diff options
| author | Andrew Bartlett <abartlet@samba.org> | 2007-01-03 05:31:50 +0000 |
|---|---|---|
| committer | Gerald (Jerry) Carter <jerry@samba.org> | 2007-10-10 14:36:00 -0500 |
| commit | e8dfa06d45b4aaa784b9f8795f4197451aed4188 (patch) | |
| tree | 6c854d4cff4e28cd78f69b16ea4b5d279ce099b6 | |
| parent | 43b715a96d4abe73b9478456ced498d58a9077d4 (diff) | |
| download | samba-e8dfa06d45b4aaa784b9f8795f4197451aed4188.tar.gz | |
r20495: Further notes on joining with fedora DS.
Add in a hook for adding an ACI, needed to allow anonymous access
until we hook across a SYSTEM token to the LDAP server.
Andrew Bartlett
(This used to be commit f45504e2714680978f101b4a98516686a17531df)
| -rw-r--r-- | source4/scripting/libjs/provision.js | 1 | ||||
| -rw-r--r-- | source4/setup/fedora-ds-init.ldif | 3 | ||||
| -rwxr-xr-x | source4/setup/provision | 8 | ||||
| -rw-r--r-- | source4/setup/provision_basedn.ldif | 1 |
4 files changed, 10 insertions, 3 deletions
diff --git a/source4/scripting/libjs/provision.js b/source4/scripting/libjs/provision.js index 96e55bc4ae1..954335d335f 100644 --- a/source4/scripting/libjs/provision.js +++ b/source4/scripting/libjs/provision.js @@ -701,6 +701,7 @@ function provision_guess() subobj.LDAPMODULE = "entryUUID"; subobj.LDAPMODULES = "objectguid"; subobj.EXTENSIBLEOBJECT = "# no objectClass: extensibleObject for local ldb"; + subobj.ACI = "# no aci for local ldb"; return subobj; } diff --git a/source4/setup/fedora-ds-init.ldif b/source4/setup/fedora-ds-init.ldif index f7d350c550a..83cdb6b392e 100644 --- a/source4/setup/fedora-ds-init.ldif +++ b/source4/setup/fedora-ds-init.ldif @@ -22,5 +22,6 @@ nsslapd-suffix: dc=tammy,dc=abartlet,dc=net # -# provision with --ldap-backend=ldap://localhost:4389 --ldap-module=nsuniqueid +# provision with --ldap-backend=ldap://localhost:4389 --ldap-module=nsuniqueid --aci='aci: (targetattr = "*") (version 3.0;acl "full access to all by all";allow (all)(userdn = "ldap:///anyone");)' + diff --git a/source4/setup/provision b/source4/setup/provision index 8912b28792b..8f1d422f512 100755 --- a/source4/setup/provision +++ b/source4/setup/provision @@ -31,7 +31,8 @@ options = GetOptions(ARGV, 'blank', 'ldap-base', 'ldap-backend=s', - 'ldap-module=s'); + 'ldap-module=s', + 'aci=s'); if (options == undefined) { println("Failed to parse options"); @@ -81,7 +82,7 @@ provision [options] --ldap-base output only an LDIF file, suitable for creating an LDAP baseDN --ldap-backend LDAPSERVER LDAP server to use for this provision --ldap-module= MODULE LDB mapping module to use for the LDAP backend - + --aci= ACI An arbitary LDIF fragment, particularly useful to loading a backend ACI value into a target LDAP server You must provide at least a realm and domain "); @@ -112,6 +113,9 @@ for (r in options) { var key = strupper(join("", split("-", r))); subobj[key] = options[r]; } +if (options["aci"] != undefined) { + println("set ACI: " + subobj["ACI"]); +} if (options["ldap-backend"] != undefined) { subobj["LDAPMODULES"] = subobj["LDAPMODULE"] + ",paged_searches"; diff --git a/source4/setup/provision_basedn.ldif b/source4/setup/provision_basedn.ldif index ab79319f20b..e8cf8005f3c 100644 --- a/source4/setup/provision_basedn.ldif +++ b/source4/setup/provision_basedn.ldif @@ -6,5 +6,6 @@ objectClass: top objectClass: domain objectClass: domainDNS ${EXTENSIBLEOBJECT} +${ACI} dc: ${RDN_DC} |