include /etc/ldap/schema/core.schema include /etc/ldap/schema/cosine.schema include /etc/ldap/schema/inetorgperson.schema include /etc/ldap/schema/openldap.schema #include /etc/ldap/schema/nis.schema include /etc/ldap/schema/fusiondirectory/rfc2307bis.schema include /etc/ldap/schema/misc.schema #include /etc/ldap/schema/gosa/trust.schema include /etc/ldap/schema/fusiondirectory/samba.schema include /etc/ldap/schema/fusiondirectory/gosystem.schema include /etc/ldap/schema/fusiondirectory/gofon.schema include /etc/ldap/schema/fusiondirectory/goto.schema include /etc/ldap/schema/fusiondirectory/goto-mime.schema include /etc/ldap/schema/fusiondirectory/gosa-samba3.schema #include /etc/ldap/schema/fusiondirectory/gofax.schema #include /etc/ldap/schema/fusiondirectory/openssh.schema include /etc/ldap/schema/fusiondirectory/goserver.schema #include /etc/ldap/schema/fusiondirectory/fai.schema include /etc/ldap/schema/fusiondirectory/dnszone.schema #include /etc/ldap/schema/fusiondirectory/rfc2739.schema #include /etc/ldap/schema/fusiondirectory/kolab2.schema #include /etc/ldap/schema/fusiondirectory/apple.schema #include /etc/ldap/schema/fusiondirectory/nagios.schema #include /etc/ldap/schema/fusiondirectory/phpgwaccount.schema #include /etc/ldap/schema/fusiondirectory/pureftpd.schema #include /etc/ldap/schema/fusiondirectory/phpscheduleit.schema #include /etc/ldap/schema/fusiondirectory/pptp.schema #include /etc/ldap/schema/fusiondirectory/openxchange.schema include /etc/ldap/schema/fusiondirectory/dhcp.schema password-hash {CRYPT} password-crypt-salt-format "$1$%.8s" pidfile /var/run/slapd/slapd.pid loglevel 1024 modulepath /usr/lib/ldap moduleload back_hdb moduleload memberof.la database hdb overlay memberof memberof-group-oc groupOfNames memberof-member-ad member memberof-memberof-ad memberOf cachesize 10000 mode 0600 suffix "dc=firewall-services,dc=com" rootdn "cn=admin,dc=firewall-services,dc=com" rootpw __SECRET__ index uid,mail eq,sub index gosaMailAlternateAddress,gosaMailForwardingAddress eq index cn,sn,givenName,ou pres,eq,sub index objectClass pres,eq index uidNumber,gidNumber,memberuid,member eq index gosaSubtreeACL,gosaObject,gosaUser pres,eq index sambaSID eq,sub index sambaPrimaryGroupSID eq index sambaDomainName eq index sambaGroupType eq index sambaSIDList eq index zoneName eq index relativeDomainName eq index dhcpHWAddress eq index dhcpClassData eq index dhcpPrimaryDN eq index dhcpSecondaryDN eq index dhcpServerDN eq index dhcpFailOverPeerDN eq directory "/var/lib/ldap" # Accès aux mots de passe access to attrs=userPassword,sambaLmPassword,sambaNtPassword by dn=uid=samba,ou=DSA,dc=firewall-services,dc=com write by anonymous auth by self write by * none # Accès aux attributs samba access to attrs=sambaAcctFlags,sambaBadPasswordCount,sambaBadPasswordTime,sambaKickoffTime,sambaLogoffTime,sambaLogonHours,sambaPasswordHistory,sambaSID,sambaPrimaryGroupSID,sambaPwdCanChange,sambaPwdLastSet,sambaPwdMustChange,sambaUserWorkstations,sambaSIDList,sambaGroupType,sambaMungedDial,sambaLogonHours,sambaLogonTime,sambaDomainName,sambaHomePath,sambaHomeDrive by dn=uid=samba,ou=DSA,dc=firewall-services,dc=com write by self read by * none access to filter=(objectClass=sambaDomain) by dn=uid=samba,ou=DSA,dc=firewall-services,dc=com write by group.exact="cn=admins,ou=Groups,dc=firewall-services,dc=com" write by * none access to dn.subtree=ou=Computers,ou=systems,dc=firewall-services,dc=com by dn=uid=samba,ou=DSA,dc=firewall-services,dc=com write by group.exact="cn=admins,ou=Groups,dc=firewall-services,dc=com" write by * none # Accès aux attributs posix access to attrs=loginShell,gidNumber,homeDirectory,uidNumber,shadowExpire,shadowFlag,shadowInactive,shadowLastChange,shadowMax,shadowMin,shadowWarning by dn=uid=samba,ou=DSA,dc=firewall-services,dc=com write by self read by dn="uid=unix,ou=DSA,dc=firewall-services,dc=com" read # Accès aux container des comptes systèmes access to dn.subtree=ou=DSA,dc=firewall-services,dc=com by group.exact="cn=admins,ou=Groups,dc=firewall-services,dc=com" write by * none # Accès pour tous le monde à la base access to dn.base=dc=firewall-services,dc=com by * read # Accès anonyme obligatoire aux entrées DNS access to dn.subtree=ou=systems,dc=firewall-services,dc=com filter=(objectClass=dNSZone) by * read # Accès à des fins d'annuaires aux utilisateurs et aux groupes access to dn.regex="^.*,ou=(Users|Groups),dc=firewall-services,dc=com" by * read # Accès au reste access to * by users read by anonymous auth