/[adm]/puppet/modules/openldap/templates/mandriva-dit-access.conf
ViewVC logotype

Diff of /puppet/modules/openldap/templates/mandriva-dit-access.conf

Parent Directory Parent Directory | Revision Log Revision Log | View Patch Patch

revision 211 by buchan, Fri Nov 5 14:27:41 2010 UTC revision 212 by buchan, Tue Nov 9 14:25:10 2010 UTC
# Line 33  access to dn.subtree="dc=mageia,dc=org" Line 33  access to dn.subtree="dc=mageia,dc=org"
33          attrs=shadowLastChange          attrs=shadowLastChange
34          by self write          by self write
35          by group.exact="cn=Account Admins,ou=System Groups,dc=mageia,dc=org" write          by group.exact="cn=Account Admins,ou=System Groups,dc=mageia,dc=org" write
36          by * read          by users read
37  access to dn.subtree="dc=mageia,dc=org"  access to dn.subtree="dc=mageia,dc=org"
38          attrs=userPassword          attrs=userPassword
39          by group.exact="cn=Account Admins,ou=System Groups,dc=mageia,dc=org" write          by group.exact="cn=Account Admins,ou=System Groups,dc=mageia,dc=org" write
# Line 53  access to dn.subtree="dc=mageia,dc=org" Line 53  access to dn.subtree="dc=mageia,dc=org"
53  # password policies  # password policies
54  access to dn.subtree="ou=Password Policies,dc=mageia,dc=org"  access to dn.subtree="ou=Password Policies,dc=mageia,dc=org"
55          by group.exact="cn=Account Admins,ou=System Groups,dc=mageia,dc=org" write          by group.exact="cn=Account Admins,ou=System Groups,dc=mageia,dc=org" write
56          by * read          by users read
57    
58  # samba password attributes  # samba password attributes
59  # by self not strictly necessary, because samba uses its own admin user to  # by self not strictly necessary, because samba uses its own admin user to
# Line 77  access to dn.subtree="dc=mageia,dc=org" Line 77  access to dn.subtree="dc=mageia,dc=org"
77  access to dn.subtree="dc=mageia,dc=org"  access to dn.subtree="dc=mageia,dc=org"
78          attrs=pwdReset,pwdAccountLockedTime          attrs=pwdReset,pwdAccountLockedTime
79          by group.exact="cn=Account Admins,ou=System Groups,dc=mageia,dc=org" write          by group.exact="cn=Account Admins,ou=System Groups,dc=mageia,dc=org" write
80          by * read          by self read
81    
82  # group owner can add/remove/edit members to groups  # group owner can add/remove/edit members to groups
83  access to dn.regex="^cn=[^,]+,ou=(System Groups|Group),dc=mageia,dc=org$"  access to dn.regex="^cn=[^,]+,ou=(System Groups|Group),dc=mageia,dc=org$"
84          attrs=member          attrs=member
85          by dnattr=owner write          by dnattr=owner write
86            by group.exact="cn=Account Admins,ou=System Groups,dc=mageia,dc=org" write
87          by users +sx          by users +sx
88    
89  access to dn.regex="^cn=[^,]+,ou=(System Groups|Group),dc=mageia,dc=org$"  access to dn.regex="^cn=[^,]+,ou=(System Groups|Group),dc=mageia,dc=org$"
90          attrs=cn,description,objectClass,gidNumber          attrs=cn,description,objectClass,gidNumber
91            by group.exact="cn=Account Admins,ou=System Groups,dc=mageia,dc=org" write
92          by users read          by users read
93    
94  # registration - allow registrar group to create basic unprivileged accounts  # registration - allow registrar group to create basic unprivileged accounts
# Line 106  access to dn.subtree="ou=People,dc=magei Line 108  access to dn.subtree="ou=People,dc=magei
108  access to dn.subtree="ou=People,dc=mageia,dc=org"  access to dn.subtree="ou=People,dc=mageia,dc=org"
109          attrs=carLicense,homePhone,homePostalAddress,mobile,pager,telephoneNumber,mail,preferredLanguage          attrs=carLicense,homePhone,homePostalAddress,mobile,pager,telephoneNumber,mail,preferredLanguage
110          by self write          by self write
111          by users +sx          by users read
112    
113  # create new accounts  # create new accounts
114  access to dn.regex="^([^,]+,)?ou=(People|Group|Hosts),dc=mageia,dc=org$"  access to dn.regex="^([^,]+,)?ou=(People|Group|Hosts),dc=mageia,dc=org$"
# Line 122  access to dn.regex="^[^,]+,ou=(People|Ho Line 124  access to dn.regex="^[^,]+,ou=(People|Ho
124  access to dn.regex="^(sambaDomainName=[^,]+,)?dc=mageia,dc=org$"  access to dn.regex="^(sambaDomainName=[^,]+,)?dc=mageia,dc=org$"
