Make invalid 'member' detection work again.

This defines a rootdn globally, and due to OpenLDAP bugs, gives it
manage access to the whole database.  This makes the memberOf module
able to validate the links again, now we have database ACLs.

Andrew Bartlett
(This used to be commit 9fe3e9f09f89fd92f8a16768e53391ff5f8489ec)

diff --git a/source4/setup/slapd.conf b/source4/setup/slapd.conf
index 495847f7fe936888073fb79a4e6af053937da2bc..4dcfd2aba76ad448b6fa1073f4ac31604d2c24da 100644 (file)
--- a/source4/setup/slapd.conf
+++ b/source4/setup/slapd.conf
@@ -32,6 +32,7 @@ access to dn.subtree="cn=samba"
 
 access to dn.subtree="${DOMAINDN}"
        by dn=cn=samba-admin,cn=samba manage
+       by dn=cn=manager manage
        by * none
 
 password-hash   {CLEARTEXT}
@@ -40,6 +41,8 @@ include ${LDAPDIR}/modules.conf
 
 defaultsearchbase ${DOMAINDN}
 
+rootdn cn=Manager
+
 ${REFINT_CONFIG}
 
 ${MEMBEROF_CONFIG}
@@ -47,6 +50,7 @@ ${MEMBEROF_CONFIG}
 database       ldif
 suffix         cn=Samba
 directory       ${LDAPDIR}/db/samba
+rootdn          cn=Manager,cn=Samba
 
 
 database        hdb