Updated ACLs
This commit is contained in:
Deon George
parent
50029a4c28
commit
82178067ab
@ -3,101 +3,65 @@ changetype: modify
|
|||||||
replace: olcAccess
|
replace: olcAccess
|
||||||
olcAccess: to *
|
olcAccess: to *
|
||||||
by dn.exact=gidNumber=0+uidNumber=0,cn=peercred,cn=external,cn=auth manage
|
by dn.exact=gidNumber=0+uidNumber=0,cn=peercred,cn=external,cn=auth manage
|
||||||
|
by dn.regex="cn=.+,ou=Robots,c=.+" read
|
||||||
by * break
|
by * break
|
||||||
olcAccess: to attrs=userPassword
|
olcAccess: to attrs=userPassword,sambaNTPassword,sambaLMPassword
|
||||||
by self write
|
by self write
|
||||||
by anonymous auth
|
by anonymous auth
|
||||||
by group/groupOfNames/member.exact="cn=admin,ou=groups,c=au" write
|
by group/groupOfNames/member.exact="cn=admin,ou=groups,c=au" write
|
||||||
olcAccess: to dn.base="c=au"
|
olcAccess: to dn.regex="^c=.+$"
|
||||||
by group/groupOfNames/member.exact="cn=admin,ou=groups,c=au" write
|
by group/groupOfNames/member.exact="cn=admin,ou=groups,c=au" write
|
||||||
by * read
|
by * read
|
||||||
olcAccess: to dn.regex="o=(.*),c=(.*)$" attrs=wsAccountContact
|
olcAccess: to dn.regex="c=.+$"
|
||||||
by dnattr=wsAccountOwner read
|
by group/groupOfNames/member.exact="cn=admin,ou=groups,c=au" write
|
||||||
|
by * break
|
||||||
|
olcAccess: to dn.regex="^o=.+,c=.+$"
|
||||||
|
by group/groupOfNames/member.exact="cn=admin,ou=groups,c=au" write
|
||||||
|
by * read
|
||||||
|
olcAccess: to dn.regex="o=.+,c=.+$" attrs=wsAccountContact
|
||||||
|
by group/groupOfNames/member.exact="cn=admin,ou=groups,c=au" write
|
||||||
by self write
|
by self write
|
||||||
|
by dnattr=wsAccountOwner read
|
||||||
by anonymous auth
|
by anonymous auth
|
||||||
by dnattr=wsAccountOwner read
|
|
||||||
by * read
|
by * read
|
||||||
olcAccess: to dn.regex="^o=(.*),c=(.*)$"
|
olcAccess: to dn.regex="ou=(People|Customers|Applications|BBS),o=(.+),c=(.+)$" attrs=mail,uid,cn,givenName,sn
|
||||||
by group/groupOfNames/member.exact="cn=admin,ou=groups,c=au" write
|
|
||||||
by group/groupOfNames/member.exact="cn=admin internal,ou=groups,c=au" read
|
|
||||||
by group/groupOfNames/member.expand="cn=People,ou=Admin,o=$1,c=$2" read
|
|
||||||
by dn.regex="cn=.*,ou=People,o=$1,c=$2" read
|
|
||||||
by dn.regex="cn=.*,ou=Robots,c=AU" read
|
|
||||||
by * read
|
|
||||||
olcAccess: to dn.regex="ou=(People|Customers),o=(.*),c=(.*)$" attrs=mail,uid
|
|
||||||
by self write
|
by self write
|
||||||
by group/groupOfNames/member.exact="cn=admin,ou=groups,c=au" write
|
|
||||||
by group/groupOfNames/member.exact="cn=admin internal,ou=groups,c=au" write
|
by group/groupOfNames/member.exact="cn=admin internal,ou=groups,c=au" write
|
||||||
by group/groupOfNames/member.expand="cn=People,ou=Admin,o=$1,c=$2" write
|
by group/groupOfNames/member.expand="cn=People,ou=Admin,o=$1,c=$2" write
|
||||||
by dn.regex="cn=.*,ou=Robots,c=AU" read
|
|
||||||
by * search
|
by * search
|
||||||
olcAccess: to dn.regex="ou=(People|Customers),o=(.*),c=(.*)$" attrs=shadowLastChange
|
