ldap/schema/acl-data.ldif

dn: olcDatabase={1}mdb,cn=config
changetype: modify
replace: olcAccess
olcAccess: to *
  by dn.exact=gidNumber=0+uidNumber=0,cn=peercred,cn=external,cn=auth manage
  by dn.regex="cn=.+,ou=Robots,c=.+" read
  by * break
olcAccess: to attrs=userPassword,sambaNTPassword,sambaLMPassword
  by self write
  by anonymous auth
  by group/groupOfNames/member.exact="cn=admin,ou=groups,c=au" write
olcAccess: to dn.regex="^c=.+$"
  by group/groupOfNames/member.exact="cn=admin,ou=groups,c=au" write
  by * read
olcAccess: to dn.regex="c=.+$"
  by group/groupOfNames/member.exact="cn=admin,ou=groups,c=au" write
  by * break
olcAccess: to dn.regex="^o=.+,c=.+$"
  by group/groupOfNames/member.exact="cn=admin,ou=groups,c=au" write
  by * read
olcAccess: to dn.regex="o=.+,c=.+$" attrs=wsAccountContact
  by group/groupOfNames/member.exact="cn=admin,ou=groups,c=au" write
  by self write
  by dnattr=wsAccountOwner read
  by anonymous auth
  by * read
olcAccess: to dn.regex="ou=(People|Customers|Applications|BBS),o=(.+),c=(.+)$" attrs=mail,uid,cn,givenName,sn
  by self write
  by group/groupOfNames/member.exact="cn=admin internal,ou=groups,c=au" write
  by group/groupOfNames/member.expand="cn=People,ou=Admin,o=$1,c=$2" write
  by * search
olcAccess: to dn.regex="ou=(People|Customers|Applications|BBS),o=(.+),c=(.+)$" attrs=mailRoutingAddress,mailHost,entry,entryuuid
  by self write
  by group/groupOfNames/member.exact="cn=admin internal,ou=groups,c=au" write
  by group/groupOfNames/member.expand="cn=People,ou=Admin,o=$1,c=$2" write
  by * read
olcAccess: to dn.regex="ou=(People|Customers),o=(.+),c=(.+)$" attrs=shadowLastChange
  by self write
  by group/groupOfNames/member.exact="cn=admin internal,ou=groups,c=au" write
  by group/groupOfNames/member.expand="cn=People,ou=Admin,o=$1,c=$2" write
olcAccess: to dn.regex="ou=People,o=(.+),c=(.+)$"
  by self write
  by group/groupOfNames/member.exact="cn=admin internal,ou=groups,c=au" write
  by group/groupOfNames/member.expand="cn=People,ou=Admin,o=$1,c=$2" write
  by * read
olcAccess: to dn.regex="ou=(Applications|Customers|BBS|Groups),o=(.+),c=(.+)$"
  by self write
  by group/groupOfNames/member.exact="cn=admin internal,ou=groups,c=au" write
  by group/groupOfNames/member.expand="cn=People,ou=Admin,o=$1,c=$2" write
  by dnattr=wsAccountOwner read
  by dnattr=uniqueMember read
  by * search
olcAccess: to dn.regex="ou=(DNS|Hosts|Network),o=(.+),c=(.+)$"
  by group/groupOfNames/member.exact="cn=admin internal,ou=groups,c=au" write
  by group/groupOfNames/member.expand="cn=Management,ou=Admin,o=$1,c=$2" read
  by dnattr=wsAccountOwner read
  by * search
olcAccess: to dn.regex="ou=.+,o=(.+),c=(.+)$" attrs=uniqueMember,member
  by self write
  by group/groupOfNames/member.exact="cn=admin internal,ou=groups,c=au" write
  by group/groupOfNames/member.expand="cn=People,ou=Admin,o=$1,c=$2" write
  by dnattr=uniqueMember read
  by dnattr=wsAccountOwner read
olcAccess: to *
  by * search
-
replace: olcAddContentAcl
olcAddContentAcl: FALSE
-
replace: olcLastMod
olcLastMod: TRUE
-
replace: olcMaxDerefDepth
olcMaxDerefDepth: 0
-
replace: olcReadOnly
olcReadOnly: FALSE
-
replace: olcMonitoring
olcMonitoring: FALSE
Update ACLs 2023-03-31 23:56:40 +00:00			`dn: olcDatabase={1}mdb,cn=config`
			`changetype: modify`
			`replace: olcAccess`
More syncprov configuration, and enable SASL EXTERNAL auth 2023-05-17 13:07:11 +00:00			`olcAccess: to *`
			`by dn.exact=gidNumber=0+uidNumber=0,cn=peercred,cn=external,cn=auth manage`
Updated ACLs 2023-05-20 03:48:21 +00:00			`by dn.regex="cn=.+,ou=Robots,c=.+" read`
More syncprov configuration, and enable SASL EXTERNAL auth 2023-05-17 13:07:11 +00:00			`by * break`
Updated ACLs 2023-05-20 03:48:21 +00:00			`olcAccess: to attrs=userPassword,sambaNTPassword,sambaLMPassword`
Update ACLs 2023-03-31 23:56:40 +00:00			`by self write`
			`by anonymous auth`
			`by group/groupOfNames/member.exact="cn=admin,ou=groups,c=au" write`
Updated ACLs 2023-05-20 03:48:21 +00:00			`olcAccess: to dn.regex="^c=.+$"`
