[directory-fortress-core] branch master updated: FC-277 - Clean up the RBAC accelerator enablement

[sm...@apache.org]

This is an automated email from the ASF dual-hosted git repository.

smckinney pushed a commit to branch master
in repository https://gitbox.apache.org/repos/asf/directory-fortress-core.git


The following commit(s) were added to refs/heads/master by this push:
     new 92a22d6  FC-277 - Clean up the RBAC accelerator enablement
92a22d6 is described below

commit 92a22d6998bd46c6230d6a25ed6cab8552a9b278
Author: Shawn McKinney <sm...@symas.com>
AuthorDate: Thu Feb 20 14:26:00 2020 -0600

    FC-277 - Clean up the RBAC accelerator enablement
---
 ldap/slapd.conf.src      |  8 ++++----
 slapd.properties.example | 11 ++++++-----
 2 files changed, 10 insertions(+), 9 deletions(-)

diff --git a/ldap/slapd.conf.src b/ldap/slapd.conf.src
index 5ea2cf5..84514f0 100755
--- a/ldap/slapd.conf.src
+++ b/ldap/slapd.conf.src
@@ -91,7 +91,7 @@ access to dn.subtree="@LOG_SUFFIX@"
 database	@DB_TYPE@
 @DFLT_RDRS@
 @DFLT_SIZE@
-suffix		"@SUFFIX@"
+suffix      "@SUFFIX@"
 rootdn      "@ROOT_DN@"
 rootpw      "@ROOT_PW@"
 
@@ -191,10 +191,10 @@ ppolicy_hash_cleartext
 @IS_RBAC_ACCELERATOR@rbac-default-permissions-base-dn "@PERMS_DN@"
 @IS_RBAC_ACCELERATOR@rbac-default-sessions-base-dn "@SESSIONS_DN@"
 @IS_RBAC_ACCELERATOR@rbac-default-audit-base-dn "@AUDITS_DN@"
-@IS_RBAC_ACCELERATOR@rbac-admin "@SUFFIX@"
-@IS_RBAC_ACCELERATOR@rbac-pwd "secret"
+@IS_RBAC_ACCELERATOR@rbac-admin "@ROOT_DN@"
+@IS_RBAC_ACCELERATOR@rbac-pwd "@ROOT_PW@"
 @IS_RBAC_ACCELERATOR@rbac-session-admin "cn=manager,@SESSIONS_DN@"
-@IS_RBAC_ACCELERATOR@rbac-session-admin-pwd secret
+@IS_RBAC_ACCELERATOR@rbac-session-admin-pwd @LOG_ROOT_PW@
 
 #######################################################################
 # Monitor database
diff --git a/slapd.properties.example b/slapd.properties.example
index 0ee4726..a7960d3 100644
--- a/slapd.properties.example
+++ b/slapd.properties.example
@@ -55,9 +55,9 @@ ldap.max.batch.size=1000
 #suffix.dc2=com
 #suffix=dc=${suffix.name},dc=${suffix.dc},dc=${suffix.dc2}
 
-root.dn=cn=Manager,${suffix}
+root.dn=cn=manager,${suffix}
 # Used to load OpenLDAP admin root password in slapd.conf and was encrypted using 'slappasswd' command:
-#root.pw={SSHA}pSOV2TpCxj2NMACijkcMko4fGrFopctU
+root.pw={SSHA}pSOV2TpCxj2NMACijkcMko4fGrFopctU
 cfg.root.pw=secret
 
 # This specifies the number of default LDAP connections to maintain in the pool:
@@ -74,7 +74,7 @@ max.log.conn=3
 
 #These are passwords used for LDAP audit log service accounts:
 # Audit Pool:
-log.admin.user=cn=Manager,${log.suffix}
+log.admin.user=cn=manager,${log.suffix}
 log.admin.pw=secret
 
 # Use if ldap.server.type=openldap.  (Default is false):
@@ -141,7 +141,7 @@ log.ops=logops bind writes compare
 ########################################################################
 # 4. RFC2307 OBJECT CLASS DEFINITIONS
 ########################################################################
-# Boolean value. If true, requires rfc2307bis schema because posixUser and posixGroup must be auxiliary object classes to work with ftRls which is structural..
+# Boolean value. Default is false.  If true, requires rfc2307bis schema because posixUser and posixGroup must be auxiliary object classes to work with ftRls which is structural..
 rfc2307=false
 
 ########################################################################
@@ -201,6 +201,7 @@ slapd.start=${openldap.root}/etc/solserver start -f ${openldap.root}/etc/openlda
 # 6. RBAC ACCELERATOR OVERLAY PROPS
 ########################################################################
 
+# Default is false, if set to 'true', the OpenLDAP RBAC Accelerator overlay will be enabled:
 rbac.accelerator=false
 rbac.module=moduleload slapo-rbac.la
 dds.module=moduleload  dds.la
@@ -212,4 +213,4 @@ db.sess.dir=${db.root}/rbacsess
 db.audit.dir=${db.root}/rbacaudit
 db.rbac.dir=${db.root}/rbacoverlay
 db.bak.audit.dir=${db.root}/backup/rbacaudit
-db.bak.sess.dir=${db.root}/backup/rbacsess
+db.bak.sess.dir=${db.root}/backup/rbacsess
\ No newline at end of file