114 lines
5.1 KiB
Plaintext
114 lines
5.1 KiB
Plaintext
|
dn: olcDatabase={1}mdb,cn=config
|
||
|
|
changetype: modify
|
||
|
|
replace: olcAccess
|
||
|
|
olcAccess: to attrs=userPassword
|
||
|
|
by self write
|
||
|
|
by anonymous auth
|
||
|
|
by group/groupOfNames/member.exact="cn=admin,ou=groups,c=au" write
|
||
|
|
olcAccess: to dn.base="c=au"
|
||
|
|
by group/groupOfNames/member.exact="cn=admin,ou=groups,c=au" write
|
||
|
|
by * read
|
||
|
|
olcAccess: to dn.regex="o=(.*),c=(.*)$" attrs=wsAccountContact
|
||
|
|
by dnattr=wsAccountOwner read
|
||
|
|
by self write
|
||
|
|
by anonymous auth
|
||
|
|
by dnattr=wsAccountOwner read
|
||
|
|
by * read
|
||
|
|
olcAccess: to dn.regex="^o=(.*),c=(.*)$"
|
||
|
|
by group/groupOfNames/member.exact="cn=admin,ou=groups,c=au" write
|
||
|
|
by group/groupOfNames/member.exact="cn=admin internal,ou=groups,c=au" read
|
||
|
|
by group/groupOfNames/member.expand="cn=People,ou=Admin,o=$1,c=$2" read
|
||
|
|
by dn.regex="cn=.*,ou=People,o=$1,c=$2" read
|
||
|
|
by dn.regex="cn=.*,ou=Robots,c=AU" read
|
||
|
|
by * read
|
||
|
|
olcAccess: to dn.regex="ou=(People|Customers),o=(.*),c=(.*)$" attrs=mail,uid
|
||
|
|
by self write
|
||
|
|
by group/groupOfNames/member.exact="cn=admin,ou=groups,c=au" write
|
||
|
|
by group/groupOfNames/member.exact="cn=admin internal,ou=groups,c=au" write
|
||
|
|
by group/groupOfNames/member.expand="cn=People,ou=Admin,o=$1,c=$2" write
|
||
|
|
by dn.regex="cn=.*,ou=Robots,c=AU" read
|
||
|
|
by * search
|
||
|
|
olcAccess: to dn.regex="ou=(People|Customers),o=(.*),c=(.*)$" attrs=shadowLastChange
|
||
|
|
by self write
|
||
|
|
by group/groupOfNames/member.exact="cn=admin,ou=groups,c=au" write
|
||
|
|
by group/groupOfNames/member.exact="cn=admin internal,ou=groups,c=au" write
|
||
|
|
by group/groupOfNames/member.expand="cn=People,ou=Admin,o=$1,c=$2" write
|
||
|
|
by dn.regex="cn=.*,ou=Robots,c=AU" read
|
||
|
|
olcAccess: to dn.regex="ou=(People|Customers|Applications),o=(.*),c=(. *)$" attrs=mail,uid,mailRoutingAddress,mailHost,entry
|
||
|
|
by self write
|
||
|
|
by group/groupOfNames/member.exact="cn=admin,ou=groups,c=au" write
|
||
|
|
by group/groupOfNames/member.exact="cn=admin internal,ou=groups,c=au" write
|
||
|
|
by group/groupOfNames/member.expand="cn=People,ou=Admin,o=$1,c=$2" write
|
||
|
|
by * read
|
||
|
|
olcAccess: to dn.regex="ou=People,o=(.*),c=(.*)$"
|
||
|
|
by self write
|
||
|
|
by group/groupOfNames/member.exact="cn=admin,ou=groups,c=au" write
|
||
|
|
by group/groupOfNames/member.exact="cn=admin internal,ou=groups,c=au" write
|
||
|
|
by group/groupOfNames/member.expand="cn=People,ou=Admin,o=$1,c=$2" write
|
||
|
|
by dn.regex="cn=.*,ou=People,o=$1,c=$2" read
|
||
|
|
by dn.regex="cn=.*,ou=Robots,c=AU" read
|
||
|
|
by * read
|
||
|
|
olcAccess: to dn.regex="ou=(Customers|Groups),o=(.*),c=(.*)$"
|
||
|
|
by self write
|
||
|
|
by group/groupOfNames/member.exact="cn=admin,ou=groups,c=au" write
|
||
|
|
by group/groupOfNames/member.exact="cn=admin internal,ou=groups,c=au" write
|
||
|
|
by group/groupOfNames/member.expand="cn=People,ou=Admin,o=$1,c=$2" write
