You are viewing a plain text version of this content. The canonical link for it is here.
Posted to commits@directory.apache.org by sm...@apache.org on 2020/02/20 20:26:05 UTC
[directory-fortress-core] branch master updated: FC-277 - Clean up
the RBAC accelerator enablement
This is an automated email from the ASF dual-hosted git repository.
smckinney pushed a commit to branch master
in repository https://gitbox.apache.org/repos/asf/directory-fortress-core.git
The following commit(s) were added to refs/heads/master by this push:
new 92a22d6 FC-277 - Clean up the RBAC accelerator enablement
92a22d6 is described below
commit 92a22d6998bd46c6230d6a25ed6cab8552a9b278
Author: Shawn McKinney <sm...@symas.com>
AuthorDate: Thu Feb 20 14:26:00 2020 -0600
FC-277 - Clean up the RBAC accelerator enablement
---
ldap/slapd.conf.src | 8 ++++----
slapd.properties.example | 11 ++++++-----
2 files changed, 10 insertions(+), 9 deletions(-)
diff --git a/ldap/slapd.conf.src b/ldap/slapd.conf.src
index 5ea2cf5..84514f0 100755
--- a/ldap/slapd.conf.src
+++ b/ldap/slapd.conf.src
@@ -91,7 +91,7 @@ access to dn.subtree="@LOG_SUFFIX@"
database @DB_TYPE@
@DFLT_RDRS@
@DFLT_SIZE@
-suffix "@SUFFIX@"
+suffix "@SUFFIX@"
rootdn "@ROOT_DN@"
rootpw "@ROOT_PW@"
@@ -191,10 +191,10 @@ ppolicy_hash_cleartext
@IS_RBAC_ACCELERATOR@rbac-default-permissions-base-dn "@PERMS_DN@"
@IS_RBAC_ACCELERATOR@rbac-default-sessions-base-dn "@SESSIONS_DN@"
@IS_RBAC_ACCELERATOR@rbac-default-audit-base-dn "@AUDITS_DN@"
-@IS_RBAC_ACCELERATOR@rbac-admin "@SUFFIX@"
-@IS_RBAC_ACCELERATOR@rbac-pwd "secret"
+@IS_RBAC_ACCELERATOR@rbac-admin "@ROOT_DN@"
+@IS_RBAC_ACCELERATOR@rbac-pwd "@ROOT_PW@"
@IS_RBAC_ACCELERATOR@rbac-session-admin "cn=manager,@SESSIONS_DN@"
-@IS_RBAC_ACCELERATOR@rbac-session-admin-pwd secret
+@IS_RBAC_ACCELERATOR@rbac-session-admin-pwd @LOG_ROOT_PW@
#######################################################################
# Monitor database
diff --git a/slapd.properties.example b/slapd.properties.example
index 0ee4726..a7960d3 100644
--- a/slapd.properties.example
+++ b/slapd.properties.example
@@ -55,9 +55,9 @@ ldap.max.batch.size=1000
#suffix.dc2=com
#suffix=dc=${suffix.name},dc=${suffix.dc},dc=${suffix.dc2}
-root.dn=cn=Manager,${suffix}
+root.dn=cn=manager,${suffix}
# Used to load OpenLDAP admin root password in slapd.conf and was encrypted using 'slappasswd' command:
-#root.pw={SSHA}pSOV2TpCxj2NMACijkcMko4fGrFopctU
+root.pw={SSHA}pSOV2TpCxj2NMACijkcMko4fGrFopctU
cfg.root.pw=secret
# This specifies the number of default LDAP connections to maintain in the pool:
@@ -74,7 +74,7 @@ max.log.conn=3
#These are passwords used for LDAP audit log service accounts:
# Audit Pool:
-log.admin.user=cn=Manager,${log.suffix}
+log.admin.user=cn=manager,${log.suffix}
log.admin.pw=secret
# Use if ldap.server.type=openldap. (Default is false):
@@ -141,7 +141,7 @@ log.ops=logops bind writes compare
########################################################################
# 4. RFC2307 OBJECT CLASS DEFINITIONS
########################################################################
-# Boolean value. If true, requires rfc2307bis schema because posixUser and posixGroup must be auxiliary object classes to work with ftRls which is structural..
+# Boolean value. Default is false. If true, requires rfc2307bis schema because posixUser and posixGroup must be auxiliary object classes to work with ftRls which is structural..
rfc2307=false
########################################################################
@@ -201,6 +201,7 @@ slapd.start=${openldap.root}/etc/solserver start -f ${openldap.root}/etc/openlda
# 6. RBAC ACCELERATOR OVERLAY PROPS
########################################################################
+# Default is false, if set to 'true', the OpenLDAP RBAC Accelerator overlay will be enabled:
rbac.accelerator=false
rbac.module=moduleload slapo-rbac.la
dds.module=moduleload dds.la
@@ -212,4 +213,4 @@ db.sess.dir=${db.root}/rbacsess
db.audit.dir=${db.root}/rbacaudit
db.rbac.dir=${db.root}/rbacoverlay
db.bak.audit.dir=${db.root}/backup/rbacaudit
-db.bak.sess.dir=${db.root}/backup/rbacsess
+db.bak.sess.dir=${db.root}/backup/rbacsess
\ No newline at end of file