# Where the database file are physically stored
directory "/var/lib/ldap"
+moduleload accesslog
+overlay accesslog
+logdb cn=log
+logops writes
+logold (objectclass=top)
+
moduleload constraint
overlay constraint
constraint_attribute keyfingerprint regex ^([0-9A-F]{40})$
access to attrs=activity-pgp,activity-from,dnsZoneEntry,c,l,loginShell,onVacation,birthDate,mailDisableMessage,gender,emailforward,mailCallout,mailGreylisting,mailRBL,mailRHSBL,mailWhitelist,mailContentInspectionAction,mailDefaultOptions
by peername.ip=127.0.0.1 read
by domain=alioth.debian.org none
- by domain.subtree=@@DOMAIN@@ read
- by dn.regex="uid=.*,ou=users,@@DN@@" read
+ by domain.subtree=debian.org read
+ by dn.regex="uid=.*,ou=users,dc=debian,dc=org" read
by * none
# authenticated user readable
access to attrs=facsimileTelephoneNumber,telephoneNumber,postalAddress,postalCode,privateSub,latitude,longitude,VoIP
- by dn.regex="uid=.*,ou=users,@@DN@@" read
+ by dn.regex="uid=.*,ou=users,dc=debian,dc=org" read
by * none
# rest is globally readable
access to *
by * read
+
+
+database hdb
+directory "/var/lib/ldap-log"
+suffix cn=log
+#
+sizelimit 10000
+
+index reqStart eq
+access to *
+ by group="cn=LDAP Administrator,ou=users,dc=debian,dc=org" write
+ by dn="uid=sshdist,ou=users,dc=debian,dc=org" read
+ by * none
+