projects / mirror / userdir-ldap.git / commitdiff
? search:
summary | shortlog | log | commit | commitdiff | tree
raw | patch | inline | side by side (parent: de7cf88)
Add userdir-ldap-slapd.conf, a snipped to be included in slapd.conf to the package.
authorPeter Palfrader <peter@palfrader.org>
Mon, 23 Jun 2008 20:58:12 +0000 (22:58 +0200)
committerPeter Palfrader <peter@palfrader.org>
Mon, 23 Jun 2008 20:58:12 +0000 (22:58 +0200)
.bzrignore [new file with mode: 0644] patch | blob
debian/changelog patch | blob | history
debian/install patch | blob | history
debian/rules patch | blob | history
doc/slapd-config.txt patch | blob | history
userdir-ldap-slapd.conf.in [new file with mode: 0644] patch | blob

diff --git a/.bzrignore b/.bzrignore
new file mode 100644 (file)
index 0000000..76d8629
--- /dev/null
+++ b/.bzrignore
@@ -0,0 +1,14 @@
+userdir-ldap-slapd.conf
+build
+debian/files
+debian/userdir-ldap
+debian/userdir-ldap.postinst.debhelper
+debian/userdir-ldap.prerm.debhelper
+debian/userdir-ldap.substvars
+doc/ud-generate.8
+doc/ud-gpgimport.8
+doc/ud-info.1
+doc/ud-mailgate.8
+doc/ud-useradd.8
+doc/ud-userimport.8
+doc/ud-xearth.1
diff --git a/debian/changelog b/debian/changelog
index e780fd6..877c91f 100644 (file)
--- a/debian/changelog
+++ b/debian/changelog
@@ -13,8 +13,10 @@ userdir-ldap (0.3.3X) Xnstable; urgency=low
     these 4 options should be the only ones that exist.
   * Allow setting of gender in ud-mailgate.  Based on patch by Bernhard
     R. Link.
     these 4 options should be the only ones that exist.
   * Allow setting of gender in ud-mailgate.  Based on patch by Bernhard
     R. Link.
+  * Add userdir-ldap-slapd.conf, a snipped to be included in slapd.conf
+    to the package.
 
 
- -- Peter Palfrader <weasel@debian.org>  Mon, 09 Jun 2008 22:59:06 +0200
+ -- Peter Palfrader <weasel@debian.org>  Mon, 23 Jun 2008 22:52:36 +0200
 
 userdir-ldap (0.3.32) unstable; urgency=low
 
 
 userdir-ldap (0.3.32) unstable; urgency=low
 
diff --git a/debian/install b/debian/install
index 9758639..eafe287 100644 (file)
--- a/debian/install
+++ b/debian/install
@@ -24,3 +24,4 @@ userdir-ldap.conf etc/userdir-ldap/
 generate.conf etc/userdir-ldap/
 templates/ etc/userdir-ldap/
 userdir-ldap.schema etc/ldap/schema/
 generate.conf etc/userdir-ldap/
 templates/ etc/userdir-ldap/
 userdir-ldap.schema etc/ldap/schema/
+userdir-ldap-slapd.conf etc/ldap/
diff --git a/debian/rules b/debian/rules
index 414f1fc..c868dfc 100755 (executable)
--- a/debian/rules
+++ b/debian/rules
@@ -6,6 +6,9 @@
 build:
        dh_testdir
        $(MAKE) -C doc
 build:
        dh_testdir
        $(MAKE) -C doc
+       # feel free to put dc=debian,dc=org and debian.org into some config file so that this is easier on others who
+       # also use userdir-ldap.
+       sed -e 's/@@DN@@/dc=debian,dc=org/g; s/@@DOMAIN@@/debian.org/g' < userdir-ldap-slapd.conf.in > userdir-ldap-slapd.conf
        touch build
 
 clean:
        touch build
 
 clean:
@@ -13,6 +16,7 @@ clean:
        rm -f build
        find . -name '*.py[co]' -print0 | xargs -0 --no-run-if-empty rm -f
        $(MAKE) -C doc clean
        rm -f build
        find . -name '*.py[co]' -print0 | xargs -0 --no-run-if-empty rm -f
        $(MAKE) -C doc clean
+       rm -f userdir-ldap-slapd.conf
        dh_clean
 
 binary-indep: build
        dh_clean
 
 binary-indep: build
diff --git a/doc/slapd-config.txt b/doc/slapd-config.txt
index cdf9191..bf44176 100644 (file)
--- a/doc/slapd-config.txt
+++ b/doc/slapd-config.txt
@@ -6,48 +6,7 @@ access controls to keep the data safe. Here is a sample:
 security simple_bind=128
 
