Added calculate-ldap share templates.

2010-10-21 15:01:05 +04:00 · 2010-10-21 15:01:05 +04:00 · f133cdfa81
commit f133cdfa81
parent dae642954c
3 changed files with 97 additions and 0 deletions
--- a/ldap/share/.calculate_directory
+++ b/ldap/share/.calculate_directory
@ -0,0 +1 @@
+# Calculate append=skip cl_ldap_update_action==up&&sr_ldap_set==on
--- a/ldap/share/openldap/.calculate_directory
+++ b/ldap/share/openldap/.calculate_directory
@ -0,0 +1,2 @@
+# Calculate belong()!=&&pkg(net-nds/openldap)!= path=/etc name=openldap
+
--- a/ldap/share/openldap/slapd.conf
+++ b/ldap/share/openldap/slapd.conf
@ -0,0 +1,94 @@
+# Calculate format=ldap chmod=0640 chown=root:ldap append=replace
+#-module(all.scheme)-#
+
+pidfile		/var/run/openldap/slapd.pid
+argsfile	/var/run/openldap/slapd.arg
+
+# Уровень отладочных сообщений
+loglevel	0
+allow		bind_v2
+modulepath	/usr/lib/openldap/openldap
+
+# Доступ к аттрибуту userPassword
+access to attrs=userPassword
+#-module(all.access_pw)-#
+    by self read
+    by * auth
+
+# Доступ к аттрибутам Samba
+#?module(calculate-samba.var.sr_samba_set)==on#
+access to attrs=sambaLMPassword,sambaNTPassword
+    by dn="#-ld_admin_dn-#" write
+    by dn="#-module(calculate-samba.var.ld_samba_dn)-#" write
+#module#
+#Доступ к аттрибутам Samba репликатора
+#?ld_repl_set==on&&module(calculate-samba.var.sr_samba_set)==on&&ld_repl_id!=#
+    by dn="#-ld_repl_dn-#" write
+#ld_repl_set#
+#?module(calculate-samba.var.sr_samba_set)==on#
+    by * none
+#module#
+
+# Доступ к пользователю только для просмотра
+access to dn.base="#-ld_bind_dn-#"
+    by dn="#-ld_admin_dn-#" write
+    by dn="#-ld_bind_dn-#" read
+    by * none
+
+# Доступ к администратору сервера LDAP
+access to dn.base="#-ld_admin_dn-#"
+    by dn="#-ld_admin_dn-#" write
+    by * none
+
+# Доступ к веткам сервисов
+#-module(all.access_dn)-#
+
+# Доступ к остальным веткам сервисов
+access to dn.regex=".*ou=([^,]+),#-ld_services_dn-#$"
+    by dn="#-ld_admin_dn-#" write
+    by dn.regex="ou=$1,#-ld_services_dn-#" write
+    by * none
+
+# Закрываем доступ к веткам
+access to dn.regex=".*,#-ld_services_dn-#"
+    by dn="#-ld_admin_dn-#" write
+    by * none
+
+# Доступ ко всем аттрибутам
+access to *
+    by dn="#-ld_admin_dn-#" write
+    by self write
+    by * read
+
+# Тип базы данных
+database	bdb
+suffix		"#-ld_base_dn-#"
+checkpoint	1024	5
+cachesize	10000
+# Размер ответа на запрос
+sizelimit	unlimited
+directory	/var/lib/openldap-data
+
+# Параметры для репликации
+#?ld_repl_set==on&&ld_repl_id!=#
+rootdn "-ld_temp_dn-#"
+
+#-ld_repl_servers_info-#
+
+#-ld_repl_servers_ref-#
+
+overlay syncprov
+syncprov-checkpoint 100 10
+syncprov-sessionlog 100
+
+mirrormode on
+serverID #-ld_repl_id-#
+#ld_repl_set#
+
+index	objectClass	eq
+index	cn		pres,sub,eq
+index	sn		pres,sub,eq
+index	uid		pres,sub,eq
+index	uidNumber	eq
+index	gidNumber	eq
+index	default		sub
				`@ -0,0 +1 @@`
				`# Calculate append=skip cl_ldap_update_action==up&&sr_ldap_set==on`
				`@ -0,0 +1,2 @@`
				`# Calculate belong()!=&&pkg(net-nds/openldap)!= path=/etc name=openldap`