.

2026-03-17 19:47:28 +00:00
parent b654bd18bf
commit 1463dc9437
1 changed files with 16 additions and 25 deletions
--- a/openldap/configmaps.yaml
+++ b/openldap/configmaps.yaml
@@ -1758,12 +1758,14 @@ data:
    gidnumber: 10100
    homedirectory: /home/users/samba
    userpassword: dGhpc2lzbXlzZWN1cmVMREFQUFdzYW1iYQ==
-    sambaacctflags: [U          ]
-    sambasid: S-1-5-21-123456789-123456789-123456789-1100
+    sambaacctflags: [UX         ]
+    sambasid: S-1-5-21-4198802210-2986804114-1770636980-1100
+    sambaprimarygroupsid: S-1-5-21-4198802210-2986804114-1770636980-2000
    sambantpassword: B66961F10857280EE924EA773F8D10F6
+    sambapwdlastset: 1773776299
+    sambapwdcanchange: 0

-    #-------------------------
-    #groups:------------------
+    # groups ------------------

    dn: cn=users,ou=groups,dc=undercloud,dc=local
    changetype: add
@@ -1830,52 +1832,41 @@ data:
    objectclass: top

    dn: cn=samba,ou=groups,dc=undercloud,dc=local
+    changetype: add
    objectClass: top
    objectClass: groupOfUniqueNames
    objectClass: posixGroup
    objectClass: sambaGroupMapping
    cn: samba
    gidNumber: 10100
-    sambaSID: S-1-5-21-123456789-123456789-123456789-2000
+    sambaSID: S-1-5-21-4198802210-2986804114-1770636980-2000
    sambaGroupType: 2
    displayName: Samba CSI
    description: SMB service group for CSI driver
    memberUid: samba
    uniqueMember: cn=samba,ou=serviceaccounts,ou=users,dc=undercloud,dc=local

-    #---------------------------
-
-    #access control:-----------
-
-    #everybody can read the directory
-    #to dn.base="cn=undercloud,dc=local" by * read
-    #everybody can change their own object
-    #already configured
-    #admins can write to anything
-    #to * by group/groupOfUniqueNames/uniqueMember="cn=administrators,ou=groups,dc=undercloud,dc=local" write
+    # access control ----------

    dn: olcDatabase={1}mdb,cn=config
    changetype: modify
    replace: olcAccess
    olcAccess: {0}to * by dn.exact=gidNumber=0+uidNumber=0,cn=peercred,cn=external,cn=auth manage by * break
    olcAccess: {1}to attrs=userPassword,shadowLastChange by self write by group/groupOfUniqueNames/uniqueMember=cn=administrators,ou=groups,dc=undercloud,dc=local write by users read by anonymous auth by * none
-    olcAccess: {2}to dn.subtree="sambaDomainName=samba,dc=undercloud,dc=local" attrs=objectClass,sambaDomainName,sambaNextRid,sambaNextUserRid,sambaNextGroupRid,sambaSID,sambaAlgorithmicRidBase by dn.exact="cn=shodan,ou=users,dc=undercloud,dc=local" write by group/groupOfUniqueNames/uniqueMember=cn=administrators,ou=groups,dc=undercloud,dc=local write by users read by * none
+    olcAccess: {2}to dn.subtree="sambaDomainName=SAMBA,dc=undercloud,dc=local" attrs=objectClass,sambaDomainName,sambaNextRid,sambaNextUserRid,sambaNextGroupRid,sambaSID,sambaAlgorithmicRidBase by dn.exact="cn=shodan,ou=users,dc=undercloud,dc=local" write by group/groupOfUniqueNames/uniqueMember=cn=administrators,ou=groups,dc=undercloud,dc=local write by users read by * none
    olcAccess: {3}to dn.base="dc=undercloud,dc=local" by dn.exact="cn=shodan,ou=users,dc=undercloud,dc=local" search by group/groupOfUniqueNames/uniqueMember=cn=administrators,ou=groups,dc=undercloud,dc=local write by users read by * none
-    olcAccess: {4}to * by group/groupOfUniqueNames/uniqueMember=cn=administrators,ou=groups,dc=undercloud,dc=local write by self read by users read by * noney group/groupOfUniqueNames/uniqueMember=cn=administrators,ou=groups,dc=undercloud,dc=local write by self read by users read by * none
-    
-    #--------------------------
+    olcAccess: {4}to * by group/groupOfUniqueNames/uniqueMember=cn=administrators,ou=groups,dc=undercloud,dc=local write by self read by users read by * none

-    #samba stuff--------------
-    dn: sambaDomainName=samba,dc=undercloud,dc=local
+    # samba domain ------------
+
+    dn: sambaDomainName=SAMBA,dc=undercloud,dc=local
    changetype: add
    objectClass: top
    objectClass: sambaDomain
-    sambaDomainName: samba
-    sambaSID: S-1-5-21-123456789-123456789-123456789
+    sambaDomainName: SAMBA
+    sambaSID: S-1-5-21-4198802210-2986804114-1770636980
    sambaAlgorithmicRidBase: 1000
    sambaNextUserRid: 1000
    sambaNextGroupRid: 1001
    sambaNextRid: 1000
-    #--------------------------
-
 ---