projects
/
mirror
/
userdir-ldap.git
/ commitdiff
commit
grep
author
committer
pickaxe
?
search:
re
summary
|
shortlog
|
log
|
commit
| commitdiff |
tree
raw
|
patch
|
inline
| side by side (parent:
2774f01
)
commenta update
author
Peter Palfrader
<peter@palfrader.org>
Tue, 1 Jun 2010 15:10:05 +0000
(17:10 +0200)
committer
Peter Palfrader
<peter@palfrader.org>
Tue, 1 Jun 2010 15:10:05 +0000
(17:10 +0200)
userdir-ldap-slapd.conf.in
patch
|
blob
|
history
diff --git
a/userdir-ldap-slapd.conf.in
b/userdir-ldap-slapd.conf.in
index
2e9041d
..
9b576e7
100644
(file)
--- a/
userdir-ldap-slapd.conf.in
+++ b/
userdir-ldap-slapd.conf.in
@@
-18,6
+18,12
@@
sizelimit 10000
# Save the time that the entry gets modified
lastmod on
# Save the time that the entry gets modified
lastmod on
+
+##
+## prefix some rules that only apply to certain clients
+## and grant them more privileges
+##
+
# LDAP admins have full access, so has sshdist
access to *
by group="cn=LDAP Administrator,ou=users,@@DN@@" write
# LDAP admins have full access, so has sshdist
access to *
by group="cn=LDAP Administrator,ou=users,@@DN@@" write
@@
-29,12
+35,15
@@
access to attrs=c,l,loginShell,ircNick,labeledURI,icqUIN,jabberJID,onVacation,bi
by self write
by * break
by self write
by * break
+
+##
+## All ACLs from here on result in a decision. no fall through to later.
+##
+
# allow authn/z by anyone
access to attrs=userPassword,sudoPassword,bATVToken
by * compare
# allow authn/z by anyone
access to attrs=userPassword,sudoPassword,bATVToken
by * compare
-
-
# readable only by self
access to attrs=sshrsaauthkey
by self read
# readable only by self
access to attrs=sshrsaauthkey
by self read
@@
-54,6
+63,6
@@
access to attrs=facsimileTelephoneNumber,telephoneNumber,postalAddress,postalCod
by * none
by * none
-# globally readable
+#
rest is
globally readable
access to *
by * read
access to *
by * read