## <summary>OpenLDAP directory server</summary>

########################################
## <summary>
##	Read the contents of the OpenLDAP
##	database directories.
## </summary>
## <param name="domain">
##	Domain allowed access.
## </param>
#
interface(`ldap_list_db_dir',`
	gen_require(`
		type slapd_db_t;
		class dir r_dir_perms;
	')

	allow $1 slapd_db_t:dir r_dir_perms;
')

########################################
## <summary>
##	Read the OpenLDAP configuration files.
## </summary>
## <param name="domain">
##	Domain allowed access.
## </param>
#
interface(`ldap_read_config',`
	gen_require(`
		type slapd_etc_t;
		class file { getattr read };
	')

	files_search_etc($1)
	allow $1 slapd_etc_t:file { getattr read };
')