## OpenLDAP directory server ######################################## ## ## Read the contents of the OpenLDAP ## database directories. ## ## ## Domain allowed access. ## # interface(`ldap_list_db_dir',` gen_require(` type slapd_db_t; ') allow $1 slapd_db_t:dir r_dir_perms; ') ######################################## ## ## Read the OpenLDAP configuration files. ## ## ## Domain allowed access. ## # interface(`ldap_read_config',` gen_require(` type slapd_etc_t; ') files_search_etc($1) allow $1 slapd_etc_t:file { getattr read }; ') ######################################## ## ## Use LDAP over TCP connection. ## ## ## Domain allowed access. ## # interface(`ldap_use',` gen_require(` type slapd_t; ') allow $1 slapd_t:tcp_socket { connectto recvfrom }; allow slapd_t $1:tcp_socket { acceptfrom recvfrom }; kernel_tcp_recvfrom($1) ')