R: [Samba-it] Problema autenticazione PDC
Deejay
deejaysb at email.it
Fri Jul 23 17:22:02 MDT 2004
Se vi può essere di aiuto vi mando la configurazione del file slapd.conf di
openldap
#
# See slapd.conf(5) for details on configuration options.
# This file should NOT be world readable.
#
include /etc/openldap/schema/core.schema
include /etc/openldap/schema/cosine.schema
include /etc/openldap/schema/inetorgperson.schema
include /etc/openldap/schema/nis.schema
include /etc/openldap/schema/dnszone.schema
include /etc/openldap/schema/dhcp.schema
include /etc/openldap/schema/samba3.schema
include /etc/openldap/schema/suse-email-server.schema
# Give read access or everything that is not denied in the backend specific
# ACLs.
access to *
by * read
#
# Check, if entries will match to db
#
schemacheck on
# allow bind_v2
loglevel 0
sizelimit 1000
#threads 32
pidfile /var/run/slapd.pid
argsfile /var/run/slapd.args
password-hash {crypt}
TLSCertificateFile /etc/ssl/certs/cert.pem
TLSCertificateKeyFile /etc/ssl/certs/skey.pem
TLSCACertificateFile /etc/ssl/CA/usedCA.pem
#######################################################################
# ldbm database definitions
#######################################################################
# ******************************* System Backend **********************
database ldbm
cachesize 30000
directory /var/lib/ldap
lastmod on
mode 0600
suffix dc=test,dc=com
rootdn uid=cyrus,dc=test,dc=com
rootpw xxxxxxxx
# ******************************* System Backend **********************
#
# cleartext passwords, especially for the rootdn,
# should be avoid. See slapd.conf(5) for details.
# Don't put all your energy in a senseless searching
#
index uid,fn,memberuid,gidnumber,alias,relayClientcert eq
index objectclass,uidnumber,mailenabled,relativeDomainName eq
index
zoneName,vaddress,reject,comFireGroupID,smtpDomain,MTALocaldomain eq
index cn,sn,givenname eq,sub
# Access controll
#
# Private AddressBook
access to dn="ou=addr,uid=(.*),dc=test,dc=com"
by dn="uid=$1,dc=test,dc=com" write
by * none
# To let PAM authenticate
access to attr=userpassword
by self write
by anonymous auth
by * none
# Samba accesses the LDAP server with root-dn
access to attr=sambaLMPassword,sambaNTPassword
by * none
access to attr=shadowLastChange
by self write
by * read
# only the Admin is allowed to change the members of the addressadmins group
access to dn.base="cn=AddressAdmins,o=AddressBook,dc=test,dc=com"
by users read
by * none
# only the members of the AddressAdmins group are allowed to write to the
# Public Address Book
access to dn.subtree="o=AddressBook,dc=test,dc=com"
by group="cn=AddressAdmins,o=AddressBook,dc=test,dc=com" write
by * read
# handle write access to the personal data (system address book)
# - first look at the OpenLDAPaci attribute
# - if that doesn't exist or the user-dn is not in the subject clause,
# give write access to the owner of the entry and read acces to anyone
else
access to dn="uid=[^,]+,dc=test,dc=com"
attr=c,cn,telephoneNumber,facsimileTelephoneNumber,pager,title,givenname,sn,
l,description,mail,street,postalCode,st,homePhone,ou,initials,mobile,labeled
URI,SuSETimeZone,birthDay,jpegphoto,logindestination,entry,objectclass
by aci write break
by self write
by * read
# if the above break statement is reached add read access for everyone
access to dn="uid=[^,]+,dc=test,dc=com"
attr=c,cn,telephoneNumber,facsimileTelephoneNumber,pager,title,givenname,sn,
l,description,mail,street,postalCode,st,homePhone,ou,initials,mobile,labeled
URI,SuSETimeZone,birthDay,jpegphoto,logindestination,entry,objectclass
by * +rsc
access to dn="uid=[^,]+,dc=test,dc=com" attr=preferredLanguage,userPKCS12
by self write
by peername="ip=127\.0\.0\.1" read
by * none
More information about the samba-it
mailing list