foo.sh/ansible
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions

add acl's for kadmin user

Browse source
This commit is contained in:
Timo Makinen 2019-05-31 02:31:58 +03:00
parent fbffa25346
commit 6c917dc696
1 changed files with 7 additions and 0 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

7
roles/ldap/server/templates/slapd.conf.j2
View file

@ -106,8 +106,15 @@ access to attrs=userPassword
by self write
by * compare
# allow kerberos to write password changes
access to attrs=krbPrincipalKey,krbExtraData,krbLoginFailedCount,krbTicketFlags,krbPasswordExpiration,krbLastPwdChange
by dn.exact="uid=krb5kadmin,cn={{ kerberos_realm }},ou=System,{{ ldap_basedn }}" write
by dn.exact="uid=krb5kdc,cn={{ kerberos_realm }},ou=System,{{ ldap_basedn }}" read
by * none
# allow kerberos to read own objects
access to dn.sub=cn={{ kerberos_realm }},ou=System,{{ ldap_basedn }}
by dn.exact="uid=krb5kadmin,cn={{ kerberos_realm }},ou=System,{{ ldap_basedn }}" read
by dn.exact="uid=krb5kdc,cn={{ kerberos_realm }},ou=System,{{ ldap_basedn }}" read
by * none