diff --git a/modify.ldif b/modify.ldif index c466686..5fcf884 100644 --- a/modify.ldif +++ b/modify.ldif @@ -3,3 +3,10 @@ changetype: modify replace: userPassword userPassword: CUSTOM_SERVICE_PASSWORD +dn: olcDatabase={1}mdb,cn=config +changetype: modify +replace: olcAccess +olcAccess: {0}to * by dn.exact=gidNumber=0+uidNumber=0,cn=peercred,cn=external,cn=auth manage by dn="uid=ldapsvcaccount,dc=CUSTOM_ORG,dc=CUSTOM_TLD" read by * break +olcAccess: {1}to attrs=userPassword,shadowLastChange by self write by dn="cn=admin,dc=CUSTOM_ORG,dc=CUSTOM_TLD" write by anonymous auth by * none +olcAccess: {2}to * by self read by dn.exact=cn=admin,dc=CUSTOM_ORG,dc=CUSTOM_TLD write by * none + diff --git a/templates/05-svc-service.ldif b/templates/05-svc-service.ldif index 388827b..a133825 100644 --- a/templates/05-svc-service.ldif +++ b/templates/05-svc-service.ldif @@ -9,11 +9,3 @@ objectClass: person objectClass: organizationalPerson objectClass: inetOrgPerson userPassword: CUSTOM_SERVICE_PASSWORD - -dn: olcDatabase={1}mdb,cn=config -changetype: modify -replace: olcAccess -olcAccess: {0}to * by dn.exact=gidNumber=0+uidNumber=0,cn=peercred,cn=external,cn=auth manage by dn="uid=ldapsvcaccount,dc=CUSTOM_ORG,dc=CUSTOM_TLD" read by * break -olcAccess: {1}to attrs=userPassword,shadowLastChange by self write by dn="cn=admin,dc=CUSTOM_ORG,dc=CUSTOM_TLD" write by anonymous auth by * none -olcAccess: {2}to * by self read by dn.exact=cn=admin,dc=CUSTOM_ORG,dc=CUSTOM_TLD write by * none -