[Astlinux-commits] SF.net SVN: astlinux:[6230] branches/1.0

[<abe...@us...>]

Revision: 6230
          http://sourceforge.net/p/astlinux/code/6230
Author:   abelbeck
Date:     2013-10-15 21:45:34 +0000 (Tue, 15 Oct 2013)
Log Message:
-----------
slapd, add LDAP_SERVER_ANONYMOUS=localhost option, now the default, that allows anonymous read-only access to the localhost address

Modified Paths:
--------------
    branches/1.0/package/openldap/slapd.init
    branches/1.0/project/astlinux/target_skeleton/stat/etc/rc.conf

Modified: branches/1.0/package/openldap/slapd.init
===================================================================
--- branches/1.0/package/openldap/slapd.init	2013-10-15 16:25:03 UTC (rev 6229)
+++ branches/1.0/package/openldap/slapd.init	2013-10-15 21:45:34 UTC (rev 6230)
@@ -82,7 +82,7 @@
 
 gen_slapd_conf()
 {
-  local cert key
+  local cert key ANONYMOUS
 
   set_local_vars
 
@@ -109,10 +109,24 @@
     logger -t slapd -p kern.info "Try generating an Asterisk SIP-TLS Server Certificate, which LDAP Server will use by default."
   fi
 
-  if [ "$LDAP_SERVER_ANONYMOUS" != "yes" ]; then
+  if [ "$LDAP_SERVER_ANONYMOUS" = "no" ]; then
+    ANONYMOUS=""
     echo "
 disallow bind_anon"
+  elif [ "$LDAP_SERVER_ANONYMOUS" = "yes" ]; then
+    ANONYMOUS="
+      by anonymous read"
+  elif [ "$IPV6" = "yes" ]; then     # "localhost"
+    ANONYMOUS="
+      by peername.ip=127.0.0.1 read
+      by peername.ipv6=::1 read
+      by anonymous none"
+  else
+    ANONYMOUS="
+      by peername.ip=127.0.0.1 read
+      by anonymous none"
   fi
+
   echo "
 access to attrs=userpassword
       by self write
@@ -120,8 +134,7 @@
       by * none
 access to dn.subtree=\"ou=addressbook,${BASE}\"
       by dn.exact=\"cn=directory,ou=users,${BASE}\" read
-      by users write
-      by anonymous read
+      by users write${ANONYMOUS:+$ANONYMOUS}
       by * none
 access to *
       by self write

Modified: branches/1.0/project/astlinux/target_skeleton/stat/etc/rc.conf
===================================================================
--- branches/1.0/project/astlinux/target_skeleton/stat/etc/rc.conf	2013-10-15 16:25:03 UTC (rev 6229)
+++ branches/1.0/project/astlinux/target_skeleton/stat/etc/rc.conf	2013-10-15 21:45:34 UTC (rev 6230)
@@ -477,18 +477,18 @@
 ## Example: ldapsearch -LLL "(sn=schiffer)" cn telephoneNumber cellPhone
 ## uses the defaults rather than having to be specified on each ldapsearch shell command.
 ## Note: All except LDAP_URI is automatically honored from ldap enabled PHP scripts.
-#LDAP_URI="ldap://ldap.memotoo.com"                # Space separated list of LDAP servers, use ldap:// or ldaps://
-#LDAP_BASE="dc=9c6089bedaaee59f09bcdce487972160"   # Defines the default base DN (Distinguished Name)
-#LDAP_DEREF="never"                                # Dereferencing: "never", "searching", "finding" or "always", defaults to "never"
-#LDAP_TLS_CACERT="/mnt/kd/ssl/ca-ldap.pem"         # TLS server CA certificates recognized by the client, file path
-#LDAP_TLS_REQCERT="never"                          # TLS certificate check: "never", "allow", "try" or "demand", defaults to "demand"
+#LDAP_URI="ldap://127.0.0.1"                # Space separated list of LDAP servers, use ldap:// or ldaps://
+#LDAP_BASE="ou=addressbook,dc=astlinux"     # Defines the default base DN (Distinguished Name)
+#LDAP_DEREF="never"                         # Dereferencing: "never", "searching", "finding" or "always", defaults to "never"
+#LDAP_TLS_CACERT="/mnt/kd/ssl/ca-ldap.pem"  # TLS server CA certificates recognized by the client, file path
+#LDAP_TLS_REQCERT="never"                   # TLS certificate check: "never", "allow", "try" or "demand", defaults to "demand"
 ## LDAP Server - OpenLDAP (slapd)
-#LDAP_SERVER="yes"                                 # Enable LDAP server slapd with "yes", defaults to "no"
-#LDAP_SERVER_BASEDN="dc=example,dc=com"            # suffix and must begin with 'dc=', defaults to using DOMAIN, ex. foo.com -> "dc=foo,dc=com"
-#LDAP_SERVER_PASS=""                               # rootpw, defaults to web interface admin password
-#LDAP_SERVER_ANONYMOUS="yes"                       # If "yes" allow anonymous read-only access, defaults to "no"
-#LDAP_SERVER_CERT=""                               # Defaults to "/mnt/kd/ldap/certs/server.crt" using SIP-TLS cert
-#LDAP_SERVER_KEY=""                                # Defaults to "/mnt/kd/ldap/certs/server.key" using SIP-TLS key
+#LDAP_SERVER="yes"                          # Enable LDAP server slapd with "yes", defaults to "no"
+#LDAP_SERVER_BASEDN="dc=astlinux"           # suffix and must begin with 'dc=', defaults to using DOMAIN, ex. foo.com -> "dc=foo,dc=com"
+#LDAP_SERVER_PASS=""                        # rootpw, defaults to web interface admin password
+#LDAP_SERVER_ANONYMOUS="yes"                # If "yes" allow anonymous read-only access, "localhost" peer only, or "no", defaults to "localhost"
+#LDAP_SERVER_CERT=""                        # Defaults to "/mnt/kd/ldap/certs/server.crt" using SIP-TLS cert
+#LDAP_SERVER_KEY=""                         # Defaults to "/mnt/kd/ldap/certs/server.key" using SIP-TLS key
 
 ## Proxy ENV variables (http_proxy, ftp_proxy, etc.) for curl, wget, etc.
 ## Format: http://user:pass@proxyhost:proxyport"

This was sent by the SourceForge.net collaborative development platform, the world's largest Open Source development site.