Enable anonymous VLV so Solaris clients will work out of the box.

Since one needs to enable the compat plugin we will enable anonymous VLV when that is configured. By default the DS installs an aci that grants read access to ldap:///all and we need ldap:///anyone
author: Rob Crittenden <rcritten@redhat.com> 2010-03-19 16:52:13 -0400
committer: Rob Crittenden <rcritten@redhat.com> 2010-04-16 11:05:20 -0400
commit: c6e6fa758e135781df215b5a44703dee526ecea5 (patch)
tree: 14f3ae45ae9306cc57516c805ccc17f5237f4507
parent: 270292f70b884cfedc712ad4c4ebdc542cd233a5 (diff)
download: freeipa-c6e6fa758e135781df215b5a44703dee526ecea5.tar.gz
freeipa-c6e6fa758e135781df215b5a44703dee526ecea5.tar.xz
freeipa-c6e6fa758e135781df215b5a44703dee526ecea5.zip
1 files changed, 4 insertions, 0 deletions
diff --git a/install/share/schema_compat.uldif b/install/share/schema_compat.uldif
index 71732c99..9bcda2cd 100644
--- a/install/share/schema_compat.uldif
+++ b/install/share/schema_compat.uldif
@@ -48,3 +48,7 @@ default:schema-compat-entry-attribute: gidNumber=%{gidNumber}
 default:schema-compat-entry-attribute: memberUid=%{memberUid}
 default:schema-compat-entry-attribute: memberUid=%deref("member","uid")
 default:schema-compat-entry-attribute: memberUid=%referred("cn=users","memberOf","uid")
+
+# Enable anonymous VLV browsing for Solaris
+dn: oid=2.16.840.1.113730.3.4.9,cn=features,cn=config
+only:aci: '(targetattr !="aci")(version 3.0; acl "VLV Request Control"; allow (read, search, compare, proxy) userdn = "ldap:///anyone"; )'
author	Rob Crittenden <rcritten@redhat.com>	2010-03-19 16:52:13 -0400
committer	Rob Crittenden <rcritten@redhat.com>	2010-04-16 11:05:20 -0400
commit	c6e6fa758e135781df215b5a44703dee526ecea5 (patch)
tree	14f3ae45ae9306cc57516c805ccc17f5237f4507
parent	270292f70b884cfedc712ad4c4ebdc542cd233a5 (diff)
download	freeipa-c6e6fa758e135781df215b5a44703dee526ecea5.tar.gz freeipa-c6e6fa758e135781df215b5a44703dee526ecea5.tar.xz freeipa-c6e6fa758e135781df215b5a44703dee526ecea5.zip