1 Most of the configuration of the ldap server has to do with getting correct
2 access controls to keep the data safe. Here is a sample:
4 # Turn on automatic last modification time
9 index keyfingerprint eq
10 index cn,sn approx,sub,eq
13 #rootdn "uid=admin,ou=users,dc=debian,dc=org"
16 # Restrict reading/modification of the password to administration and self
17 access to attrs=userpassword
19 by dn="uid=admin,ou=users,dc=debian,dc=org" write
22 # Reading of eamil forward is restricted by machine
23 access to attrs=emailforward
24 by dn="uid=admin,ou=users,dc=debian,dc=org" write
26 by addr=127.0.0.1 read
27 by domain=.*\.debian\.org read
30 # Public self modifyable attributes
31 access to attrs=c,l,loginShell,ircNick,labeledURL
32 by dn="uid=admin,ou=users,dc=debian,dc=org" write
35 # Private self modifyable fields that are still viewable by other users
37 access to attrs=facsimileTelephoneNumber,telephoneNumber,postalAddress,postalCode,loginShell,onvacation
38 by dn="uid=admin,ou=users,dc=debian,dc=org" write
40 by dn="uid=.*,ou=users,dc=debian,dc=org" read
45 by dn="uid=admin,ou=users,dc=debian,dc=org" write