projects / mirror / userdir-ldap.git / blobdiff
? search:
summary | shortlog | log | commit | commitdiff | tree
raw | inline | side by side
ud-mailgate: remove exception for münchen.debian.net
[mirror/userdir-ldap.git] / userdir-ldap-slapd.conf.in
diff --git a/userdir-ldap-slapd.conf.in b/userdir-ldap-slapd.conf.in
index 2ae78b3..0bec183 100644 (file)
--- a/userdir-ldap-slapd.conf.in
+++ b/userdir-ldap-slapd.conf.in
@@ -21,7 +21,7 @@ constraint_attribute keyfingerprint regex ^([0-9A-F]{40})$
 # Indexing options
 index gecos,cn,sn,uid,ircNick,hostname,emailForward pres,eq,sub,approx
 index keyfingerprint,homeDirectory,objectClass,loginShell,supplementaryGid pres,eq
-index c,gender,dnsZoneEntry,birthDate,gidNumber,uidNumber pres,eq
+index c,dnsZoneEntry,birthDate,gidNumber,uidNumber pres,eq
 
 # Don't limit queries to the default of 500
 sizelimit 10000
@@ -50,10 +50,11 @@ access to filter="(!(supplementaryGid=adm))" attrs=keyFingerPrint
 # allow listmasters to write to the privateSub attribute
 access to attrs=privateSub
        by group="cn=Listmasters,ou=users,@@DN@@" write
+       by self write
        by * break
 
 # allow users write access to an explicit subset of their fields
-access to attrs=c,l,loginShell,ircNick,labeledURI,icqUIN,jabberJID,onVacation,birthDate,mailDisableMessage,gender,emailforward,mailCallout,mailGreylisting,mailRBL,mailRHSBL,mailWhitelist,mailContentInspectionAction,mailDefaultOptions,facsimileTelephoneNumber,telephoneNumber,postalAddress,postalCode,loginShell,onVacation,privateSub,latitude,longitude,VoIP,userPassword,sudoPassword,webPassword,voipPassword,bATVToken
+access to attrs=c,l,loginShell,ircNick,labeledURI,icqUIN,jabberJID,onVacation,birthDate,mailDisableMessage,emailforward,mailCallout,mailGreylisting,mailRBL,mailRHSBL,mailWhitelist,mailContentInspectionAction,mailDefaultOptions,facsimileTelephoneNumber,telephoneNumber,postalAddress,postalCode,loginShell,onVacation,latitude,longitude,VoIP,userPassword,sudoPassword,webPassword,rtcPassword,bATVToken
        by self write
        by * break
 
@@ -63,18 +64,21 @@ access to attrs=c,l,loginShell,ircNick,labeledURI,icqUIN,jabberJID,onVacation,bi
 ##
 
 # allow authn/z by anyone
-access to attrs=userPassword,sudoPassword,webPassword,voipPassword,bATVToken
+access to attrs=userPassword,sudoPassword,webPassword,rtcPassword,bATVToken
        by * compare
 
+# inaccessible to everybody
+access to attrs=totpSeed
+       by * none
+
 # readable only by self
 access to attrs=sshrsaauthkey
        by self read
        by * none
 
 # debian.org readable, authenticated user readable
-access to attrs=activity-pgp,activity-from,dnsZoneEntry,c,l,loginShell,onVacation,birthDate,mailDisableMessage,gender,emailforward,mailCallout,mailGreylisting,mailRBL,mailRHSBL,mailWhitelist,mailContentInspectionAction,mailDefaultOptions
+access to attrs=activity-pgp,activity-from,c,l,loginShell,onVacation,birthDate,mailDisableMessage,emailforward,mailCallout,mailGreylisting,mailRBL,mailRHSBL,mailWhitelist,mailContentInspectionAction,mailDefaultOptions
        by peername.ip=127.0.0.1 read
-       by domain=alioth.debian.org none
        by domain.subtree=@@DOMAIN@@ read
        by dn.regex="uid=.*,ou=users,@@DN@@" read
        by * none
Mirror of Debian's userdir-ldap repository