--- /dev/null
+userdir-ldap-slapd.conf
+build
+debian/files
+debian/userdir-ldap
+debian/userdir-ldap.postinst.debhelper
+debian/userdir-ldap.prerm.debhelper
+debian/userdir-ldap.substvars
+doc/ud-generate.8
+doc/ud-gpgimport.8
+doc/ud-info.1
+doc/ud-mailgate.8
+doc/ud-useradd.8
+doc/ud-userimport.8
+doc/ud-xearth.1
these 4 options should be the only ones that exist.
* Allow setting of gender in ud-mailgate. Based on patch by Bernhard
R. Link.
+ * Add userdir-ldap-slapd.conf, a snipped to be included in slapd.conf
+ to the package.
- -- Peter Palfrader <weasel@debian.org> Mon, 09 Jun 2008 22:59:06 +0200
+ -- Peter Palfrader <weasel@debian.org> Mon, 23 Jun 2008 22:52:36 +0200
userdir-ldap (0.3.32) unstable; urgency=low
generate.conf etc/userdir-ldap/
templates/ etc/userdir-ldap/
userdir-ldap.schema etc/ldap/schema/
+userdir-ldap-slapd.conf etc/ldap/
build:
dh_testdir
$(MAKE) -C doc
+ # feel free to put dc=debian,dc=org and debian.org into some config file so that this is easier on others who
+ # also use userdir-ldap.
+ sed -e 's/@@DN@@/dc=debian,dc=org/g; s/@@DOMAIN@@/debian.org/g' < userdir-ldap-slapd.conf.in > userdir-ldap-slapd.conf
touch build
clean:
rm -f build
find . -name '*.py[co]' -print0 | xargs -0 --no-run-if-empty rm -f
$(MAKE) -C doc clean
+ rm -f userdir-ldap-slapd.conf
dh_clean
binary-indep: build
security simple_bind=128
# and the database definition
-database bdb
-
-# Turn on automatic last modification time
-lastmod on
-
-# Index some things
-index uid eq
-index keyfingerprint eq
-index cn,sn approx,sub,eq
-
-# Administrate
-#rootdn "uid=admin,ou=users,dc=debian,dc=org"
-#rootpw
-
-# Restrict reading/modification of the password to administration and self
-access to attrs=userpassword,sshrsaauthkey
- by self write
- by dn="uid=admin,ou=users,dc=debian,dc=org" write
- by group="uid=admin,ou=users,dc=debian,dc=org" write
- by * compare
-
-access to attrs=emailforward
- by dn="uid=admin,ou=users,dc=debian,dc=org" write
- by group="uid=admin,ou=users,dc=debian,dc=org" write
- by self write
- by addr=127.0.0.1 read
- by domain=.*\.debian\.org read
- by * none
-access to attrs=c,l,loginShell,ircNick
- by dn="uid=admin,ou=users,dc=debian,dc=org" write
- by group="uid=admin,ou=users,dc=debian,dc=org" write
- by self write
-access to attrs=facsimileTelephoneNumber,telephoneNumber,postalAddress,postalC
-ode,loginShell,onvacation,privateSub,latitude,longitude
- by dn="uid=admin,ou=users,dc=debian,dc=org" write
- by group="uid=admin,ou=users,dc=debian,dc=org" write
- by self write
- by dn="uid=.*,ou=users,dc=debian,dc=org" read
- by * none
-access to *
- by dn="uid=admin,ou=users,dc=debian,dc=org" write
- by group="uid=admin,ou=users,dc=debian,dc=org" write
+include /etc/ldap/userdir-ldap-slapd.conf
# Overlays are useful to enforce constraints:
--- /dev/null
+# The backend type, ldbm, is the default standard
+database bdb
+
+# The base of your directory
+suffix "@@DN@@"
+
+# Where the database file are physically stored
+directory "/var/lib/ldap"
+
+# Indexing options
+index uid eq
+index keyfingerprint eq
+index cn,sn sub,eq
+index dnsZoneEntry eq
+index uidNumber eq
+index gidNumber eq
+index ircNick sub,eq
+index c eq
+index gender eq
+index birthDate eq
+
+# Don't limit queries to the default of 500
+sizelimit 10000
+
+# Save the time that the entry gets modified
+lastmod on
+
+# owner writeable
+access to attrs=userPassword,sshrsaauthkey
+ by group="cn=LDAP Administrator,ou=users,@@DN@@" write
+ by dn="uid=sshdist,ou=users,@@DN@@" write
+ by self write
+ by * compare
+
+# debian readable
+access to attrs=activity-pgp,activity-from,dnsZoneEntry
+ by group="cn=LDAP Administrator,ou=users,@@DN@@" write
+ by dn="uid=sshdist,ou=users,@@DN@@" write
+ by peername.ip=127.0.0.1 read
+ by domain=alioth.debian.org none
+ by domain.subtree=@@DOMAIN@@ read
+ by dn.regex="uid=.*,ou=users,@@DN@@" read
+ by * none
+
+# owner writeable, debian readable, authenticated user readable
+access to attrs=c,l,loginShell,ircNick,labeledURI,icqUIN,jabberJID,onVacation,birthDate,mailDisableMessage,gender,emailforward,mailCallout,mailGreylisting,mailRBL,mailRHSBL,mailWhitelist
+ by group="cn=LDAP Administrator,ou=users,@@DN@@" write
+ by dn="uid=sshdist,ou=users,@@DN@@" write
+ by self write
+ by dn.regex="uid=.*,ou=users,@@DN@@" read
+ by peername.ip=127.0.0.1 read
+ by domain=alioth.debian.org none
+ by domain.subtree=@@DOMAIN@@ read
+ by * none
+
+# owner writeable, authenticated user readable
+access to attrs=facsimileTelephoneNumber,telephoneNumber,postalAddress,postalCode,loginShell,onVacation,privateSub,latitude,longitude,VoIP
+ by group="cn=LDAP Administrator,ou=users,@@DN@@" write
+ by dn="uid=sshdist,ou=users,@@DN@@" write
+ by self write
+ by dn.regex="uid=.*,ou=users,@@DN@@" read
+ by * none
+
+# globally readable
+access to *
+ by group="cn=LDAP Administrator,ou=users,@@DN@@" write
+ by dn="uid=sshdist,ou=users,@@DN@@" write
+ by * read