33 |
attrs=shadowLastChange |
attrs=shadowLastChange |
34 |
by self write |
by self write |
35 |
by group.exact="cn=Account Admins,ou=System Groups,dc=mageia,dc=org" write |
by group.exact="cn=Account Admins,ou=System Groups,dc=mageia,dc=org" write |
36 |
by * read |
by users read |
37 |
access to dn.subtree="dc=mageia,dc=org" |
access to dn.subtree="dc=mageia,dc=org" |
38 |
attrs=userPassword |
attrs=userPassword |
39 |
by group.exact="cn=Account Admins,ou=System Groups,dc=mageia,dc=org" write |
by group.exact="cn=Account Admins,ou=System Groups,dc=mageia,dc=org" write |
53 |
# password policies |
# password policies |
54 |
access to dn.subtree="ou=Password Policies,dc=mageia,dc=org" |
access to dn.subtree="ou=Password Policies,dc=mageia,dc=org" |
55 |
by group.exact="cn=Account Admins,ou=System Groups,dc=mageia,dc=org" write |
by group.exact="cn=Account Admins,ou=System Groups,dc=mageia,dc=org" write |
56 |
by * read |
by users read |
57 |
|
|
58 |
# samba password attributes |
# samba password attributes |
59 |
# by self not strictly necessary, because samba uses its own admin user to |
# by self not strictly necessary, because samba uses its own admin user to |
77 |
access to dn.subtree="dc=mageia,dc=org" |
access to dn.subtree="dc=mageia,dc=org" |
78 |
attrs=pwdReset,pwdAccountLockedTime |
attrs=pwdReset,pwdAccountLockedTime |
79 |
by group.exact="cn=Account Admins,ou=System Groups,dc=mageia,dc=org" write |
by group.exact="cn=Account Admins,ou=System Groups,dc=mageia,dc=org" write |
80 |
by * read |
by self read |
81 |
|
|
82 |
# group owner can add/remove/edit members to groups |
# group owner can add/remove/edit members to groups |
83 |
access to dn.regex="^cn=[^,]+,ou=(System Groups|Group),dc=mageia,dc=org$" |
access to dn.regex="^cn=[^,]+,ou=(System Groups|Group),dc=mageia,dc=org$" |
84 |
attrs=member |
attrs=member |
85 |
by dnattr=owner write |
by dnattr=owner write |
86 |
|
by group.exact="cn=Account Admins,ou=System Groups,dc=mageia,dc=org" write |
87 |
by users +sx |
by users +sx |
88 |
|
|
89 |
access to dn.regex="^cn=[^,]+,ou=(System Groups|Group),dc=mageia,dc=org$" |
access to dn.regex="^cn=[^,]+,ou=(System Groups|Group),dc=mageia,dc=org$" |
90 |
attrs=cn,description,objectClass,gidNumber |
attrs=cn,description,objectClass,gidNumber |
91 |
|
by group.exact="cn=Account Admins,ou=System Groups,dc=mageia,dc=org" write |
92 |
by users read |
by users read |
93 |
|
|
94 |
# registration - allow registrar group to create basic unprivileged accounts |
# registration - allow registrar group to create basic unprivileged accounts |
108 |
access to dn.subtree="ou=People,dc=mageia,dc=org" |
access to dn.subtree="ou=People,dc=mageia,dc=org" |
109 |
attrs=carLicense,homePhone,homePostalAddress,mobile,pager,telephoneNumber,mail,preferredLanguage |
attrs=carLicense,homePhone,homePostalAddress,mobile,pager,telephoneNumber,mail,preferredLanguage |
110 |
by self write |
by self write |
111 |
by users +sx |
by users read |
112 |
|
|
113 |
# create new accounts |
# create new accounts |
114 |
access to dn.regex="^([^,]+,)?ou=(People|Group|Hosts),dc=mageia,dc=org$" |
access to dn.regex="^([^,]+,)?ou=(People|Group|Hosts),dc=mageia,dc=org$" |
124 |
access to dn.regex="^(sambaDomainName=[^,]+,)?dc=mageia,dc=org$" |
access to dn.regex="^(sambaDomainName=[^,]+,)?dc=mageia,dc=org$" |
125 |
attrs=children,entry,@sambaDomain,@sambaUnixIdPool |
attrs=children,entry,@sambaDomain,@sambaUnixIdPool |
