Fix ACL rule for keyring maintainers

author Peter Palfrader <peter@palfrader.org>

Wed, 11 Aug 2010 09:12:36 +0000 (11:12 +0200)

committer Peter Palfrader <peter@palfrader.org>

Wed, 11 Aug 2010 09:12:36 +0000 (11:12 +0200)
author Peter Palfrader <peter@palfrader.org>
Wed, 11 Aug 2010 09:12:36 +0000 (11:12 +0200)
committer Peter Palfrader <peter@palfrader.org>
Wed, 11 Aug 2010 09:12:36 +0000 (11:12 +0200)
diff --git a/debian/changelog b/debian/changelog

index b9d0cef..a608a32 100644 (file)
--- a/debian/changelog
+++ b/debian/changelog
@@ -11,8 +11,10 @@ userdir-ldap (0.3.7x) xnstable; urgency=low
        get the account list (now a list of Account classes instead of
        ldap result array of tuples of hashes) passed to them like well-behaved
        functions.
+  * userdir-ldap-slapd.conf: Fix ACL rule for keyring maintainers
+    (we want group=..., not dn=...).
  
- -- Peter Palfrader <weasel@debian.org>  Mon, 02 Aug 2010 23:35:55 +0000
+ -- Peter Palfrader <weasel@debian.org>  Wed, 11 Aug 2010 11:11:53 +0200
  
  userdir-ldap (0.3.77) unstable; urgency=low
  
diff --git a/userdir-ldap-slapd.conf.in b/userdir-ldap-slapd.conf.in

index 4e4c92a..7b306c3 100644 (file)
--- a/userdir-ldap-slapd.conf.in
+++ b/userdir-ldap-slapd.conf.in
@@ -33,7 +33,7 @@ access to *
  # allow keyring maint to write to the keyFingerPrint attribute
  # (make an exception for adm for security reasons)
  access to filter="(!(supplementaryGid=adm))" attrs=keyFingerPrint
-       by dn="cn=Keyring Maintainers,ou=users,@@DN@@" write
+       by group="cn=Keyring Maintainers,ou=users,@@DN@@" write
         by * break
  
  # allow users write access to an explicit subset of their fields
author	Peter Palfrader <peter@palfrader.org>
	Wed, 11 Aug 2010 09:12:36 +0000 (11:12 +0200)
committer	Peter Palfrader <peter@palfrader.org>
	Wed, 11 Aug 2010 09:12:36 +0000 (11:12 +0200)
debian/changelog		patch \| blob \| history
userdir-ldap-slapd.conf.in		patch \| blob \| history