X-Git-Url: https://git.adam-barratt.org.uk/?p=mirror%2Fuserdir-ldap.git;a=blobdiff_plain;f=doc%2Fslapd-config.txt;h=23a8a1c839944150e43ad462320204c27826fdd7;hp=cdf91916608f2ba2890fb6b6037d88fbae576687;hb=b57e8dd08a1e9ae2243179519b2080d571d31f3c;hpb=192b08454e66c7c753f47c1b4be1d89c5feac6c8 diff --git a/doc/slapd-config.txt b/doc/slapd-config.txt index cdf9191..23a8a1c 100644 --- a/doc/slapd-config.txt +++ b/doc/slapd-config.txt @@ -6,48 +6,7 @@ access controls to keep the data safe. Here is a sample: security simple_bind=128 # and the database definition -database bdb - -# Turn on automatic last modification time -lastmod on - -# Index some things -index uid eq -index keyfingerprint eq -index cn,sn approx,sub,eq - -# Administrate -#rootdn "uid=admin,ou=users,dc=debian,dc=org" -#rootpw - -# Restrict reading/modification of the password to administration and self -access to attrs=userpassword,sshrsaauthkey - by self write - by dn="uid=admin,ou=users,dc=debian,dc=org" write - by group="uid=admin,ou=users,dc=debian,dc=org" write - by * compare - -access to attrs=emailforward - by dn="uid=admin,ou=users,dc=debian,dc=org" write - by group="uid=admin,ou=users,dc=debian,dc=org" write - by self write - by addr=127.0.0.1 read - by domain=.*\.debian\.org read - by * none -access to attrs=c,l,loginShell,ircNick - by dn="uid=admin,ou=users,dc=debian,dc=org" write - by group="uid=admin,ou=users,dc=debian,dc=org" write - by self write -access to attrs=facsimileTelephoneNumber,telephoneNumber,postalAddress,postalC -ode,loginShell,onvacation,privateSub,latitude,longitude - by dn="uid=admin,ou=users,dc=debian,dc=org" write - by group="uid=admin,ou=users,dc=debian,dc=org" write - by self write - by dn="uid=.*,ou=users,dc=debian,dc=org" read - by * none -access to * - by dn="uid=admin,ou=users,dc=debian,dc=org" write - by group="uid=admin,ou=users,dc=debian,dc=org" write +include /etc/ldap/userdir-ldap-slapd.conf # Overlays are useful to enforce constraints: @@ -56,6 +15,12 @@ overlay unique unique_uri ldap:///ou=users,dc=debian,dc=org?uidNumber,uid,keyFingerPrint?sub unique_uri ldap:///ou=groups,dc=debian,dc=org?gidNumber,cn?sub +# Constraints are useful +moduleload /usr/lib/ldap/constraint.so +overlay constraint +constraint_attribute mailContentInspectionAction regex ^([mM][aA][rR][kK][uU][pP]|[bB][lL][aA][cC][kK][hH][oO][lL][eE]|[rR][eE][jJ][eE][cC][tT])$ +constraint_attribute gender regex ^(1|2|9|[mM][aA][lL][eE]|[fF][eE][mM][aA][lL][eE]|[uU][nN][sS][pP][eE][cC][iI][fF][iI][eE][dD])$ + # End---------- Note that in more modern versions of slapd, the "by addr" and "by domain"