126 |
by group.exact="cn=Account Admins,ou=System Groups,dc=mageia,dc=org" write |
by group.exact="cn=Account Admins,ou=System Groups,dc=mageia,dc=org" write |
127 |
by * read |
by users read |
128 |
|
|
129 |
# samba ID mapping |
# samba ID mapping |
130 |
access to dn.regex="^(sambaSID=[^,]+,)?ou=Idmap,dc=mageia,dc=org$" |
access to dn.regex="^(sambaSID=[^,]+,)?ou=Idmap,dc=mageia,dc=org$" |
131 |
attrs=children,entry,@sambaIdmapEntry |
attrs=children,entry,@sambaIdmapEntry |
132 |
by group.exact="cn=Account Admins,ou=System Groups,dc=mageia,dc=org" write |
by group.exact="cn=Account Admins,ou=System Groups,dc=mageia,dc=org" write |
133 |
by group.exact="cn=IDMAP Admins,ou=System Groups,dc=mageia,dc=org" write |
by group.exact="cn=IDMAP Admins,ou=System Groups,dc=mageia,dc=org" write |
134 |
by * read |
by users read |
135 |
|
|
136 |
# global address book |
# global address book |
137 |
# XXX - which class(es) to use? |
# XXX - which class(es) to use? |
138 |
access to dn.regex="^(.*,)?ou=Address Book,dc=mageia,dc=org" |
access to dn.regex="^(.*,)?ou=Address Book,dc=mageia,dc=org" |
139 |
attrs=children,entry,@inetOrgPerson,@evolutionPerson,@evolutionPersonList |
attrs=children,entry,@inetOrgPerson,@evolutionPerson,@evolutionPersonList |
140 |
by group.exact="cn=Address Book Admins,ou=System Groups,dc=mageia,dc=org" write |
by group.exact="cn=Address Book Admins,ou=System Groups,dc=mageia,dc=org" write |
141 |
by * read |
by users read |
142 |
|
|
143 |
# dhcp entries |
# dhcp entries |
144 |
# XXX - open up read access to anybody? |
# XXX - open up read access to anybody? |
152 |
access to dn.regex="^([^,]+,)?ou=sudoers,dc=mageia,dc=org$" |
access to dn.regex="^([^,]+,)?ou=sudoers,dc=mageia,dc=org$" |
153 |
attrs=children,entry,@sudoRole |
attrs=children,entry,@sudoRole |
154 |
by group.exact="cn=Sudo Admins,ou=System Groups,dc=mageia,dc=org" write |
by group.exact="cn=Sudo Admins,ou=System Groups,dc=mageia,dc=org" write |
155 |
by * read |
by users read |
156 |
|
|
157 |
# dns |
# dns |
158 |
access to dn="ou=dns,dc=mageia,dc=org" |
access to dn="ou=dns,dc=mageia,dc=org" |
159 |
attrs=entry,@extensibleObject |
attrs=entry,@extensibleObject |
160 |
by group.exact="cn=DNS Admins,ou=System Groups,dc=mageia,dc=org" write |
by group.exact="cn=DNS Admins,ou=System Groups,dc=mageia,dc=org" write |
161 |
by * read |
by users read |
162 |
access to dn.sub="ou=dns,dc=mageia,dc=org" |
access to dn.sub="ou=dns,dc=mageia,dc=org" |
163 |
attrs=children,entry,@dNSZone |
attrs=children,entry,@dNSZone |
164 |
by group.exact="cn=DNS Admins,ou=System Groups,dc=mageia,dc=org" write |
by group.exact="cn=DNS Admins,ou=System Groups,dc=mageia,dc=org" write |
171 |
access to dn.one="ou=People,dc=mageia,dc=org" |
access to dn.one="ou=People,dc=mageia,dc=org" |
172 |
attrs=@inetLocalMailRecipient,mail |
attrs=@inetLocalMailRecipient,mail |
173 |
by group.exact="cn=MTA Admins,ou=System Groups,dc=mageia,dc=org" write |
by group.exact="cn=MTA Admins,ou=System Groups,dc=mageia,dc=org" write |
174 |
by * read |
by users read |
175 |
|
|
176 |
# KDE Configuration |
# KDE Configuration |
177 |
access to dn.sub="ou=KDEConfig,dc=mageia,dc=org" |
access to dn.sub="ou=KDEConfig,dc=mageia,dc=org" |
180 |
|
|
181 |
# last one |
# last one |
182 |
access to dn.subtree="dc=mageia,dc=org" attrs=entry,uid,cn |
access to dn.subtree="dc=mageia,dc=org" attrs=entry,uid,cn |
183 |
by * read |
by users read |
184 |
|
|