Update ACLs 2023-03-31 23:56:40 +00:00			`by group/groupOfNames/member.exact="cn=admin,ou=groups,c=au" write`
			`by * read`
Updated ACLs 2023-05-20 03:48:21 +00:00			`olcAccess: to dn.regex="c=.+$"`
			`by group/groupOfNames/member.exact="cn=admin,ou=groups,c=au" write`
			`by * break`
			`olcAccess: to dn.regex="^o=.+,c=.+$"`
			`by group/groupOfNames/member.exact="cn=admin,ou=groups,c=au" write`
Update ACLs 2023-03-31 23:56:40 +00:00			`by * read`
Updated ACLs 2023-05-20 03:48:21 +00:00			`olcAccess: to dn.regex="o=.+,c=.+$" attrs=wsAccountContact`
Update ACLs 2023-03-31 23:56:40 +00:00			`by group/groupOfNames/member.exact="cn=admin,ou=groups,c=au" write`
Updated ACLs 2023-05-20 03:48:21 +00:00			`by self write`
			`by dnattr=wsAccountOwner read`
			`by anonymous auth`
Update ACLs 2023-03-31 23:56:40 +00:00			`by * read`
Updated ACLs 2023-05-20 03:48:21 +00:00			`olcAccess: to dn.regex="ou=(People\|Customers\|Applications\|BBS),o=(.+),c=(.+)$" attrs=mail,uid,cn,givenName,sn`
Update ACLs 2023-03-31 23:56:40 +00:00			`by self write`
			`by group/groupOfNames/member.exact="cn=admin internal,ou=groups,c=au" write`
			`by group/groupOfNames/member.expand="cn=People,ou=Admin,o=$1,c=$2" write`
			`by * search`
Updated ACLs 2023-05-20 03:48:21 +00:00			`olcAccess: to dn.regex="ou=(People\|Customers\|Applications\|BBS),o=(.+),c=(.+)$" attrs=mailRoutingAddress,mailHost,entry,entryuuid`
Update ACLs 2023-03-31 23:56:40 +00:00			`by self write`
			`by group/groupOfNames/member.exact="cn=admin internal,ou=groups,c=au" write`
			`by group/groupOfNames/member.expand="cn=People,ou=Admin,o=$1,c=$2" write`
Updated ACLs 2023-05-20 03:48:21 +00:00			`by * read`
			`olcAccess: to dn.regex="ou=(People\|Customers),o=(.+),c=(.+)$" attrs=shadowLastChange`
Update ACLs 2023-03-31 23:56:40 +00:00			`by self write`
			`by group/groupOfNames/member.exact="cn=admin internal,ou=groups,c=au" write`
			`by group/groupOfNames/member.expand="cn=People,ou=Admin,o=$1,c=$2" write`
Updated ACLs 2023-05-20 03:48:21 +00:00			`olcAccess: to dn.regex="ou=People,o=(.+),c=(.+)$"`
Update ACLs 2023-03-31 23:56:40 +00:00			`by self write`
			`by group/groupOfNames/member.exact="cn=admin internal,ou=groups,c=au" write`
			`by group/groupOfNames/member.expand="cn=People,ou=Admin,o=$1,c=$2" write`
			`by * read`
Updated ACLs 2023-05-20 03:48:21 +00:00			`olcAccess: to dn.regex="ou=(Applications\|Customers\|BBS\|Groups),o=(.+),c=(.+)$"`
Update ACLs 2023-03-31 23:56:40 +00:00			`by self write`
			`by group/groupOfNames/member.exact="cn=admin internal,ou=groups,c=au" write`
			`by group/groupOfNames/member.expand="cn=People,ou=Admin,o=$1,c=$2" write`
Updated ACLs 2023-05-20 03:48:21 +00:00			`by dnattr=wsAccountOwner read`
Update ACLs 2023-03-31 23:56:40 +00:00			`by dnattr=uniqueMember read`
Updated ACLs 2023-05-20 03:48:21 +00:00			`by * search`
			`olcAccess: to dn.regex="ou=(DNS\|Hosts\|Network),o=(.+),c=(.+)$"`
Update ACLs 2023-03-31 23:56:40 +00:00			`by group/groupOfNames/member.exact="cn=admin internal,ou=groups,c=au" write`
			`by group/groupOfNames/member.expand="cn=Management,ou=Admin,o=$1,c=$2" read`
			`by dnattr=wsAccountOwner read`
Updated ACLs 2023-05-20 03:48:21 +00:00			`by * search`
			`olcAccess: to dn.regex="ou=.+,o=(.+),c=(.+)$" attrs=uniqueMember,member`
Update ACLs 2023-03-31 23:56:40 +00:00			`by self write`
			`by group/groupOfNames/member.exact="cn=admin internal,ou=groups,c=au" write`
Updated ACLs 2023-05-20 03:48:21 +00:00			`by group/groupOfNames/member.expand="cn=People,ou=Admin,o=$1,c=$2" write`
Update ACLs 2023-03-31 23:56:40 +00:00			`by dnattr=uniqueMember read`
			`by dnattr=wsAccountOwner read`
			`olcAccess: to *`
			`by * search`
			`-`
			`replace: olcAddContentAcl`
			`olcAddContentAcl: FALSE`
			`-`
			`replace: olcLastMod`
			`olcLastMod: TRUE`
			`-`
			`replace: olcMaxDerefDepth`
			`olcMaxDerefDepth: 0`
			`-`
			`replace: olcReadOnly`
			`olcReadOnly: FALSE`
			`-`
			`replace: olcMonitoring`
			`olcMonitoring: FALSE`