olcAccess: to dn.regex="ou=(People|Customers|Applications|BBS),o=(.+),c=(.+)$" attrs=mailRoutingAddress,mailHost,entry,entryuuid
|
||||||
by self write
|
by self write
|
||||||
by group/groupOfNames/member.exact="cn=admin,ou=groups,c=au" write
|
|
||||||
by group/groupOfNames/member.exact="cn=admin internal,ou=groups,c=au" write
|
|
||||||
by group/groupOfNames/member.expand="cn=People,ou=Admin,o=$1,c=$2" write
|
|
||||||
by dn.regex="cn=.*,ou=Robots,c=AU" read
|
|
||||||
olcAccess: to dn.regex="ou=(People|Customers|Applications),o=(.*),c=(. *)$" attrs=mail,uid,mailRoutingAddress,mailHost,entry
|
|
||||||
by self write
|
|
||||||
by group/groupOfNames/member.exact="cn=admin,ou=groups,c=au" write
|
|
||||||
by group/groupOfNames/member.exact="cn=admin internal,ou=groups,c=au" write
|
by group/groupOfNames/member.exact="cn=admin internal,ou=groups,c=au" write
|
||||||
by group/groupOfNames/member.expand="cn=People,ou=Admin,o=$1,c=$2" write
|
by group/groupOfNames/member.expand="cn=People,ou=Admin,o=$1,c=$2" write
|
||||||
by * read
|
by * read
|
||||||
olcAccess: to dn.regex="ou=People,o=(.*),c=(.*)$"
|
olcAccess: to dn.regex="ou=(People|Customers),o=(.+),c=(.+)$" attrs=shadowLastChange
|
||||||
|
by self write
|
||||||
|
by group/groupOfNames/member.exact="cn=admin internal,ou=groups,c=au" write
|
||||||
|
by group/groupOfNames/member.expand="cn=People,ou=Admin,o=$1,c=$2" write
|
||||||
|
olcAccess: to dn.regex="ou=People,o=(.+),c=(.+)$"
|
||||||
by self write
|
by self write
|
||||||
by group/groupOfNames/member.exact="cn=admin,ou=groups,c=au" write
|
|
||||||
by group/groupOfNames/member.exact="cn=admin internal,ou=groups,c=au" write
|
by group/groupOfNames/member.exact="cn=admin internal,ou=groups,c=au" write
|
||||||
by group/groupOfNames/member.expand="cn=People,ou=Admin,o=$1,c=$2" write
|
by group/groupOfNames/member.expand="cn=People,ou=Admin,o=$1,c=$2" write
|
||||||
by dn.regex="cn=.*,ou=People,o=$1,c=$2" read
|
|
||||||
by dn.regex="cn=.*,ou=Robots,c=AU" read
|
|
||||||
by * read
|
by * read
|
||||||
olcAccess: to dn.regex="ou=(Customers|Groups),o=(.*),c=(.*)$"
|
olcAccess: to dn.regex="ou=(Applications|Customers|BBS|Groups),o=(.+),c=(.+)$"
|
||||||
by self write
|
by self write
|
||||||
by group/groupOfNames/member.exact="cn=admin,ou=groups,c=au" write
|
|
||||||
by group/groupOfNames/member.exact="cn=admin internal,ou=groups,c=au" write
|
by group/groupOfNames/member.exact="cn=admin internal,ou=groups,c=au" write
|
||||||
by group/groupOfNames/member.expand="cn=People,ou=Admin,o=$1,c=$2" write
|
by group/groupOfNames/member.expand="cn=People,ou=Admin,o=$1,c=$2" write
|
||||||
by dn.regex="cn=.*,ou=Robots,c=AU" read
|
by dnattr=wsAccountOwner read
|
||||||
olcAccess: to dn.regex="ou=Applications,o=(.*),c=(.*)$"
|
|
||||||
by group/groupOfNames/member.exact="cn=admin,ou=groups,c=au" write
|
|
||||||
by group/groupOfNames/member.exact="cn=admin internal,ou=groups,c=au" write
|
|
||||||
by group/groupOfNames/member.expand="cn=People,ou=Admin,o=$1,c=$2" read
|
|
||||||
by dnattr=uniqueMember read
|
by dnattr=uniqueMember read
|
||||||
