summaryrefslogtreecommitdiffstats
path: root/install/share
diff options
context:
space:
mode:
authorRob Crittenden <rcritten@redhat.com>2010-03-19 16:52:13 -0400
committerRob Crittenden <rcritten@redhat.com>2010-04-16 11:05:20 -0400
commitc6e6fa758e135781df215b5a44703dee526ecea5 (patch)
tree14f3ae45ae9306cc57516c805ccc17f5237f4507 /install/share
parent270292f70b884cfedc712ad4c4ebdc542cd233a5 (diff)
downloadfreeipa-c6e6fa758e135781df215b5a44703dee526ecea5.tar.gz
freeipa-c6e6fa758e135781df215b5a44703dee526ecea5.tar.xz
freeipa-c6e6fa758e135781df215b5a44703dee526ecea5.zip
Enable anonymous VLV so Solaris clients will work out of the box.
Since one needs to enable the compat plugin we will enable anonymous VLV when that is configured. By default the DS installs an aci that grants read access to ldap:///all and we need ldap:///anyone
Diffstat (limited to 'install/share')
-rw-r--r--install/share/schema_compat.uldif4
1 files changed, 4 insertions, 0 deletions
diff --git a/install/share/schema_compat.uldif b/install/share/schema_compat.uldif
index 71732c995..9bcda2cdd 100644
--- a/install/share/schema_compat.uldif
+++ b/install/share/schema_compat.uldif
@@ -48,3 +48,7 @@ default:schema-compat-entry-attribute: gidNumber=%{gidNumber}
default:schema-compat-entry-attribute: memberUid=%{memberUid}
default:schema-compat-entry-attribute: memberUid=%deref("member","uid")
default:schema-compat-entry-attribute: memberUid=%referred("cn=users","memberOf","uid")
+
+# Enable anonymous VLV browsing for Solaris
+dn: oid=2.16.840.1.113730.3.4.9,cn=features,cn=config
+only:aci: '(targetattr !="aci")(version 3.0; acl "VLV Request Control"; allow (read, search, compare, proxy) userdn = "ldap:///anyone"; )'