[debian-lan-devel] [SCM] Debian-LAN development and packaging branch, master, updated. 0.6-48-g240c3cb

Andreas B. Mundt andi at debian.org
Sat Oct 6 06:39:16 UTC 2012 

The following commit has been merged in the master branch:
commit 240c3cb8b3a4156941f2e8e13738a7c028a8370f
Author: Andreas B. Mundt <andi at debian.org>
Date:   Sat Oct 6 08:37:22 2012 +0200

    Clean up slapd.conf.  Remove stuff left over from debian-edu.

diff --git a/fai/config/files/etc/ldap/slapd.conf/SERVER_A b/fai/config/files/etc/ldap/slapd.conf/SERVER_A
index 5d493c7..0897ef1 100644
--- a/fai/config/files/etc/ldap/slapd.conf/SERVER_A
+++ b/fai/config/files/etc/ldap/slapd.conf/SERVER_A
@@ -23,7 +23,7 @@ loglevel	none
 TLSCACertificateFile    /etc/ldap/ssl/slapd.pem
 TLSCertificateKeyFile   /etc/ldap/ssl/slapd.pem
 TLSCertificateFile      /etc/ldap/ssl/slapd.pem
-TLSVerifyClient		allow
+TLSVerifyClient		try
 
 modulepath	/usr/lib/ldap
 moduleload	back_hdb
@@ -96,33 +96,10 @@ checkpoint      512 30
 authz-regexp "uid=([^,]*),cn=gssapi,cn=auth"
         "ldap:///dc=intern??sub?(uid=$1)"
 
-## default: no access, but allow members of the ldap-admins group full
-## access.
-access to *
-        by group.exact="cn=ldap-admins,ou=ldap-access,dc=skole,dc=skolelinux,dc=no" manage
-        by * none break
-
-access to dn.base="cn=nextID,ou=variables,dc=skole,dc=skolelinux,dc=no"
-	attrs=gidNumber
-	by dn.exact="cn=smbadmin,ou=samba,dc=skole,dc=skolelinux,dc=no" ssf=128 write
-	by * read
-
-access to dn.exact="cn=smbadmin,ou=samba,dc=skole,dc=skolelinux,dc=no"
-	attrs=userPassword
-	by self      ssf=128 =wx
-	by anonymous ssf=128 auth
-	by * none
-
 access to attrs=userPassword
-	by self      =wx
-	by anonymous auth
-	by set="[cn=admins,ou=group,dc=skole,dc=skolelinux,dc=no]/member & this" none
-	by * none
-
-access to attrs=shadowLastChange
-	by self      ssf=128 =w
-	by set="[cn=admins,ou=group,dc=skole,dc=skolelinux,dc=no]/member & this" none
-	by * none
+       by anonymous auth
+       by self write
+       by * none
 
 ################# Kerberos-KDC access ##################
 access to dn.subtree="cn=kerberos,dc=intern"
diff --git a/fai/config/files/usr/local/sbin/debian-lan/SERVER_A b/fai/config/files/usr/local/sbin/debian-lan/SERVER_A
index ab1f937..e43f657 100755
--- a/fai/config/files/usr/local/sbin/debian-lan/SERVER_A
+++ b/fai/config/files/usr/local/sbin/debian-lan/SERVER_A
@@ -188,7 +188,7 @@ EOF
 	GW=`ip route show | grep default | egrep -o '[0-9]{1,3}\.[0-9]{1,3}\.[0-9]{1,3}\.[0-9]{1,3}'`
 	## locHW: all local hardware addresses
 	locHW=`ip addr show | grep -o "\w\{2\}:\w\{2\}:\w\{2\}:\w\{2\}:\w\{2\}:\w\{2\}" | sort -u | sed '1d;$d'`
-        ## allHW: all known hardware addresses with gateway address removed
+	## allHW: all known hardware addresses with gateway address removed
 	allHW=`ip neigh show | sed "/$GW/d" | grep -o "\w\{2\}:\w\{2\}:\w\{2\}:\w\{2\}:\w\{2\}:\w\{2\}" | sort -u`
 	for HWaddr in $allHW ; do
 	    if echo $locHW | grep -q $HWaddr ; then

-- 
Debian-LAN development and packaging

More information about the debian-lan-devel mailing list