From ecfae5a2bc72740d767fe5cca51d8e63e2835ffa Mon Sep 17 00:00:00 2001
From: Knut Ahlers <knut@ahlers.me>
Date: Thu, 15 Mar 2018 12:14:50 +0100
Subject: [PATCH] Add default ACL

Signed-off-by: Knut Ahlers <knut@ahlers.me>
---
 config/slapd.ldif | 11 +++++++++++
 1 file changed, 11 insertions(+)

diff --git a/config/slapd.ldif b/config/slapd.ldif
index 116191d..a2c1471 100644
--- a/config/slapd.ldif
+++ b/config/slapd.ldif
@@ -27,6 +27,17 @@ dn: olcDatabase=mdb,cn=config
 objectClass: olcDatabaseConfig
 objectClass: olcMdbConfig
 olcDatabase: mdb
+olcAccess: {0}to attrs=userPassword 
+ by self write 
+ by anonymous auth 
+ by dn="cn={{ env `SLAPD_ADMIN_USER` `admin` }},{{ env `SLAPD_SUFFIX` `dc=example,dc=com` }}" write 
+ by * none
+olcAccess: {1}to dn.base="" 
+ by * read
+olcAccess: {2}to * 
+ by self write 
+ by dn="cn={{ env `SLAPD_ADMIN_USER` `admin` }},{{ env `SLAPD_SUFFIX` `dc=example,dc=com` }}" write 
+ by * read
 olcSuffix: {{ env `SLAPD_SUFFIX` `dc=example,dc=com` }}
 olcRootDN: cn={{ env `SLAPD_ADMIN_USER` `admin` }},{{ env `SLAPD_SUFFIX` `dc=example,dc=com` }}
 olcRootPW: {{ env `SLAPD_PASSWORD` `secret` }}