 # and the database definition
 security simple_bind=128
 
 # and the database definition
-database bdb
-
-# Turn on automatic last modification time 
-lastmod on
-
-# Index some things
-index uid eq
-index keyfingerprint eq
-index cn,sn approx,sub,eq
-
-# Administrate 
-#rootdn "uid=admin,ou=users,dc=debian,dc=org"
-#rootpw
-
-# Restrict reading/modification of the password to administration and self
-access to attrs=userpassword,sshrsaauthkey
-        by self write
-        by dn="uid=admin,ou=users,dc=debian,dc=org" write
-        by group="uid=admin,ou=users,dc=debian,dc=org" write
-        by * compare    
-
-access to attrs=emailforward
-        by dn="uid=admin,ou=users,dc=debian,dc=org" write
-        by group="uid=admin,ou=users,dc=debian,dc=org" write
-        by self write
-        by addr=127.0.0.1 read
-        by domain=.*\.debian\.org read
-        by * none
-access to attrs=c,l,loginShell,ircNick
-        by dn="uid=admin,ou=users,dc=debian,dc=org" write
-        by group="uid=admin,ou=users,dc=debian,dc=org" write
-        by self write
-access to attrs=facsimileTelephoneNumber,telephoneNumber,postalAddress,postalC
-ode,loginShell,onvacation,privateSub,latitude,longitude
-        by dn="uid=admin,ou=users,dc=debian,dc=org" write
-        by group="uid=admin,ou=users,dc=debian,dc=org" write
-        by self write
-        by dn="uid=.*,ou=users,dc=debian,dc=org" read
-        by * none
-access to * 
-        by dn="uid=admin,ou=users,dc=debian,dc=org" write
-        by group="uid=admin,ou=users,dc=debian,dc=org" write
+include /etc/ldap/userdir-ldap-slapd.conf
 
 # Overlays are useful to enforce constraints:
 
 
 # Overlays are useful to enforce constraints:
 
diff --git a/userdir-ldap-slapd.conf.in b/userdir-ldap-slapd.conf.in
new file mode 100644 (file)
index 0000000..9cfda02
--- /dev/null
+++ b/userdir-ldap-slapd.conf.in
@@ -0,0 +1,68 @@
+# The backend type, ldbm, is the default standard
+database bdb
+
+# The base of your directory
+suffix          "@@DN@@"
+
+# Where the database file are physically stored
+directory       "/var/lib/ldap"
+
+# Indexing options
+index uid eq
+index keyfingerprint eq
+index cn,sn sub,eq
+index dnsZoneEntry eq
+index uidNumber eq
+index gidNumber eq
+index ircNick sub,eq
+index c eq
+index gender eq
+index birthDate eq
+
+# Don't limit queries to the default of 500
+sizelimit 10000
+
+# Save the time that the entry gets modified
+lastmod on
+
+# owner writeable
+access to attrs=userPassword,sshrsaauthkey
+       by group="cn=LDAP Administrator,ou=users,@@DN@@" write
+       by dn="uid=sshdist,ou=users,@@DN@@"  write
+       by self write
+       by * compare
+
+# debian readable
+access to attrs=activity-pgp,activity-from,dnsZoneEntry
+       by group="cn=LDAP Administrator,ou=users,@@DN@@" write
+       by dn="uid=sshdist,ou=users,@@DN@@" write
+       by peername.ip=127.0.0.1 read
+       by domain=alioth.debian.org none
+       by domain.subtree=@@DOMAIN@@ read
+       by dn.regex="uid=.*,ou=users,@@DN@@" read
+       by * none
+
+# owner writeable, debian readable, authenticated user readable
+access to attrs=c,l,loginShell,ircNick,labeledURI,icqUIN,jabberJID,onVacation,birthDate,mailDisableMessage,gender,emailforward,mailCallout,mailGreylisting,mailRBL,mailRHSBL,mailWhitelist
+       by group="cn=LDAP Administrator,ou=users,@@DN@@" write
+       by dn="uid=sshdist,ou=users,@@DN@@" write
+       by self write
+       by dn.regex="uid=.*,ou=users,@@DN@@" read
+       by peername.ip=127.0.0.1 read
+       by domain=alioth.debian.org none
+       by domain.subtree=@@DOMAIN@@ read
+       by * none
+
+# owner writeable, authenticated user readable
+access to attrs=facsimileTelephoneNumber,telephoneNumber,postalAddress,postalCode,loginShell,onVacation,privateSub,latitude,longitude,VoIP
+       by group="cn=LDAP Administrator,ou=users,@@DN@@" write
+       by dn="uid=sshdist,ou=users,@@DN@@" write
+       by self write
+       by dn.regex="uid=.*,ou=users,@@DN@@" read
+       by * none
+
+# globally readable
+access to *
+       by group="cn=LDAP Administrator,ou=users,@@DN@@" write
+       by dn="uid=sshdist,ou=users,@@DN@@" write
+       by * read
Mirror of Debian's userdir-ldap repository