60 lines
1.1 KiB
Plaintext
60 lines
1.1 KiB
Plaintext
## <summary>OpenLDAP directory server</summary>
|
|
|
|
########################################
|
|
## <summary>
|
|
## Read the contents of the OpenLDAP
|
|
## database directories.
|
|
## </summary>
|
|
## <param name="domain">
|
|
## <summary>
|
|
## Domain allowed access.
|
|
## </summary>
|
|
## </param>
|
|
#
|
|
interface(`ldap_list_db',`
|
|
gen_require(`
|
|
type slapd_db_t;
|
|
')
|
|
|
|
allow $1 slapd_db_t:dir r_dir_perms;
|
|
')
|
|
|
|
########################################
|
|
## <summary>
|
|
## Read the OpenLDAP configuration files.
|
|
## </summary>
|
|
## <param name="domain">
|
|
## <summary>
|
|
## Domain allowed access.
|
|
## </summary>
|
|
## </param>
|
|
#
|
|
interface(`ldap_read_config',`
|
|
gen_require(`
|
|
type slapd_etc_t;
|
|
')
|
|
|
|
files_search_etc($1)
|
|
allow $1 slapd_etc_t:file { getattr read };
|
|
')
|
|
|
|
########################################
|
|
## <summary>
|
|
## Use LDAP over TCP connection.
|
|
## </summary>
|
|
## <param name="domain">
|
|
## <summary>
|
|
## Domain allowed access.
|
|
## </summary>
|
|
## </param>
|
|
#
|
|
interface(`ldap_use',`
|
|
gen_require(`
|
|
type slapd_t;
|
|
')
|
|
|
|
allow $1 slapd_t:tcp_socket { connectto recvfrom };
|
|
allow slapd_t $1:tcp_socket { acceptfrom recvfrom };
|
|
kernel_tcp_recvfrom($1)
|
|
')
|