnsZoneEntry eq
-index uidNumber eq
-index gidNumber eq
-index ircNick sub,eq
-index c eq
-index gender eq
-index birthDate eq
+index gecos,cn,sn,uid,ircNick,hostname,emailForward pres,eq,sub,approx
+index keyfingerprint,homeDirectory,objectClass,loginShell,supplementaryGid pres,eq
+index c,gender,dnsZoneEntry,birthDate,gidNumber,uidNumber pres,eq
 
 # Don't limit queries to the default of 500
 sizelimit 10000
@@ -26,7 +19,13 @@ sizelimit 10000
 lastmod on
 
 # owner writeable
-access to attrs=userPassword,sshrsaauthkey
+access to attrs=userPassword,sudoPassword
+	by group="cn=LDAP Administrator,ou=users,@@DN@@" write
+	by dn="uid=sshdist,ou=users,@@DN@@"  write
+	by self write
+	by * compare
+
+access to attrs=sshrsaauthkey
 	by group="cn=LDAP Administrator,ou=users,@@DN@@" write
 	by dn="uid=sshdist,ou=users,@@DN@@"  write
 	by self read
@@ -43,7 +42,7 @@ access to attrs=activity-pgp,activity-from,dnsZoneEntry
 	by * none
 
 # owner writeable, debian readable, authenticated user readable
-access to attrs=c,l,loginShell,ircNick,labeledURI,icqUIN,jabberJID,onVacation,birthDate,mailDisableMessage,gender,emailforward,mailCallout,mailGreylisting,mailRBL,mailRHSBL,mailWhitelist
+access to attrs=c,l,loginShell,ircNick,labeledURI,icqUIN,jabberJID,onVacation,birthDate,mailDisableMessage,gender,emailforward,mailCallout,mailGreylisting,mailRBL,mailRHSBL,mailWhitelist,mailContentInspectionAction
 	by group="cn=LDAP Administrator,ou=users,@@DN@@" write
 	by dn="uid=sshdist,ou=users,@@DN@@" write
 	by self write