From: Andrew Bartlett <abartlet@samba.org>
Date: Sun, 20 Jul 2008 23:36:24 +0000 (+1000)
Subject: Make invalid 'member' detection work again.
X-Git-Url: http://git.samba.org/samba.git/?p=kai%2Fsamba.git;a=commitdiff_plain;h=706140a1dcc5220739bde0f17afcb32ebc0c130a;hp=3408a2d18fa61e2a7e3b3e05cc3c454e5e15f2ce

Make invalid 'member' detection work again.

This defines a rootdn globally, and due to OpenLDAP bugs, gives it
manage access to the whole database.  This makes the memberOf module
able to validate the links again, now we have database ACLs.

Andrew Bartlett
(This used to be commit 9fe3e9f09f89fd92f8a16768e53391ff5f8489ec)
---

diff --git a/source4/setup/slapd.conf b/source4/setup/slapd.conf
index 495847f7fe9..4dcfd2aba76 100644
--- a/source4/setup/slapd.conf
+++ b/source4/setup/slapd.conf
@@ -32,6 +32,7 @@ access to dn.subtree="cn=samba"
 
 access to dn.subtree="${DOMAINDN}"
        by dn=cn=samba-admin,cn=samba manage
+       by dn=cn=manager manage
        by * none
 
 password-hash   {CLEARTEXT}
@@ -40,6 +41,8 @@ include ${LDAPDIR}/modules.conf
 
 defaultsearchbase ${DOMAINDN}
 
+rootdn cn=Manager
+
 ${REFINT_CONFIG}
 
 ${MEMBEROF_CONFIG}
@@ -47,6 +50,7 @@ ${MEMBEROF_CONFIG}
 database	ldif
 suffix		cn=Samba
 directory       ${LDAPDIR}/db/samba
+rootdn          cn=Manager,cn=Samba
 
 
 database        hdb