From 8daa9e9e96c6b088bfe8ed1a69947238c7d6e62e Mon Sep 17 00:00:00 2001 From: Timothy Pearson Date: Sat, 2 Jun 2012 03:09:14 -0500 Subject: Start working on kerberos --- confskel/openldap/ldif/olcDatabase.ldif | 12 ++++++++---- 1 file changed, 8 insertions(+), 4 deletions(-) (limited to 'confskel/openldap/ldif/olcDatabase.ldif') diff --git a/confskel/openldap/ldif/olcDatabase.ldif b/confskel/openldap/ldif/olcDatabase.ldif index 303a756..ff350b6 100644 --- a/confskel/openldap/ldif/olcDatabase.ldif +++ b/confskel/openldap/ldif/olcDatabase.ldif @@ -4,11 +4,9 @@ objectClass: olcHdbConfig olcDatabase: {@@@LDIFSCHEMANUMBER@@@}hdb olcDbDirectory: /var/lib/ldap olcSuffix: @@@REALM_DCNAME@@@ -olcAccess: {0}to attrs=userPassword,shadowLastChange by self write by anonymou - s auth by dn="cn=@@@ROOTUSER@@@,@@@REALM_DCNAME@@@" write by * none +olcAccess: {0}to attrs=userPassword,shadowLastChange,krb5Key,krb5PrincipalName,krb5KeyVersionNumber,krb5MaxLife,krb5MaxRenew,krb5KDCFlags by self write by anonymous auth by dn="cn=@@@ROOTUSER@@@,@@@REALM_DCNAME@@@" write by * none olcAccess: {1}to dn.base="" by * read -olcAccess: {2}to * by self write by dn="cn=@@@ROOTUSER@@@,@@@REALM_DCNAME@@@" write by - * read +olcAccess: {2}to * by self write by dn="cn=@@@ROOTUSER@@@,@@@REALM_DCNAME@@@" write by * read olcLastMod: TRUE olcRootDN: cn=@@@ROOTUSER@@@,@@@REALM_DCNAME@@@ olcRootPW: {SHA}@@@ROOTPW_SHA@@@ @@ -18,6 +16,12 @@ olcDbConfig: {1}set_lk_max_objects 1500 olcDbConfig: {2}set_lk_max_locks 1500 olcDbConfig: {3}set_lk_max_lockers 1500 olcDbIndex: objectClass eq +olcDbIndex: krb5PrincipalName eq,pres +olcDbIndex: cn eq,pres,subinitial +olcDbIndex: mail eq,pres +olcDbIndex: uid pres,eq +olcDbIndex: uidNumber eq +olcDbIndex: gidNumber eq structuralObjectClass: olcHdbConfig creatorsName: cn=config createTimestamp: @@@TIMESTAMP@@@Z -- cgit v1.2.1