projects
/
mirror
/
userdir-ldap.git
/ blobdiff
commit
grep
author
committer
pickaxe
?
search:
re
summary
|
shortlog
|
log
|
commit
|
commitdiff
|
tree
raw
|
inline
| side by side
commenta update
[mirror/userdir-ldap.git]
/
userdir-ldap-slapd.conf.in
diff --git
a/userdir-ldap-slapd.conf.in
b/userdir-ldap-slapd.conf.in
index
2e9041d
..
9b576e7
100644
(file)
--- a/
userdir-ldap-slapd.conf.in
+++ b/
userdir-ldap-slapd.conf.in
@@
-18,6
+18,12
@@
sizelimit 10000
# Save the time that the entry gets modified
lastmod on
# Save the time that the entry gets modified
lastmod on
+
+##
+## prefix some rules that only apply to certain clients
+## and grant them more privileges
+##
+
# LDAP admins have full access, so has sshdist
access to *
by group="cn=LDAP Administrator,ou=users,@@DN@@" write
# LDAP admins have full access, so has sshdist
access to *
by group="cn=LDAP Administrator,ou=users,@@DN@@" write
@@
-29,12
+35,15
@@
access to attrs=c,l,loginShell,ircNick,labeledURI,icqUIN,jabberJID,onVacation,bi
by self write
by * break
by self write
by * break
+
+##
+## All ACLs from here on result in a decision. no fall through to later.
+##
+
# allow authn/z by anyone
access to attrs=userPassword,sudoPassword,bATVToken
by * compare
# allow authn/z by anyone
access to attrs=userPassword,sudoPassword,bATVToken
by * compare
-
-
# readable only by self
access to attrs=sshrsaauthkey
by self read
# readable only by self
access to attrs=sshrsaauthkey
by self read
@@
-54,6
+63,6
@@
access to attrs=facsimileTelephoneNumber,telephoneNumber,postalAddress,postalCod
by * none
by * none
-# globally readable
+#
rest is
globally readable
access to *
by * read
access to *
by * read