SlapdObject include olcAccess rules

mdavidsaver · mdavidsaver · commit f9ffbe668524 · 2022-03-08T14:16:22.000-08:00
diff --git a/Lib/slapdtest/_slapdtest.py b/Lib/slapdtest/_slapdtest.py
@@ -36,6 +36,12 @@
 olcTLSCertificateKeyFile: %(serverkey)s
 olcTLSVerifyClient: try
 
+# "frontend" config applies to all databases
+dn: olcDatabase={-1}frontend,cn=config
+objectClass: olcDatabaseConfig
+objectClass: olcFrontendConfig
+%(access)s
+
 dn: cn=module,cn=config
 objectClass: olcModuleList
 cn: module
@@ -182,7 +188,7 @@ class SlapdObject:
 
     .. versionchanged:: UNRELEASED
 
-        Added ldaps_uri attribute
+        Added ldaps_uri and access attributes
     """
     slapd_conf_template = SLAPD_CONF_TEMPLATE
     database = 'mdb'
@@ -247,6 +253,11 @@ def __init__(self):
         self.clientcert = os.path.join(HERE, 'certs/client.pem')
         self.clientkey = os.path.join(HERE, 'certs/client.key')
 
+        self.access = [
+            'to attrs=userPassword by self write by anonymous auth by * none',
+            'to * by * read',
+        ]
+
     @property
     def root_dn(self):
         return 'cn={self.root_cn},{self.suffix}'.format(self=self)
@@ -340,6 +351,15 @@ def _avail_tcp_port(self):
         """
         return self._avail_tcp_ports(1)
 
+    def gen_access(self):
+        """generate a list of 'olcAccess' lines from the self.access list.
+        """
+
+        ret = []
+        for i,line in enumerate(self.access):
+            ret.append('olcAccess: {%d}%s'%(i, line))
+        return ret
+
     def gen_config(self):
         """
         generates a slapd.conf and returns it as one string
@@ -360,6 +380,7 @@ def gen_config(self):
             'cafile': self.cafile,
             'servercert': self.servercert,
             'serverkey': self.serverkey,
+            'access': '', # '\n'.join(self.gen_access()),
         }
         return self.slapd_conf_template % config_dict
 
