diff options
Diffstat (limited to 'files/usr/local/etc/openldap')
| -rw-r--r-- | files/usr/local/etc/openldap/.krb5/config.idm_server | 2 | ||||
| -rw-r--r-- | files/usr/local/etc/openldap/ldap.conf.common | 9 | ||||
| -rw-r--r-- | files/usr/local/etc/openldap/slapd.ldif.idm_server | 2 |
3 files changed, 12 insertions, 1 deletions
diff --git a/files/usr/local/etc/openldap/.krb5/config.idm_server b/files/usr/local/etc/openldap/.krb5/config.idm_server new file mode 100644 index 0000000..7a92f86 --- /dev/null +++ b/files/usr/local/etc/openldap/.krb5/config.idm_server @@ -0,0 +1,2 @@ +[libdefaults] + default_keytab_name = FILE:${slapd_keytab} diff --git a/files/usr/local/etc/openldap/ldap.conf.common b/files/usr/local/etc/openldap/ldap.conf.common new file mode 100644 index 0000000..b56dc94 --- /dev/null +++ b/files/usr/local/etc/openldap/ldap.conf.common @@ -0,0 +1,9 @@ +URI ${ldap_uri} +BASE ${basedn} +USE_SASL yes +ROOTUSE_SASL yes +SASL_MECH GSSAPI +SASL_REALM ${realm} +GSSAPI_SIGN yes +GSSAPI_ENCRYPT yes +SUDOERS_BASE ${sudo_basedn} diff --git a/files/usr/local/etc/openldap/slapd.ldif.idm_server b/files/usr/local/etc/openldap/slapd.ldif.idm_server index 9dc0086..d63641e 100644 --- a/files/usr/local/etc/openldap/slapd.ldif.idm_server +++ b/files/usr/local/etc/openldap/slapd.ldif.idm_server @@ -119,7 +119,7 @@ olcAccess: {1}to dn.base="cn=Subschema" by * read olcAccess: {3}to * by dn.exact=${slapd_replicator_dn} read - by dn.exact=krbPrincipalName=${boxconf_username},${robots_basedn} manage + by dn.exact=${boxconf_dn} manage by set="[cn=${slapd_admin_role},${roles_basedn}]/member* & user" manage by * break olcAccess: {4}to dn.subtree=${sudo_basedn} |