From: Kurt Zeilenga <kurt@openldap.org>
Date: Fri, 15 Oct 1999 20:34:42 +0000 (+0000)
Subject: Change the defaultaccess to 'auth'
X-Git-Tag: UCDATA_2_4~342
X-Git-Url: http://git.ipfire.org/cgi-bin/gitweb.cgi?a=commitdiff_plain;h=859dbe1398dfc53f407d058177fcf2bfafea21a8;p=thirdparty%2Fopenldap.git

Change the defaultaccess to 'auth'
Set defaultaccess to 'read' in distribution slapd.conf and add warnings
Set schemacheck to 'on' in distribution slapd.conf and add warnings
---

diff --git a/servers/slapd/config.c b/servers/slapd/config.c
index fa546aac22..abb5dab945 100644
--- a/servers/slapd/config.c
+++ b/servers/slapd/config.c
@@ -27,7 +27,7 @@
 int		defsize = SLAPD_DEFAULT_SIZELIMIT;
 int		deftime = SLAPD_DEFAULT_TIMELIMIT;
 AccessControl	*global_acl = NULL;
-int		global_default_access = ACL_READ;
+int		global_default_access = ACL_AUTH;
 int		global_readonly = 0;
 char		*replogfile;
 int		global_lastmod = ON;
diff --git a/servers/slapd/slapd.conf b/servers/slapd/slapd.conf
index 59be805b5b..e20c277be2 100644
--- a/servers/slapd/slapd.conf
+++ b/servers/slapd/slapd.conf
@@ -5,8 +5,13 @@
 #
 include		%SYSCONFDIR%/slapd.at.conf
 include		%SYSCONFDIR%/slapd.oc.conf
-schemacheck	off
 
+# Using ACLs to control access is wise.  When ACLs are used,
+# "defaultaccess none" is recommended (default is 'auth').
+defaultaccess read
+
+# Do not enable referrals until AFTER you have a working directory
+# service AND an understanding of referrals.
 #referral	ldap://root.openldap.org
 
 pidfile		%LOCALSTATEDIR%/slapd.pid