From c6e6fa758e135781df215b5a44703dee526ecea5 Mon Sep 17 00:00:00 2001
From: Rob Crittenden <rcritten@redhat.com>
Date: Fri, 19 Mar 2010 16:52:13 -0400
Subject: Enable anonymous VLV so Solaris clients will work out of the box.

Since one needs to enable the compat plugin we will enable anonymous
VLV when that is configured.

By default the DS installs an aci that grants read access to ldap:///all
and we need ldap:///anyone
---
 install/share/schema_compat.uldif | 4 ++++
 1 file changed, 4 insertions(+)

diff --git a/install/share/schema_compat.uldif b/install/share/schema_compat.uldif
index 71732c99..9bcda2cd 100644
--- a/install/share/schema_compat.uldif
+++ b/install/share/schema_compat.uldif
@@ -48,3 +48,7 @@ default:schema-compat-entry-attribute: gidNumber=%{gidNumber}
 default:schema-compat-entry-attribute: memberUid=%{memberUid}
 default:schema-compat-entry-attribute: memberUid=%deref("member","uid")
 default:schema-compat-entry-attribute: memberUid=%referred("cn=users","memberOf","uid")
+
+# Enable anonymous VLV browsing for Solaris
+dn: oid=2.16.840.1.113730.3.4.9,cn=features,cn=config
+only:aci: '(targetattr !="aci")(version 3.0; acl "VLV Request Control"; allow (read, search, compare, proxy) userdn = "ldap:///anyone"; )'
-- 
cgit