diff options
| author | Rob Crittenden <rcritten@redhat.com> | 2010-03-19 16:52:13 -0400 |
|---|---|---|
| committer | Rob Crittenden <rcritten@redhat.com> | 2010-04-16 11:05:20 -0400 |
| commit | c6e6fa758e135781df215b5a44703dee526ecea5 (patch) | |
| tree | 14f3ae45ae9306cc57516c805ccc17f5237f4507 /install/share | |
| parent | 270292f70b884cfedc712ad4c4ebdc542cd233a5 (diff) | |
| download | freeipa-c6e6fa758e135781df215b5a44703dee526ecea5.tar.gz freeipa-c6e6fa758e135781df215b5a44703dee526ecea5.tar.xz freeipa-c6e6fa758e135781df215b5a44703dee526ecea5.zip | |
Enable anonymous VLV so Solaris clients will work out of the box.
Since one needs to enable the compat plugin we will enable anonymous
VLV when that is configured.
By default the DS installs an aci that grants read access to ldap:///all
and we need ldap:///anyone
Diffstat (limited to 'install/share')
| -rw-r--r-- | install/share/schema_compat.uldif | 4 |
1 files changed, 4 insertions, 0 deletions
diff --git a/install/share/schema_compat.uldif b/install/share/schema_compat.uldif index 71732c995..9bcda2cdd 100644 --- a/install/share/schema_compat.uldif +++ b/install/share/schema_compat.uldif @@ -48,3 +48,7 @@ default:schema-compat-entry-attribute: gidNumber=%{gidNumber} default:schema-compat-entry-attribute: memberUid=%{memberUid} default:schema-compat-entry-attribute: memberUid=%deref("member","uid") default:schema-compat-entry-attribute: memberUid=%referred("cn=users","memberOf","uid") + +# Enable anonymous VLV browsing for Solaris +dn: oid=2.16.840.1.113730.3.4.9,cn=features,cn=config +only:aci: '(targetattr !="aci")(version 3.0; acl "VLV Request Control"; allow (read, search, compare, proxy) userdn = "ldap:///anyone"; )' |