From a8ae12db261213945a7583817f7e7ac4e4eda874 Mon Sep 17 00:00:00 2001
From: Kurt Zeilenga <kurt@openldap.org>
Date: Mon, 12 Jul 1999 22:59:01 +0000
Subject: [PATCH] Add comment warn about unprotected root dse, cn=config, ....

---
 tests/data/slapd-acl.conf | 25 ++++++++++++++++++++-----
 1 file changed, 20 insertions(+), 5 deletions(-)

diff --git a/tests/data/slapd-acl.conf b/tests/data/slapd-acl.conf
index 5e56dea19c..8e0e328b9d 100644
--- a/tests/data/slapd-acl.conf
+++ b/tests/data/slapd-acl.conf
@@ -4,12 +4,15 @@
 include		./data/slapd.at.conf
 include		./data/slapd.oc.conf
 schemacheck	off
+pidfile     ./test-db/slapd.pid
+argsfile    ./test-db/slapd.args
 
 #######################################################################
 # ldbm database definitions
 #######################################################################
 
 database	ldbm
+cachesize	0
 suffix		"o=University of Michigan, c=US"
 directory	./test-db
 rootdn		"cn=Manager, o=University of Michigan, c=US"
@@ -18,19 +21,31 @@ index		cn,sn,uid	pres,eq,approx
 index		default		none
 lastmod		on
 defaultaccess	none
+
+#
+# normal installations should protect root dse,
+# cn=monitor, cn=schema, and cn=config
+#
+
 access		to attr=objectclass
 		by * read
-access		to attr=userpassword
+
+access		to filter="objectclass=person" attr=userpassword
 		by self write
-		by * compare
-access		to dn=".*,ou=Alumni Association,ou=People,o=University of Michigan,c=US"
-		by dn=".*,o=University of Michigan,c=US"
-		read
+		by anonymous auth
 		by * none
+
+access		to dn="^.*,ou=Alumni Association,ou=People,o=University of Michigan,c=US$"
+		by dn="^.*,o=University of Michigan,c=US$" read
+		by anonymous auth
+		by * none
+
 access		to attr=member
 		by dnattr=member selfwrite
 		by * read
+
 access		to filter="objectclass=rfc822mailgroup"
 		by dn="Bjorn Jensen,ou=Information Technology Division,ou=People,o=University of Michigan,c=US" write
 		by * read
+
 access		to * by * read
-- 
2.39.5