[Pkg-openldap-devel] [openldap] 01/01: Copy more comments to slapd.init.ldif.

[Ryan Tandy]

This is an automated email from the git hooks/post-receive script.

rtandy-guest pushed a commit to branch master
in repository openldap.

commit 692808c7fa19aa777117a221c2121b4b26f07d40
Author: Ryan Tandy <ryan at nardis.ca>
Date:   Sun Sep 6 22:10:23 2015 -0700

    Copy more comments to slapd.init.ldif.
---
 debian/changelog       |  2 ++
 debian/slapd.init.ldif | 19 ++++++++++++++++++-
 2 files changed, 20 insertions(+), 1 deletion(-)

diff --git a/debian/changelog b/debian/changelog
index 9e38833..2162ac0 100644
--- a/debian/changelog
+++ b/debian/changelog
@@ -28,6 +28,8 @@ openldap (2.4.42+dfsg-2) UNRELEASED; urgency=medium
     others were already world-readable. (Closes: #669235)
   * Drop the redundant default ACL for dn.base="" from the database entry. 
     It's already covered by the fallback case below.
+  * Copy more comments from the slapd.conf template to slapd.init.ldif. Also 
+    comment the shadowLastChange access rule.
 
   [ Peter Marschall ]
   * Add a manual page slapo-smbk5pwd.5 and update smbk5pwd's Makefile to 
diff --git a/debian/slapd.init.ldif b/debian/slapd.init.ldif
index 841e4c5..163a8d8 100644
--- a/debian/slapd.init.ldif
+++ b/debian/slapd.init.ldif
@@ -7,7 +7,7 @@ cn: config
 olcPidFile: /var/run/slapd/slapd.pid
 # List of arguments that were passed to the server
 olcArgsFile: /var/run/slapd/slapd.args
-# Read slapd.conf(5) for possible values
+# Read slapd-config(5) for possible values
 olcLogLevel: none
 # The tool-threads parameter sets the actual amount of cpu's that is used
 # for indexing.
@@ -48,6 +48,7 @@ include: file:///etc/ldap/schema/inetorgperson.ldif
 dn: cn=module{0},cn=config
 objectClass: olcModuleList
 cn: module{0}
+# Where the dynamically loaded modules are stored
 olcModulePath: /usr/lib/ldap
 olcModuleLoad: back_ at BACKEND@
 
@@ -61,24 +62,40 @@ dn: olcDatabase=@BACKEND@,cn=config
 objectClass: olcDatabaseConfig
 objectClass: @BACKENDOBJECTCLASS@
 olcDatabase: @BACKEND@
+# Checkpoint the database periodically in case of system
+# failure and to speed slapd shutdown.
 olcDbCheckpoint: 512 30
 @BACKENDOPTIONS@
+# Save the time that the entry gets modified, for database #1
 olcLastMod: TRUE
+# The base of your directory in database #1
 olcSuffix: @SUFFIX@
+# Where the database file are physically stored for database #1
 olcDbDirectory: /var/lib/ldap
+# olcRootDN directive for specifying a superuser on the database. This
+# is needed for syncrepl.
 olcRootDN: cn=admin, at SUFFIX@
 olcRootPW: @PASSWORD@
+# Indexing options for database #1
 olcDbIndex: objectClass eq
 olcDbIndex: cn,uid eq
 olcDbIndex: uidNumber,gidNumber eq
 olcDbIndex: member,memberUid eq
+# The userPassword by default can be changed by the entry owning it if
+# they are authenticated. Others should not be able to see it, except
+# the admin entry above.
 olcAccess: to attrs=userPassword
   by self write
   by anonymous auth
   by * none
+# Allow update of authenticated user's shadowLastChange attribute.
+# Updating it on password change is implemented at least by libpam-ldap,
+# libpam-ldapd, and the slapo-smbk5pwd overlay.
 olcAccess: to attrs=shadowLastChange
   by self write
   by * read
+# The admin dn (olcRootDN) bypasses ACLs and so has total access,
+# everyone else can read everything.
 olcAccess: to *
   by * read
 

-- 
Alioth's /usr/local/bin/git-commit-notice on /srv/git.debian.org/git/pkg-openldap/openldap.git