/[adm]/puppet/modules/openldap/templates/mandriva-dit-access.conf
ViewVC logotype

Diff of /puppet/modules/openldap/templates/mandriva-dit-access.conf

Parent Directory Parent Directory | Revision Log Revision Log | View Patch Patch

revision 133 by buchan, Thu Nov 4 12:06:15 2010 UTC revision 134 by buchan, Fri Nov 5 12:19:23 2010 UTC
# Line 85  access to dn.regex="^cn=[^,]+,ou=(System Line 85  access to dn.regex="^cn=[^,]+,ou=(System
85          by dnattr=owner write          by dnattr=owner write
86          by * break          by * break
87    
88    # registration - allow registrar group to create basic unprivileged accounts
89    access to dn.subtree="ou=People,dc=mageia,dc=org"
90            attrs="objectClass"
91            val="inetOrgperson"
92            by group/groupOfNames/member.exact="cn=registrars,ou=system groups,dc=mageia,dc=org" =a
93            by * +0 break
94    
95    access to dn.subtree="ou=People,dc=mageia,dc=org"
96            filter="(!(objectclass=posixAccount))"
97            attrs=cn,sn,gn,mail,entry,children
98            by group/groupOfNames/member.exact="cn=registrars,ou=system groups,dc=mageia,dc=org" =a
99            by * +0 break
100    
101  # let the user change some of his/her attributes  # let the user change some of his/her attributes
102  access to dn.subtree="ou=People,dc=mageia,dc=org"  access to dn.subtree="ou=People,dc=mageia,dc=org"
103          attrs=carLicense,homePhone,homePostalAddress,mobile,pager,telephoneNumber,mail,preferredLanguage          attrs=carLicense,homePhone,homePostalAddress,mobile,pager,telephoneNumber,mail,preferredLanguage
104          by self write          by self write
105          by * break          by * +0 break
106    
107  # create new accounts  # create new accounts
108  access to dn.regex="^([^,]+,)?ou=(People|Group|Hosts),dc=mageia,dc=org$"  access to dn.regex="^([^,]+,)?ou=(People|Group|Hosts),dc=mageia,dc=org$"
# Line 146  access to dn.sub="ou=dns,dc=mageia,dc=or Line 159  access to dn.sub="ou=dns,dc=mageia,dc=or
159          by group.exact="cn=DNS Readers,ou=System Groups,dc=mageia,dc=org" read          by group.exact="cn=DNS Readers,ou=System Groups,dc=mageia,dc=org" read
160          by * none          by * none
161    
 # registration - allow registrar group to create basic unprivileged accounts  
 access to dn.subtree="ou=People,dc=mageia,dc=org"  
         attrs="objectClass"  
         val="inetOrgperson"  
         by group/groupOfNames/member.exact="cn=registrars,ou=system groups,dc=mageia,dc=org" write by * +0 break  
   
 access to dn.subtree="ou=People,dc=mageia,dc=org"  
         attrs="cn,sn,gn,mail,entry,children"  
         by group/groupOfNames/member.exact="cn=registrars,ou=system groups,dc=mageia,dc=org" +a break  
         by * +0 break  
162    
163  # MTA  # MTA
164  # XXX - what else can we add here? Virtual Domains? With which schema?  # XXX - what else can we add here? Virtual Domains? With which schema?
Legend:
Removed from v.133  
changed lines
  Added in v.134
  ViewVC Help
Powered by ViewVC 1.1.30