From ce97fece60c8f085f73f3d71c1c09ab6bef96111 Mon Sep 17 00:00:00 2001 From: Stephen Gran Date: Thu, 29 Dec 2011 21:21:00 +0000 Subject: [PATCH] Update to match live slapd.conf Signed-off-by: Stephen Gran --- userdir-ldap-slapd.conf.in | 26 +++++++++++++++++++++++--- 1 file changed, 23 insertions(+), 3 deletions(-) diff --git a/userdir-ldap-slapd.conf.in b/userdir-ldap-slapd.conf.in index 7f3cd07..c966a29 100644 --- a/userdir-ldap-slapd.conf.in +++ b/userdir-ldap-slapd.conf.in @@ -7,6 +7,12 @@ suffix "@@DN@@" # Where the database file are physically stored directory "/var/lib/ldap" +moduleload accesslog +overlay accesslog +logdb cn=log +logops writes +logold (objectclass=top) + moduleload constraint overlay constraint constraint_attribute keyfingerprint regex ^([0-9A-F]{40})$ @@ -63,16 +69,30 @@ access to attrs=sshrsaauthkey access to attrs=activity-pgp,activity-from,dnsZoneEntry,c,l,loginShell,onVacation,birthDate,mailDisableMessage,gender,emailforward,mailCallout,mailGreylisting,mailRBL,mailRHSBL,mailWhitelist,mailContentInspectionAction,mailDefaultOptions by peername.ip=127.0.0.1 read by domain=alioth.debian.org none - by domain.subtree=@@DOMAIN@@ read - by dn.regex="uid=.*,ou=users,@@DN@@" read + by domain.subtree=debian.org read + by dn.regex="uid=.*,ou=users,dc=debian,dc=org" read by * none # authenticated user readable access to attrs=facsimileTelephoneNumber,telephoneNumber,postalAddress,postalCode,privateSub,latitude,longitude,VoIP - by dn.regex="uid=.*,ou=users,@@DN@@" read + by dn.regex="uid=.*,ou=users,dc=debian,dc=org" read by * none # rest is globally readable access to * by * read + + +database hdb +directory "/var/lib/ldap-log" +suffix cn=log +# +sizelimit 10000 + +index reqStart eq +access to * + by group="cn=LDAP Administrator,ou=users,dc=debian,dc=org" write + by dn="uid=sshdist,ou=users,dc=debian,dc=org" read + by * none + -- 2.20.1