Start working on kerberos

1 files changed, 8 insertions, 4 deletions

diff --git a/confskel/openldap/ldif/olcDatabase.ldif b/confskel/openldap/ldif/olcDatabase.ldif
index 303a756..ff350b6 100644
--- a/confskel/openldap/ldif/olcDatabase.ldif
+++ b/confskel/openldap/ldif/olcDatabase.ldif
@@ -4,11 +4,9 @@ objectClass: olcHdbConfig
 olcDatabase: {@@@LDIFSCHEMANUMBER@@@}hdb
 olcDbDirectory: /var/lib/ldap
 olcSuffix: @@@REALM_DCNAME@@@
-olcAccess: {0}to attrs=userPassword,shadowLastChange by self write by anonymou
- s auth by dn="cn=@@@ROOTUSER@@@,@@@REALM_DCNAME@@@" write by * none
+olcAccess: {0}to attrs=userPassword,shadowLastChange,krb5Key,krb5PrincipalName,krb5KeyVersionNumber,krb5MaxLife,krb5MaxRenew,krb5KDCFlags by self write by anonymous auth by dn="cn=@@@ROOTUSER@@@,@@@REALM_DCNAME@@@" write by * none
 olcAccess: {1}to dn.base="" by * read
-olcAccess: {2}to * by self write by dn="cn=@@@ROOTUSER@@@,@@@REALM_DCNAME@@@" write by 
- * read
+olcAccess: {2}to * by self write by dn="cn=@@@ROOTUSER@@@,@@@REALM_DCNAME@@@" write by * read
 olcLastMod: TRUE
 olcRootDN: cn=@@@ROOTUSER@@@,@@@REALM_DCNAME@@@
 olcRootPW: {SHA}@@@ROOTPW_SHA@@@
@@ -18,6 +16,12 @@ olcDbConfig: {1}set_lk_max_objects 1500
 olcDbConfig: {2}set_lk_max_locks 1500
 olcDbConfig: {3}set_lk_max_lockers 1500
 olcDbIndex: objectClass eq
+olcDbIndex: krb5PrincipalName eq,pres
+olcDbIndex: cn eq,pres,subinitial
+olcDbIndex: mail eq,pres
+olcDbIndex: uid pres,eq
+olcDbIndex: uidNumber eq
+olcDbIndex: gidNumber eq
 structuralObjectClass: olcHdbConfig
 creatorsName: cn=config
 createTimestamp: @@@TIMESTAMP@@@Z