|
||
|
|
by dn.regex="cn=.*,ou=Robots,c=AU" read
|
||
|
|
olcAccess: to dn.regex="ou=Applications,o=(.*),c=(.*)$"
|
||
|
|
by group/groupOfNames/member.exact="cn=admin,ou=groups,c=au" write
|
||
|
|
by group/groupOfNames/member.exact="cn=admin internal,ou=groups,c=au" write
|
||
|
|
by group/groupOfNames/member.expand="cn=People,ou=Admin,o=$1,c=$2" read
|
||
|
|
by dnattr=uniqueMember read
|
||
|
|
by dn.regex="cn=.*,ou=Robots,c=AU" read
|
||
|
|
olcAccess: to dn.regex="ou=DNS,o=(.*),c=(.*)$"
|
||
|
|
by group/groupOfNames/member.exact="cn=admin,ou=groups,c=au" write
|
||
|
|
by group/groupOfNames/member.exact="cn=admin internal,ou=groups,c=au" write
|
||
|
|
by group/groupOfNames/member.expand="cn=Management,ou=Admin,o=$1,c=$2" read
|
||
|
|
by dn.regex="cn=.*,ou=Robots,c=AU" read
|
||
|
|
olcAccess: to dn.regex="ou=DSL,o=(.*),c=(.*)$"
|
||
|
|
by group/groupOfNames/member.exact="cn=admin,ou=groups,c=au" write
|
||
|
|
by group/groupOfNames/member.exact="cn=admin internal,ou=groups,c=au" write
|
||
|
|
by group/groupOfNames/member.expand="cn=Management,ou=Admin,o=$1,c=$2" read
|
||
|
|
by dnattr=wsAccountOwner read
|
||
|
|
by dn.regex="cn=.*,ou=Robots,c=AU" read
|
||
|
|
olcAccess: to dn.regex="ou=Hosts,o=(.*),c=(.*)$"
|
||
|
|
by group/groupOfNames/member.exact="cn=admin,ou=groups,c=au" write
|
||
|
|
by group/groupOfNames/member.exact="cn=admin internal,ou=groups,c=au" write
|
||
|
|
by group/groupOfNames/member.expand="cn=People,ou=Admin,o=$1,c=$2" read
|
||
|
|
by dn.regex="cn=.*,ou=Robots,c=AU" read
|
||
|
|
olcAccess: to dn.regex="ou=Network,o=(.*),c=(.*)$"
|
||
|
|
by group/groupOfNames/member.exact="cn=admin,ou=groups,c=au" write
|
||
|
|
by group/groupOfNames/member.exact="cn=admin internal,ou=groups,c=au" write
|
||
|
|
by group/groupOfNames/member.expand="cn=Management,ou=Admin,o=$1,c=$2" read
|
||
|
|
by dn.regex="cn=.*,ou=Robots,c=AU" read
|
||
|
|
olcAccess: to dn.regex="ou=(.*),o=(.*),c=(.*)$" attrs=uniqueMember,member
|
||
|
|
by self write
|
||
|
|
by group/groupOfNames/member.exact="cn=admin,ou=groups,c=au" write
|
||
|
|
by group/groupOfNames/member.exact="cn=admin internal,ou=groups,c=au" write
|
||
|
|
by group/groupOfNames/member.expand="cn=People,ou=Admin,o=$2,c=$3" write
|
||
|
|
by dnattr=uniqueMember read
|
||
|
|
by dn.regex="cn=.*,ou=Robots,c=AU" read
|
||
|
|
olcAccess: to dn.regex="ou=(.*),o=(.*),c=(.*)$"
|
||
|
|
by self write
|
||
|
|
by group/groupOfNames/member.exact="cn=admin,ou=groups,c=au" write
|
||
|
|
by dn.regex="cn=.*,ou=Robots,c=AU" read
|
||
|
|
by dnattr=wsAccountOwner read
|
||
|
|
olcAccess: to *
|
||
|
|
by group/groupOfNames/member.exact="cn=admin,ou=groups,c=au" write
|
||
|
|
by * search
|
||
|
|
-
|
||
|
|
replace: olcAddContentAcl
|
||
|
|
olcAddContentAcl: FALSE
|
||
|
|
-
|
||
|
|
replace: olcLastMod
|
||
|
|
olcLastMod: TRUE
|
||
|
|
-
|
||
|
|
replace: olcMaxDerefDepth
|
||
|
|
olcMaxDerefDepth: 0
|
||
|
|
-
|
||
|
|
replace: olcReadOnly
|
||
|
|
olcReadOnly: FALSE
|
||
|
|
-
|
||
|
|
replace: olcMonitoring
|
||
|
|
olcMonitoring: FALSE
|