Fix the variable that sets the base DN. Add entries to set the main ACLs

2018-03-01 14:48:01 +01:00 · 2018-03-01 14:48:01 +01:00 · 859e6c7f87
parent f9cea4b143
commit 859e6c7f87
1 changed files with 15 additions and 0 deletions
--- a/openldap-server/templates/base-dn.ldif.j2
+++ b/openldap-server/templates/base-dn.ldif.j2
@ -7,3 +7,18 @@ dn: olcDatabase={1}hdb,cn=config
 changetype: modify
 replace: olcRootDN
 olcRootDN: cn={{ openldap_admin_user }},{{ openldap_base_dn }}
+
+dn: olcDatabase={1}hdb,cn=config
+changetype: modify
+replace: olcAccess
+olcAccess: {0}to attrs=userPassword,shadowLastChange by self write by anonymous auth by dn="cn={{ openldap_admin_user }},{{ openldap_base_dn }}" write by * none
+
+dn: olcDatabase={1}hdb,cn=config
+changetype: modify
+replace: olcAccess
+olcAccess: {1}to dn.base="" by * read
+
+dn: olcDatabase={1}hdb,cn=config
+changetype: modify
+replace: olcAccess
+olcAccess: {2}to * by dn="cn={{ openldap_admin_user }},{{ openldap_base_dn }}" write by * read