by dn.regex="cn=.*,ou=Robots,c=AU" read
|
by * search
|
||||||
olcAccess: to dn.regex="ou=DNS,o=(.*),c=(.*)$"
|
olcAccess: to dn.regex="ou=(DNS|Hosts|Network),o=(.+),c=(.+)$"
|
||||||
by group/groupOfNames/member.exact="cn=admin,ou=groups,c=au" write
|
|
||||||
by group/groupOfNames/member.exact="cn=admin internal,ou=groups,c=au" write
|
|
||||||
by group/groupOfNames/member.expand="cn=Management,ou=Admin,o=$1,c=$2" read
|
|
||||||
by dn.regex="cn=.*,ou=Robots,c=AU" read
|
|
||||||
olcAccess: to dn.regex="ou=DSL,o=(.*),c=(.*)$"
|
|
||||||
by group/groupOfNames/member.exact="cn=admin,ou=groups,c=au" write
|
|
||||||
by group/groupOfNames/member.exact="cn=admin internal,ou=groups,c=au" write
|
by group/groupOfNames/member.exact="cn=admin internal,ou=groups,c=au" write
|
||||||
by group/groupOfNames/member.expand="cn=Management,ou=Admin,o=$1,c=$2" read
|
by group/groupOfNames/member.expand="cn=Management,ou=Admin,o=$1,c=$2" read
|
||||||
by dnattr=wsAccountOwner read
|
by dnattr=wsAccountOwner read
|
||||||
by dn.regex="cn=.*,ou=Robots,c=AU" read
|
by * search
|
||||||
olcAccess: to dn.regex="ou=Hosts,o=(.*),c=(.*)$"
|
olcAccess: to dn.regex="ou=.+,o=(.+),c=(.+)$" attrs=uniqueMember,member
|
||||||
by group/groupOfNames/member.exact="cn=admin,ou=groups,c=au" write
|
|
||||||
by group/groupOfNames/member.exact="cn=admin internal,ou=groups,c=au" write
|
|
||||||
by group/groupOfNames/member.expand="cn=People,ou=Admin,o=$1,c=$2" read
|
|
||||||
by dn.regex="cn=.*,ou=Robots,c=AU" read
|
|
||||||
olcAccess: to dn.regex="ou=Network,o=(.*),c=(.*)$"
|
|
||||||
by group/groupOfNames/member.exact="cn=admin,ou=groups,c=au" write
|
|
||||||
by group/groupOfNames/member.exact="cn=admin internal,ou=groups,c=au" write
|
|
||||||
by group/groupOfNames/member.expand="cn=Management,ou=Admin,o=$1,c=$2" read
|
|
||||||
by dn.regex="cn=.*,ou=Robots,c=AU" read
|
|
||||||
olcAccess: to dn.regex="ou=(.*),o=(.*),c=(.*)$" attrs=uniqueMember,member
|
|
||||||
by self write
|
by self write
|
||||||
by group/groupOfNames/member.exact="cn=admin,ou=groups,c=au" write
|
|
||||||
by group/groupOfNames/member.exact="cn=admin internal,ou=groups,c=au" write
|
by group/groupOfNames/member.exact="cn=admin internal,ou=groups,c=au" write
|
||||||
by group/groupOfNames/member.expand="cn=People,ou=Admin,o=$2,c=$3" write
|
by group/groupOfNames/member.expand="cn=People,ou=Admin,o=$1,c=$2" write
|
||||||
by dnattr=uniqueMember read
|
by dnattr=uniqueMember read
|
||||||
by dn.regex="cn=.*,ou=Robots,c=AU" read
|
|
||||||
olcAccess: to dn.regex="ou=(.*),o=(.*),c=(.*)$"
|
|
||||||
by self write
|
|
||||||
by group/groupOfNames/member.exact="cn=admin,ou=groups,c=au" write
|
|
||||||
by dn.regex="cn=.*,ou=Robots,c=AU" read
|
|
||||||
by dnattr=wsAccountOwner read
|
by dnattr=wsAccountOwner read
|
||||||
olcAccess: to *
|
olcAccess: to *
|
||||||
by group/groupOfNames/member.exact="cn=admin,ou=groups,c=au" write
|
|
||||||
by * search
|
by * search
|
||||||
-
|
-
|
||||||
replace: olcAddContentAcl
|
replace: olcAddContentAcl
|
||||||
|
|||||||
Loading…
Reference in New Issue
Block a user