[slapd] DNS integration

257d2334 · shirenn · shirenn · 7eb6cc52 · 257d2334
Commit 257d2334 authored 3 years ago by shirenn 🌊 Committed by shirenn 3 years ago
--- a/roles/slapd/templates/ldap/slapd.conf.j2
+++ b/roles/slapd/templates/ldap/slapd.conf.j2
@@ -35,6 +35,8 @@ constraint_attribute description regex {{ slapd.regex }}
  restrict=ldap:///ou=hosts,dc=crans,dc=org??one?(objectClass=device)
 constraint_attribute uid regex ^_
  restrict=ldap:///ou=passwd,dc=crans,dc=org??one?(objectClass=posixAccount)
+constraint_attribute description regex ^.*(\ IN)?\ (TXT|DNAME|AAAA|CNAME)\ .*$
+  restrict=ldap:///ou=dns,dc=crans,dc=org??sub?(objectClass=dNSDomain)

 moduleload 		syncprov
 {% endif %}
@@ -136,6 +138,12 @@ access to attrs=userPassword,shadowLastChange
        by anonymous auth
        by * none

+access to attrs=loginShell,mail,telephoneNumber
+        by self write
+        by set="[cn=_nounou,ou=group,dc=crans,dc=org]/memberUid & user/uid" write
+        by dn="cn=replicator,dc=crans,dc=org" read
+        by * read
+
 # Ensure read access to the base for things like
 # supportedSASLMechanisms.  Without this you may
 # have problems with SASL not knowing what
@@ -166,6 +174,12 @@ access to attrs=userPassword,shadowLastChange
        by dn="cn=replicator,dc=crans,dc=org" read
        by * none

+access to attrs=loginShell,mail,telephoneNumber
+        by self write
+        by set="[cn=_nounou,ou=group,dc=crans,dc=org]/memberUid & user/uid" write
+        by dn="cn=replicator,dc=crans,dc=org" read
+        by * read
+
 # Ensure read access to the base for things like
 # supportedSASLMechanisms.  Without this you may
 # have problems with SASL not knowing what