From 859dbe1398dfc53f407d058177fcf2bfafea21a8 Mon Sep 17 00:00:00 2001
From: Kurt Zeilenga <kurt@openldap.org>
Date: Fri, 15 Oct 1999 20:34:42 +0000
Subject: [PATCH] Change the defaultaccess to 'auth' Set defaultaccess to
 'read' in distribution slapd.conf and add warnings Set schemacheck to 'on' in
 distribution slapd.conf and add warnings

---
 servers/slapd/config.c   | 2 +-
 servers/slapd/slapd.conf | 7 ++++++-
 2 files changed, 7 insertions(+), 2 deletions(-)

diff --git a/servers/slapd/config.c b/servers/slapd/config.c
index fa546aac22..abb5dab945 100644
--- a/servers/slapd/config.c
+++ b/servers/slapd/config.c
@@ -27,7 +27,7 @@
 int		defsize = SLAPD_DEFAULT_SIZELIMIT;
 int		deftime = SLAPD_DEFAULT_TIMELIMIT;
 AccessControl	*global_acl = NULL;
-int		global_default_access = ACL_READ;
+int		global_default_access = ACL_AUTH;
 int		global_readonly = 0;
 char		*replogfile;
 int		global_lastmod = ON;
diff --git a/servers/slapd/slapd.conf b/servers/slapd/slapd.conf
index 59be805b5b..e20c277be2 100644
--- a/servers/slapd/slapd.conf
+++ b/servers/slapd/slapd.conf
@@ -5,8 +5,13 @@
 #
 include		%SYSCONFDIR%/slapd.at.conf
 include		%SYSCONFDIR%/slapd.oc.conf
-schemacheck	off
 
+# Using ACLs to control access is wise.  When ACLs are used,
+# "defaultaccess none" is recommended (default is 'auth').
+defaultaccess read
+
+# Do not enable referrals until AFTER you have a working directory
+# service AND an understanding of referrals.
 #referral	ldap://root.openldap.org
 
 pidfile		%LOCALSTATEDIR%/slapd.pid
-- 
2.39.5