Merge changes back in
[mirror/userdir-ldap.git] / userdir-ldap-slapd.conf.in
1 # The backend type, ldbm, is the default standard
2 database bdb
3
4 # The base of your directory
5 suffix          "@@DN@@"
6
7 # Where the database file are physically stored
8 directory       "/var/lib/ldap"
9
10 # Indexing options
11 index uid eq
12 index keyfingerprint eq
13 index cn,sn sub,eq
14 index dnsZoneEntry eq
15 index uidNumber eq
16 index gidNumber eq
17 index ircNick sub,eq
18 index c eq
19 index gender eq
20 index birthDate eq
21
22 # Don't limit queries to the default of 500
23 sizelimit 10000
24
25 # Save the time that the entry gets modified
26 lastmod on
27
28 # owner writeable
29 access to attrs=userPassword,sudoPassword
30         by group="cn=LDAP Administrator,ou=users,@@DN@@" write
31         by dn="uid=sshdist,ou=users,@@DN@@"  write
32         by self write
33         by * compare
34
35 access to attrs=sshrsaauthkey
36         by group="cn=LDAP Administrator,ou=users,@@DN@@" write
37         by dn="uid=sshdist,ou=users,@@DN@@"  write
38         by self read
39         by * compare
40
41 # debian readable
42 access to attrs=activity-pgp,activity-from,dnsZoneEntry
43         by group="cn=LDAP Administrator,ou=users,@@DN@@" write
44         by dn="uid=sshdist,ou=users,@@DN@@" write
45         by peername.ip=127.0.0.1 read
46         by domain=alioth.debian.org none
47         by domain.subtree=@@DOMAIN@@ read
48         by dn.regex="uid=.*,ou=users,@@DN@@" read
49         by * none
50
51 # owner writeable, debian readable, authenticated user readable
52 access to attrs=c,l,loginShell,ircNick,labeledURI,icqUIN,jabberJID,onVacation,birthDate,mailDisableMessage,gender,emailforward,mailCallout,mailGreylisting,mailRBL,mailRHSBL,mailWhitelist
53         by group="cn=LDAP Administrator,ou=users,@@DN@@" write
54         by dn="uid=sshdist,ou=users,@@DN@@" write
55         by self write
56         by dn.regex="uid=.*,ou=users,@@DN@@" read
57         by peername.ip=127.0.0.1 read
58         by domain=alioth.debian.org none
59         by domain.subtree=@@DOMAIN@@ read
60         by * none
61
62 # owner writeable, authenticated user readable
63 access to attrs=facsimileTelephoneNumber,telephoneNumber,postalAddress,postalCode,loginShell,onVacation,privateSub,latitude,longitude,VoIP
64         by group="cn=LDAP Administrator,ou=users,@@DN@@" write
65         by dn="uid=sshdist,ou=users,@@DN@@" write
66         by self write
67         by dn.regex="uid=.*,ou=users,@@DN@@" read
68         by * none
69
70 # globally readable
71 access to *
72         by group="cn=LDAP Administrator,ou=users,@@DN@@" write
73         by dn="uid=sshdist,ou=users,@@DN@@" write
74         by * read