Configuration

Overview of the Server Configuration of Aletheia?

Schemas

Aletheia has the following 4 schemas present:

NameDescription
coreThis standard schema is released with most LDAP distributions.
cosineThis schema is released with a standard OpenLDAP distribution.
inetorgpersonThe inetOrgPerson object class is a general purpose object class that holds attributes about people. The attributes it holds were chosen to accommodate information requirements found in typical Internet and Intranet directory service deployments. Further reading at rfc2789
rfc2307bisDraft at draft

Modules

NameDescription
memberof
refint
ppolicy syncprov back_ldap back_monitor dynlist autogroup

Aletheia Accounts

../../../../../../Stash/aletheia/image/entities/users/01-replicator.ldif ../../../../../../Stash/aletheia/image/entities/users/02-reader.ldif ../../../../../../Stash/aletheia/image/entities/users/03-propagator.ldif ../../../../../../Stash/aletheia/image/entities/users/04-observer.ldif ../../../../../../Stash/aletheia/image/entities/users/05-aletheia.ldif

Security

# Set Access
# TODO: Document Access
dn: olcDatabase={1}{{ ALETHEIA_SERVER_BACKEND }},cn=config
changetype: modify
delete: olcAccess
-
add: olcAccess
olcAccess: to * 
  by dn.exact=gidNumber=0+uidNumber=0,cn=peercred,cn=external,cn=auth manage 
  by * break
olcAccess: to attrs=userPassword,shadowLastChange 
  by self write 
  by dn="cn=admin,{{ ALETHEIA_SERVER_BASE_DN }}" write 
  by dn="cn=propagator,ou=self,{{ ALETHEIA_SERVER_BASE_DN }}" write 
  by dn="cn=replicator,ou=self,{{ ALETHEIA_SERVER_BASE_DN }}" read
  by group.exact="cn={{ ALETHEIA_SERVER_ENVIRONMENT }}-aletheia-write,{{ ALETHEIA_SERVER_ADMIN_GROUP_RDN }},{{ ALETHEIA_SERVER_BASE_DN }}" write
  by group.exact="cn={{ ALETHEIA_SERVER_ENVIRONMENT }}-aletheia-admin,{{ ALETHEIA_SERVER_ADMIN_GROUP_RDN }},{{ ALETHEIA_SERVER_BASE_DN }}" write
  by anonymous auth 
  by * none
olcAccess: to attrs=pwdFailuretime,pwdChangedTime,pwdHistory,pwdAccountLockedTime,pwdGraceUseTime
  by self none
  by dn="cn=admin,{{ ALETHEIA_SERVER_BASE_DN }}" manage 
  by dn="cn=propagator,ou=self,{{ ALETHEIA_SERVER_BASE_DN }}" manage
  by dn="cn=replicator,ou=self,{{ ALETHEIA_SERVER_BASE_DN }}" read
  by dn="cn=aletheia,ou=self,{{ ALETHEIA_SERVER_BASE_DN }}" read
  by group.exact="cn={{ ALETHEIA_SERVER_ENVIRONMENT }}-aletheia-read,{{ ALETHEIA_SERVER_ADMIN_GROUP_RDN }},{{ ALETHEIA_SERVER_BASE_DN }}" read
  by group.exact="cn={{ ALETHEIA_SERVER_ENVIRONMENT }}-aletheia-write,{{ ALETHEIA_SERVER_ADMIN_GROUP_RDN }},{{ ALETHEIA_SERVER_BASE_DN }}" write
  by group.exact="cn={{ ALETHEIA_SERVER_ENVIRONMENT }}-aletheia-admin,{{ ALETHEIA_SERVER_ADMIN_GROUP_RDN }},{{ ALETHEIA_SERVER_BASE_DN }}" manage
  by * none
olcAccess: to * 
  by self read 
  by dn="cn=admin,{{ ALETHEIA_SERVER_BASE_DN }}" write 
  by dn="cn=propagator,ou=self,{{ ALETHEIA_SERVER_BASE_DN }}" write 
  by dn="cn=reader,ou=self,{{ ALETHEIA_SERVER_BASE_DN }}" read 
  by dn="cn=replicator,ou=self,{{ ALETHEIA_SERVER_BASE_DN }}" read 
  by dn="cn=aletheia,ou=self,{{ ALETHEIA_SERVER_BASE_DN }}" read
  by group.exact="cn={{ ALETHEIA_SERVER_ENVIRONMENT }}-aletheia-read,{{ ALETHEIA_SERVER_ADMIN_GROUP_RDN }},{{ ALETHEIA_SERVER_BASE_DN }}" read
  by group.exact="cn={{ ALETHEIA_SERVER_ENVIRONMENT }}-aletheia-write,{{ ALETHEIA_SERVER_ADMIN_GROUP_RDN }},{{ ALETHEIA_SERVER_BASE_DN }}" write
  by group.exact="cn={{ ALETHEIA_SERVER_ENVIRONMENT }}-aletheia-admin,{{ ALETHEIA_SERVER_ADMIN_GROUP_RDN }},{{ ALETHEIA_SERVER_BASE_DN }}" write
  by * none