mirror of
https://salsa.debian.org/freeipa-team/freeipa.git
synced 2024-12-24 08:00:02 -06:00
c6e6fa758e
Since one needs to enable the compat plugin we will enable anonymous VLV when that is configured. By default the DS installs an aci that grants read access to ldap:///all and we need ldap:///anyone
55 lines
2.5 KiB
Plaintext
55 lines
2.5 KiB
Plaintext
#
|
|
# Enable the Schema Compatibility plugin provided by slapi-nis.
|
|
#
|
|
# http://slapi-nis.fedorahosted.org/
|
|
#
|
|
dn: cn=Schema Compatibility, cn=plugins, cn=config
|
|
default:objectclass: top
|
|
default:objectclass: nsSlapdPlugin
|
|
default:objectclass: extensibleObject
|
|
default:cn: Schema Compatibility
|
|
default:nsslapd-pluginpath: /usr/lib$LIBARCH/dirsrv/plugins/schemacompat-plugin.so
|
|
default:nsslapd-plugininitfunc: schema_compat_plugin_init
|
|
default:nsslapd-plugintype: object
|
|
default:nsslapd-pluginenabled: on
|
|
default:nsslapd-pluginid: schema-compat-plugin
|
|
default:nsslapd-pluginversion: 0.8
|
|
default:nsslapd-pluginvendor: redhat.com
|
|
default:nsslapd-plugindescription: Schema Compatibility Plugin
|
|
|
|
dn: cn=users, cn=Schema Compatibility, cn=plugins, cn=config
|
|
default:objectClass: top
|
|
default:objectClass: extensibleObject
|
|
default:cn: users
|
|
default:schema-compat-container-group: cn=compat, $SUFFIX
|
|
default:schema-compat-container-rdn: cn=users
|
|
default:schema-compat-search-base: cn=users, cn=accounts, $SUFFIX
|
|
default:schema-compat-search-filter: objectclass=posixAccount
|
|
default:schema-compat-entry-rdn: uid=%{uid}
|
|
default:schema-compat-entry-attribute: objectclass=posixAccount
|
|
default:schema-compat-entry-attribute: gecos=%{cn}
|
|
default:schema-compat-entry-attribute: cn=%{cn}
|
|
default:schema-compat-entry-attribute: uidNumber=%{uidNumber}
|
|
default:schema-compat-entry-attribute: gidNumber=%{gidNumber}
|
|
default:schema-compat-entry-attribute: loginShell=%{loginShell}
|
|
default:schema-compat-entry-attribute: homeDirectory=%{homeDirectory}
|
|
|
|
dn: cn=groups, cn=Schema Compatibility, cn=plugins, cn=config
|
|
default:objectClass: top
|
|
default:objectClass: extensibleObject
|
|
default:cn: groups
|
|
default:schema-compat-container-group: cn=compat, $SUFFIX
|
|
default:schema-compat-container-rdn: cn=groups
|
|
default:schema-compat-search-base: cn=groups, cn=accounts, $SUFFIX
|
|
default:schema-compat-search-filter: objectclass=posixGroup
|
|
default:schema-compat-entry-rdn: cn=%{cn}
|
|
default:schema-compat-entry-attribute: objectclass=posixGroup
|
|
default:schema-compat-entry-attribute: gidNumber=%{gidNumber}
|
|
default:schema-compat-entry-attribute: memberUid=%{memberUid}
|
|
default:schema-compat-entry-attribute: memberUid=%deref("member","uid")
|
|
default:schema-compat-entry-attribute: memberUid=%referred("cn=users","memberOf","uid")
|
|
|
|
# Enable anonymous VLV browsing for Solaris
|
|
dn: oid=2.16.840.1.113730.3.4.9,cn=features,cn=config
|
|
only:aci: '(targetattr !="aci")(version 3.0; acl "VLV Request Control"; allow (read, search, compare, proxy) userdn = "ldap:///anyone"; )'
|