Change the defaultaccess to 'auth'

Set defaultaccess to 'read' in distribution slapd.conf and add warnings
Set schemacheck to 'on' in distribution slapd.conf and add warnings

diff --git a/servers/slapd/config.c b/servers/slapd/config.c
index fa546aac224303d2ef16bdd2d93c2c719593922c..abb5dab945aa6cfa98524f887be74dd8a06005a2 100644 (file)
--- a/servers/slapd/config.c
+++ b/servers/slapd/config.c
@@ -27,7 +27,7 @@
 int            defsize = SLAPD_DEFAULT_SIZELIMIT;
 int            deftime = SLAPD_DEFAULT_TIMELIMIT;
 AccessControl  *global_acl = NULL;
-int            global_default_access = ACL_READ;
+int            global_default_access = ACL_AUTH;
 int            global_readonly = 0;
 char           *replogfile;
 int            global_lastmod = ON;

diff --git a/servers/slapd/slapd.conf b/servers/slapd/slapd.conf
index 59be805b5b31d073ccf51b40dd8718e53769d216..e20c277be2496761cbbde7f88303dbf1a4f6b406 100644 (file)
--- a/servers/slapd/slapd.conf
+++ b/servers/slapd/slapd.conf
@@ -5,8 +5,13 @@
 #
 include                %SYSCONFDIR%/slapd.at.conf
 include                %SYSCONFDIR%/slapd.oc.conf
-schemacheck    off
 
+# Using ACLs to control access is wise.  When ACLs are used,
+# "defaultaccess none" is recommended (default is 'auth').
+defaultaccess read
+
+# Do not enable referrals until AFTER you have a working directory
+# service AND an understanding of referrals.
 #referral      ldap://root.openldap.org
 
 pidfile                %LOCALSTATEDIR%/slapd.pid