125          attrs=children,entry,@sambaDomain,@sambaUnixIdPool          attrs=children,entry,@sambaDomain,@sambaUnixIdPool
126          by group.exact="cn=Account Admins,ou=System Groups,dc=mageia,dc=org" write          by group.exact="cn=Account Admins,ou=System Groups,dc=mageia,dc=org" write
127          by * read          by users read
128    
129  # samba ID mapping  # samba ID mapping
130  access to dn.regex="^(sambaSID=[^,]+,)?ou=Idmap,dc=mageia,dc=org$"  access to dn.regex="^(sambaSID=[^,]+,)?ou=Idmap,dc=mageia,dc=org$"
131          attrs=children,entry,@sambaIdmapEntry          attrs=children,entry,@sambaIdmapEntry
132          by group.exact="cn=Account Admins,ou=System Groups,dc=mageia,dc=org" write          by group.exact="cn=Account Admins,ou=System Groups,dc=mageia,dc=org" write
133          by group.exact="cn=IDMAP Admins,ou=System Groups,dc=mageia,dc=org" write          by group.exact="cn=IDMAP Admins,ou=System Groups,dc=mageia,dc=org" write
134          by * read          by users read
135    
136  # global address book  # global address book
137  # XXX - which class(es) to use?  # XXX - which class(es) to use?
138  access to dn.regex="^(.*,)?ou=Address Book,dc=mageia,dc=org"  access to dn.regex="^(.*,)?ou=Address Book,dc=mageia,dc=org"
139          attrs=children,entry,@inetOrgPerson,@evolutionPerson,@evolutionPersonList          attrs=children,entry,@inetOrgPerson,@evolutionPerson,@evolutionPersonList
140          by group.exact="cn=Address Book Admins,ou=System Groups,dc=mageia,dc=org" write          by group.exact="cn=Address Book Admins,ou=System Groups,dc=mageia,dc=org" write
141          by * read          by users read
142    
143  # dhcp entries  # dhcp entries
144  # XXX - open up read access to anybody?  # XXX - open up read access to anybody?
# Line 150  access to dn.sub="ou=dhcp,dc=mageia,dc=o Line 152  access to dn.sub="ou=dhcp,dc=mageia,dc=o
152  access to dn.regex="^([^,]+,)?ou=sudoers,dc=mageia,dc=org$"  access to dn.regex="^([^,]+,)?ou=sudoers,dc=mageia,dc=org$"
153          attrs=children,entry,@sudoRole          attrs=children,entry,@sudoRole
154          by group.exact="cn=Sudo Admins,ou=System Groups,dc=mageia,dc=org" write          by group.exact="cn=Sudo Admins,ou=System Groups,dc=mageia,dc=org" write
155          by * read          by users read
156    
157  # dns  # dns
158  access to dn="ou=dns,dc=mageia,dc=org"  access to dn="ou=dns,dc=mageia,dc=org"
159          attrs=entry,@extensibleObject          attrs=entry,@extensibleObject
160          by group.exact="cn=DNS Admins,ou=System Groups,dc=mageia,dc=org" write          by group.exact="cn=DNS Admins,ou=System Groups,dc=mageia,dc=org" write
161          by * read          by users read
162  access to dn.sub="ou=dns,dc=mageia,dc=org"  access to dn.sub="ou=dns,dc=mageia,dc=org"
163          attrs=children,entry,@dNSZone          attrs=children,entry,@dNSZone
164          by group.exact="cn=DNS Admins,ou=System Groups,dc=mageia,dc=org" write          by group.exact="cn=DNS Admins,ou=System Groups,dc=mageia,dc=org" write
# Line 169  access to dn.sub="ou=dns,dc=mageia,dc=or Line 171  access to dn.sub="ou=dns,dc=mageia,dc=or
171  access to dn.one="ou=People,dc=mageia,dc=org"  access to dn.one="ou=People,dc=mageia,dc=org"
172          attrs=@inetLocalMailRecipient,mail          attrs=@inetLocalMailRecipient,mail
173          by group.exact="cn=MTA Admins,ou=System Groups,dc=mageia,dc=org" write          by group.exact="cn=MTA Admins,ou=System Groups,dc=mageia,dc=org" write
174          by * read          by users read
175    
176  # KDE Configuration  # KDE Configuration
177  access to dn.sub="ou=KDEConfig,dc=mageia,dc=org"  access to dn.sub="ou=KDEConfig,dc=mageia,dc=org"
# Line 178  access to dn.sub="ou=KDEConfig,dc=mageia Line 180  access to dn.sub="ou=KDEConfig,dc=mageia
180    
181  # last one  # last one
182  access to dn.subtree="dc=mageia,dc=org" attrs=entry,uid,cn  access to dn.subtree="dc=mageia,dc=org" attrs=entry,uid,cn
183          by * read          by users read
184    

Legend:
Removed from v.211  
changed lines
  Added in v.212

  ViewVC Help
Powered by ViewVC 1.1.30