Refactored ldap::server class.

ldap/templates/slapd-acl.conf.erb

@@ -0,0 +1,32 @@
+
+# database replication
+access to *
+        by dn="uid=replicator,cn=config,<%= name %>" read
+        by * break
+
+# allow everyone to get naming context
+access to dn.base=""
+        by * read
+
+# allow everyone to get directory root object
+access to dn.base="<%= name %>"
+        by * read
+
+# schema browsing requires authentication
+access to dn.base="cn=Subschema"
+        by users read
+        by anonymous auth
+        by * none
+
+# restrict user password
+access to attrs=userPassword
+        by self write
+        by anonymous auth
+        by * none
+
+# allow logged in users to read rest of data
+access to *
+        by self read
+        by users read
+        by anonymous auth
+        by * none