]>
Commit | Line | Data |
---|---|---|
2961e79b CP |
1 | ## <summary>OpenLDAP directory server</summary> |
2 | ||
3 | ######################################## | |
4 | ## <summary> | |
5 | ## Read the contents of the OpenLDAP | |
6 | ## database directories. | |
7 | ## </summary> | |
8 | ## <param name="domain"> | |
885b83ec | 9 | ## <summary> |
2961e79b | 10 | ## Domain allowed access. |
885b83ec | 11 | ## </summary> |
2961e79b CP |
12 | ## </param> |
13 | # | |
1815bad1 | 14 | interface(`ldap_list_db',` |
2961e79b CP |
15 | gen_require(` |
16 | type slapd_db_t; | |
2961e79b CP |
17 | ') |
18 | ||
19 | allow $1 slapd_db_t:dir r_dir_perms; | |
20 | ') | |
21 | ||
22 | ######################################## | |
23 | ## <summary> | |
24 | ## Read the OpenLDAP configuration files. | |
25 | ## </summary> | |
26 | ## <param name="domain"> | |
885b83ec | 27 | ## <summary> |
2961e79b | 28 | ## Domain allowed access. |
885b83ec | 29 | ## </summary> |
2961e79b CP |
30 | ## </param> |
31 | # | |
32 | interface(`ldap_read_config',` | |
33 | gen_require(` | |
34 | type slapd_etc_t; | |
2961e79b CP |
35 | ') |
36 | ||
37 | files_search_etc($1) | |
38 | allow $1 slapd_etc_t:file { getattr read }; | |
39 | ') | |
3774e4eb CP |
40 | |
41 | ######################################## | |
42 | ## <summary> | |
43 | ## Use LDAP over TCP connection. | |
44 | ## </summary> | |
45 | ## <param name="domain"> | |
885b83ec | 46 | ## <summary> |
3774e4eb | 47 | ## Domain allowed access. |
885b83ec | 48 | ## </summary> |
3774e4eb CP |
49 | ## </param> |
50 | # | |
51 | interface(`ldap_use',` | |
52 | gen_require(` | |
53 | type slapd_t; | |
54 | ') | |
55 | ||
56 | allow $1 slapd_t:tcp_socket { connectto recvfrom }; | |
57 | allow slapd_t $1:tcp_socket { acceptfrom recvfrom }; | |
58 | kernel_tcp_recvfrom($1) | |
59 | ') |