foo.sh/ansible
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions

ldap_server: Allow everyone to read root object

Browse source
This commit is contained in:
Timo Makinen 2025-02-02 15:21:59 +00:00
parent b3ebfa71e7
commit 1ae9d88346
1 changed files with 4 additions and 0 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

4
roles/ldap_server/templates/slapd.conf.j2
View file

@ -139,6 +139,10 @@ authz-regexp
"uid=([^.]\+),cn=login,cn=auth" "uid=([^.]\+),cn=login,cn=auth"
"ldap:///{{ ldap_basedn }}??sub?(&(uid=$1)(objectClass=posixAccount))" "ldap:///{{ ldap_basedn }}??sub?(&(uid=$1)(objectClass=posixAccount))"
# allow everyone to read root object
access to dn.base={{ ldap_basedn }}
by * read
# require authentication for authenticated users that don't match above # require authentication for authenticated users that don't match above
access to * access to *
by dn.children="cn=peercred,cn=external,cn=auth" auth by dn.children="cn=peercred,cn=external,cn=auth" auth