This file is indexed.

/etc/ldap/root.ldif is in debian-edu-config 1.702.

This file is owned by root:root, with mode 0o644.

The actual contents of the file can be viewed below.

  1
  2
  3
  4
  5
  6
  7
  8
  9
 10
 11
 12
 13
 14
 15
 16
 17
 18
 19
 20
 21
 22
 23
 24
 25
 26
 27
 28
 29
 30
 31
 32
 33
 34
 35
 36
 37
 38
 39
 40
 41
 42
 43
 44
 45
 46
 47
 48
 49
 50
 51
 52
 53
 54
 55
 56
 57
 58
 59
 60
 61
 62
 63
 64
 65
 66
 67
 68
 69
 70
 71
 72
 73
 74
 75
 76
 77
 78
 79
 80
 81
 82
 83
 84
 85
 86
 87
 88
 89
 90
 91
 92
 93
 94
 95
 96
 97
 98
 99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
## gosaAclEntry 0: contains the ACL for the gosa ldap super-admin
## defined in gosa.ldif; the cryptic string is the dn of the
## corresponding user in base64 encoding, compare:
## echo -n "uid=super-admin,ou=people,dc=skole,dc=skolelinux,dc=no" | base64
##

## gosaAclEntry 1: All users in the teachers group are allowed to read
## all personal data.
## echo -n "cn=teachers,ou=group,ou=Teachers,dc=skole,dc=skolelinux,dc=no" | base64 -w0
##
## gosaAclEntry 2:  compare: echo -n "*" | base64
## All users are allowed to change some personal data and their password.
## If you prefer a default user is allowed to only change his password use: 
##     gosaAclEntry: 1:psub:Kg==:users/password;srw
##
## gosaAclEntry 3: predefined admin role defined in: 
## echo -n "cn=admin,ou=aclroles,dc=skole,dc=skolelinux,dc=no" | base64 -w0
## (no default members)
##
dn: dc=skole,dc=skolelinux,dc=no
objectClass: top
objectClass: dcObject
objectClass: labeledURIObject
objectClass: organization
objectClass: gosaAcl
objectClass: gosaDepartment
description: Debian-Edu
dc: skole
ou: skole
o: skole.skolelinux.no
labeledURI: http://www/ LDAP for Debian Edu/Skolelinux
gosaAclEntry: 0:psub:$GOSAADMINSDN64:server/servgeneric;#gotoMode;r#userPassword;r#FAIstate;r,all;cmdrw
gosaAclEntry: 1:psub:$TEACHERSDN64:users/user;r
gosaAclEntry: 2:psub:Kg==:users/user;sr#personalTitle;w#academicTitle;w#dateOfBirth;w#gender;w#preferredLanguage;w#userPicture;w#homePostalAddress;w#homePhone;w#labeledURI;w,users/password;srw
gosaAclEntry: 3:role:$ADMINROLEDN64:

dn: ou=attic,dc=skole,dc=skolelinux,dc=no
objectClass: top
objectClass: organizationalUnit
ou: attic

dn: ou=people,dc=skole,dc=skolelinux,dc=no
objectClass: top
objectClass: organizationalUnit
objectClass: labeledURIObject
ou: people

dn: ou=systems,dc=skole,dc=skolelinux,dc=no
objectClass: top
objectClass: organizationalUnit
ou: systems

dn: ou=winstations,ou=systems,dc=skole,dc=skolelinux,dc=no
objectClass: top
objectClass: organizationalUnit
ou: winstations

dn: ou=group,dc=skole,dc=skolelinux,dc=no
objectClass: top
objectClass: organizationalUnit
ou: group

dn: ou=variables,dc=skole,dc=skolelinux,dc=no
objectClass: top
objectClass: organizationalUnit
ou: variables

dn: ou=ldap-access,dc=skole,dc=skolelinux,dc=no
objectClass: top
objectClass: organizationalUnit
ou: ldap-access

dn: cn=admin,ou=ldap-access,dc=skole,dc=skolelinux,dc=no
objectClass: top
objectClass: organizationalRole
objectClass: gosaAccount
objectClass: simpleSecurityObject
cn: admin
uid: admin
description: LDAP Administrator
userPassword: $ROOTPWDSSHAHASH

#
# MOVED TO samba.ldif...
# The SAMBA SID calculation for groups is Group RID = GID*2 + 1001
#
#dn: cn=admins,ou=group,dc=skole,dc=skolelinux,dc=no
#objectClass: top
#objectClass: posixGroup
#objectClass: sambaGroupMapping
#cn: admins
#description: All system administrators in the institution
#gidNumber: 10001
#sambaSID: $SAMBASID-21003
#sambaGroupType: 2
#displayName: Domain Admins
#
#dn: cn=jradmins,ou=group,dc=skole,dc=skolelinux,dc=no
#objectClass: top
#objectClass: posixGroup
#objectClass: sambaGroupMapping
#cn: jradmins
#description: All junior admins in the institution
#gidNumber: 10002
#sambaSID: $SAMBASID-21005
#sambaGroupType: 2
#displayName: jradmins

dn: cn=gosa-admin,ou=ldap-access,dc=skole,dc=skolelinux,dc=no
objectClass: top
objectClass: organizationalRole
objectClass: simpleSecurityObject
cn: gosa-admin
description: LDAP administrator used by gosa
userPassword: $GOSAPWDHASH

dn: ou=samba,dc=skole,dc=skolelinux,dc=no
objectClass: top
objectClass: organizationalUnit
ou: samba

dn: cn=smbadmin,ou=samba,dc=skole,dc=skolelinux,dc=no
objectClass: top
objectClass: organizationalRole
objectClass: simpleSecurityObject
cn: smbadmin
description: Samba Administrator
userPassword: $SAMBAPWDHASH

dn: cn=ldap-admins,ou=ldap-access,dc=skole,dc=skolelinux,dc=no
objectClass: top
objectClass: groupOfNames
cn: ldap-admins
description: All system administrators with full LDAP access
member: cn=admin,ou=ldap-access,dc=skole,dc=skolelinux,dc=no
member: cn=gosa-admin,ou=ldap-access,dc=skole,dc=skolelinux,dc=no

# This group is not used, as GOsa uses LDAP bind to authenticate
# users.
# FIXME See if this is still true after Squeeze.
#dn: cn=ldap-auth,ou=ldap-access,dc=skole,dc=skolelinux,dc=no
#objectClass: top
#objectClass: groupOfNames
#cn: ldap-auth
#description: Users allowed to authenticate using LDAP instead of Kerberos
#member: cn=admin,ou=ldap-access,dc=skole,dc=skolelinux,dc=no
#member: cn=gosa-admin,ou=ldap-access,dc=skole,dc=skolelinux,dc=no
#member: cn=kadmin-service,cn=kerberos,dc=skole,dc=skolelinux,dc=no
#member: cn=kdc-service,cn=kerberos,dc=skole,dc=skolelinux,dc=no
#member: cn=smbadmin,ou=samba,dc=skole,dc=skolelinux,dc=no
#member: uid=super-admin,ou=people,dc=skole,dc=skolelinux,dc=no