/etc/ldap/root.ldif is in debian-edu-config 1.702.
This file is owned by root:root, with mode 0o644.
The actual contents of the file can be viewed below.
1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45 46 47 48 49 50 51 52 53 54 55 56 57 58 59 60 61 62 63 64 65 66 67 68 69 70 71 72 73 74 75 76 77 78 79 80 81 82 83 84 85 86 87 88 89 90 91 92 93 94 95 96 97 98 99 100 101 102 103 104 105 106 107 108 109 110 111 112 113 114 115 116 117 118 119 120 121 122 123 124 125 126 127 128 129 130 131 132 133 134 135 136 137 138 139 140 141 142 143 144 145 146 147 148 149 150 151 | ## gosaAclEntry 0: contains the ACL for the gosa ldap super-admin
## defined in gosa.ldif; the cryptic string is the dn of the
## corresponding user in base64 encoding, compare:
## echo -n "uid=super-admin,ou=people,dc=skole,dc=skolelinux,dc=no" | base64
##
## gosaAclEntry 1: All users in the teachers group are allowed to read
## all personal data.
## echo -n "cn=teachers,ou=group,ou=Teachers,dc=skole,dc=skolelinux,dc=no" | base64 -w0
##
## gosaAclEntry 2: compare: echo -n "*" | base64
## All users are allowed to change some personal data and their password.
## If you prefer a default user is allowed to only change his password use:
## gosaAclEntry: 1:psub:Kg==:users/password;srw
##
## gosaAclEntry 3: predefined admin role defined in:
## echo -n "cn=admin,ou=aclroles,dc=skole,dc=skolelinux,dc=no" | base64 -w0
## (no default members)
##
dn: dc=skole,dc=skolelinux,dc=no
objectClass: top
objectClass: dcObject
objectClass: labeledURIObject
objectClass: organization
objectClass: gosaAcl
objectClass: gosaDepartment
description: Debian-Edu
dc: skole
ou: skole
o: skole.skolelinux.no
labeledURI: http://www/ LDAP for Debian Edu/Skolelinux
gosaAclEntry: 0:psub:$GOSAADMINSDN64:server/servgeneric;#gotoMode;r#userPassword;r#FAIstate;r,all;cmdrw
gosaAclEntry: 1:psub:$TEACHERSDN64:users/user;r
gosaAclEntry: 2:psub:Kg==:users/user;sr#personalTitle;w#academicTitle;w#dateOfBirth;w#gender;w#preferredLanguage;w#userPicture;w#homePostalAddress;w#homePhone;w#labeledURI;w,users/password;srw
gosaAclEntry: 3:role:$ADMINROLEDN64:
dn: ou=attic,dc=skole,dc=skolelinux,dc=no
objectClass: top
objectClass: organizationalUnit
ou: attic
dn: ou=people,dc=skole,dc=skolelinux,dc=no
objectClass: top
objectClass: organizationalUnit
objectClass: labeledURIObject
ou: people
dn: ou=systems,dc=skole,dc=skolelinux,dc=no
objectClass: top
objectClass: organizationalUnit
ou: systems
dn: ou=winstations,ou=systems,dc=skole,dc=skolelinux,dc=no
objectClass: top
objectClass: organizationalUnit
ou: winstations
dn: ou=group,dc=skole,dc=skolelinux,dc=no
objectClass: top
objectClass: organizationalUnit
ou: group
dn: ou=variables,dc=skole,dc=skolelinux,dc=no
objectClass: top
objectClass: organizationalUnit
ou: variables
dn: ou=ldap-access,dc=skole,dc=skolelinux,dc=no
objectClass: top
objectClass: organizationalUnit
ou: ldap-access
dn: cn=admin,ou=ldap-access,dc=skole,dc=skolelinux,dc=no
objectClass: top
objectClass: organizationalRole
objectClass: gosaAccount
objectClass: simpleSecurityObject
cn: admin
uid: admin
description: LDAP Administrator
userPassword: $ROOTPWDSSHAHASH
#
# MOVED TO samba.ldif...
# The SAMBA SID calculation for groups is Group RID = GID*2 + 1001
#
#dn: cn=admins,ou=group,dc=skole,dc=skolelinux,dc=no
#objectClass: top
#objectClass: posixGroup
#objectClass: sambaGroupMapping
#cn: admins
#description: All system administrators in the institution
#gidNumber: 10001
#sambaSID: $SAMBASID-21003
#sambaGroupType: 2
#displayName: Domain Admins
#
#dn: cn=jradmins,ou=group,dc=skole,dc=skolelinux,dc=no
#objectClass: top
#objectClass: posixGroup
#objectClass: sambaGroupMapping
#cn: jradmins
#description: All junior admins in the institution
#gidNumber: 10002
#sambaSID: $SAMBASID-21005
#sambaGroupType: 2
#displayName: jradmins
dn: cn=gosa-admin,ou=ldap-access,dc=skole,dc=skolelinux,dc=no
objectClass: top
objectClass: organizationalRole
objectClass: simpleSecurityObject
cn: gosa-admin
description: LDAP administrator used by gosa
userPassword: $GOSAPWDHASH
dn: ou=samba,dc=skole,dc=skolelinux,dc=no
objectClass: top
objectClass: organizationalUnit
ou: samba
dn: cn=smbadmin,ou=samba,dc=skole,dc=skolelinux,dc=no
objectClass: top
objectClass: organizationalRole
objectClass: simpleSecurityObject
cn: smbadmin
description: Samba Administrator
userPassword: $SAMBAPWDHASH
dn: cn=ldap-admins,ou=ldap-access,dc=skole,dc=skolelinux,dc=no
objectClass: top
objectClass: groupOfNames
cn: ldap-admins
description: All system administrators with full LDAP access
member: cn=admin,ou=ldap-access,dc=skole,dc=skolelinux,dc=no
member: cn=gosa-admin,ou=ldap-access,dc=skole,dc=skolelinux,dc=no
# This group is not used, as GOsa uses LDAP bind to authenticate
# users.
# FIXME See if this is still true after Squeeze.
#dn: cn=ldap-auth,ou=ldap-access,dc=skole,dc=skolelinux,dc=no
#objectClass: top
#objectClass: groupOfNames
#cn: ldap-auth
#description: Users allowed to authenticate using LDAP instead of Kerberos
#member: cn=admin,ou=ldap-access,dc=skole,dc=skolelinux,dc=no
#member: cn=gosa-admin,ou=ldap-access,dc=skole,dc=skolelinux,dc=no
#member: cn=kadmin-service,cn=kerberos,dc=skole,dc=skolelinux,dc=no
#member: cn=kdc-service,cn=kerberos,dc=skole,dc=skolelinux,dc=no
#member: cn=smbadmin,ou=samba,dc=skole,dc=skolelinux,dc=no
#member: uid=super-admin,ou=people,dc=skole,dc=skolelinux,dc=no
|