[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Re: debian-edu empfiehlt+enthält cipux _NICHT_



Lørdag 30 juni 2007 17:56, skrev Andreas Schockenhoff:
> Hi,
>
> Am Donnerstag, den 28.06.2007, 20:25 +0200 schrieb Holger Levsen:
> > Ergo: testet und benutzt lwat (das Default-LDAP-Admintool von
> > Debian-edu etch), meldet Probleme/Missing Features, damit lwat noch
> > besser zu benutzen ist.
>
> Momentan ist etch-test wohl kaputt.
>
> Kein login in lwat möglich. Wahrscheinlich weil slapd.conf geändert
> wurde. Kann ich momentan nicht nachvollziehen weil ich keine alte
> slapd.conf mehr habe.
>
> Kann mir einer eine von RC3 zusenden? Dann kann ich mal schauen ob
> die Vermutung stimmt.
>
> --
> bye Andreas

This slapd.conf is from RC3.
-- 
Klaus Ade
67E61D18B2C44F8A3DA35C6D849F9F5F 26FA477D
# Allow LDAPv2 binds
allow bind_v2

# The skolelinux slapd configuration file
#
# $Id: slapd-skolelinux.conf,v 1.7 2003/06/27 14:47:20 pere Exp $

# Schema and objectClass definitions
include         /etc/ldap/schema/core.schema
include         /etc/ldap/schema/cosine.schema
include         /etc/ldap/schema/nis.schema
include         /etc/ldap/schema/courier.schema
include         /etc/ldap/schema/automount.schema
include		/etc/ldap/schema/inetorgperson.schema
include		/etc/ldap/schema/samba.schema
include		/etc/ldap/schema/lis.schema

# Schema check allows for forcing entries to
# match schemas for their objectClasses's
schemacheck	on

# Where the pid file is put. The init.d script
# will not stop the server if you change this.
pidfile		/var/run/slapd/slapd.pid

# Read slapd.conf(5) for possible values
#loglevel	65535
loglevel	0

# TLS/SSL
TLSCipherSuite          HIGH:MEDIUM:SSLv2
TLSCACertificateFile    /etc/ldap/ssl/slapd.pem
TLSCertificateKeyFile   /etc/ldap/ssl/slapd.pem
TLSCertificateFile      /etc/ldap/ssl/slapd.pem
#TLSCACertificateFile    /var/lib/pyca/Root/cacert.pem
#TLSCertificateKeyFile   /var/lib/pyca/ServerCerts/private/cakey.pem
#TLSCertificateFile      /var/lib/pyca/ServerCerts/cacert.pem

modulepath	/usr/lib/ldap
moduleload	back_bdb
moduleload	back_monitor

defaultsearchbase "dc=skole,dc=skolelinux,dc=no"
security update_ssf=128  simple_bind=128

backend		bdb
backend		monitor



#######################################################################
# ldbm database definitions
#######################################################################

# The backend type, ldbm, is the default standard

database	bdb
# Set the database in memory cache size.
#
cachesize   4000
dbnosync
sizelimit 4000

# First database
suffix		"dc=skole,dc=skolelinux,dc=no"
rootdn		"cn=admin,ou=People,dc=skole,dc=skolelinux,dc=no"
# Where the database file are physically stored
directory	"/var/lib/ldap"

# Indices to maintain
index           objectClass     pres,eq
index           cn,sn,ou        pres,eq,sub
index           uid             pres,eq,sub
index		groupType	eq
index           uidNumber       eq
index           gidNumber       eq
index           memberUid       eq
index           default         eq
#for some clients, even if not used
index		givenname	eq
index		displayName	eq
index		telephoneNumber	eq

# Save the time that the entry gets modified
lastmod on



# Webmin-ldap-skolelinux use TLS, and PAM authentication use SSL
# The ssf=128 option is to be used when SL bug 213 and 404 are closed.
#

access to dn.base="cn=admin,ou=People,dc=skole,dc=skolelinux,dc=no" 
	by dn.exact="cn=admin,ou=People,dc=skole,dc=skolelinux,dc=no" ssf=128 =wx 
	by * none break

access to * 
	by group/lisAclGroup/member="cn=admins,ou=Group,dc=skole,dc=skolelinux,dc=no" ssf=128 =w 
	by dn.exact="cn=admin,ou=People,dc=skole,dc=skolelinux,dc=no" ssf=128 =w 
	by * none break
	
access to dn.base="cn=nextID,ou=Variables,dc=skole,dc=skolelinux,dc=no" 
	attrs=gidNumber
	by dn.exact="cn=smbadmin,ou=People,dc=skole,dc=skolelinux,dc=no" ssf=128 write
	by * read 

access to attrs=userPassword
	by self      ssf=128 =wx
	by anonymous ssf=128 auth
	by group/lisAclGroup/member="cn=jradmins,ou=Group,dc=skole,dc=skolelinux,dc=no" ssf=128 =w 
	by * none 

access to attrs=shadowLastChange
	by self      ssf=128 =w
	by group/lisAclGroup/member="cn=jradmins,ou=Group,dc=skole,dc=skolelinux,dc=no" ssf=128 =w 
	by * none 

#
# Ensure samba password hashes.
#
# Restricted access to some samba attributes
# (allow access for admin to don't break old installations)
access to attrs=sambaLMPassword,sambaNTPassword
	by self ssf=128 =w
	by dn.exact="cn=smbadmin,ou=People,dc=skole,dc=skolelinux,dc=no" ssf=128 =wr
	by group/lisAclGroup/member="cn=jradmins,ou=Group,dc=skole,dc=skolelinux,dc=no" ssf=128 =w
	by * none

access to attrs=sambaPwdLastSet,sambaPwdCanChange
	by self ssf=128 =wr
	by dn.exact="cn=smbadmin,ou=People,dc=skole,dc=skolelinux,dc=no" ssf=128 =wr
	by group/lisAclGroup/member="cn=jradmins,ou=Group,dc=skole,dc=skolelinux,dc=no" ssf=128 =w
	by * read

# Access to samba attributs
access to attrs=objectClass,sambaSID,sambaPrimaryGroupSID,displayName,sambaPwdMustChange,sambaAcctFlags,sambaGroupType,sambaPasswordHistory,sambaNextRid
	by dn.exact="cn=smbadmin,ou=People,dc=skole,dc=skolelinux,dc=no" ssf=128 =wsr
	by * read

# We store machine-accounts for samba in a private ou
access to  dn.sub="ou=Machines,ou=People,dc=skole,dc=skolelinux,dc=no"  
	by dn.exact="cn=smbadmin,ou=People,dc=skole,dc=skolelinux,dc=no"  ssf=128 =wsr
	by * read


# Defaultaccess
access to * 
	by * read

# Last database.. back-monitor is nice to have. Use 'cn=monitor' as base
database monitor

# End of ldapd configuration file

Attachment: pgpfpXOtyWs6y.pgp
Description: PGP signature


Reply to: