From: Peter Palfrader <peter@palfrader.org>
Date: Wed, 11 Aug 2010 09:12:36 +0000 (+0200)
Subject: Fix ACL rule for keyring maintainers
X-Git-Tag: userdir-ldap-0.3.78~3
X-Git-Url: https://git.adam-barratt.org.uk/?p=mirror%2Fuserdir-ldap.git;a=commitdiff_plain;h=3bf2893deb176ea0bedca88e45680866a5342a79

Fix ACL rule for keyring maintainers
---

diff --git a/debian/changelog b/debian/changelog
index b9d0cef..a608a32 100644
--- a/debian/changelog
+++ b/debian/changelog
@@ -11,8 +11,10 @@ userdir-ldap (0.3.7x) xnstable; urgency=low
       get the account list (now a list of Account classes instead of
       ldap result array of tuples of hashes) passed to them like well-behaved
       functions.
+  * userdir-ldap-slapd.conf: Fix ACL rule for keyring maintainers
+    (we want group=..., not dn=...).
 
- -- Peter Palfrader <weasel@debian.org>  Mon, 02 Aug 2010 23:35:55 +0000
+ -- Peter Palfrader <weasel@debian.org>  Wed, 11 Aug 2010 11:11:53 +0200
 
 userdir-ldap (0.3.77) unstable; urgency=low
 
diff --git a/userdir-ldap-slapd.conf.in b/userdir-ldap-slapd.conf.in
index 4e4c92a..7b306c3 100644
--- a/userdir-ldap-slapd.conf.in
+++ b/userdir-ldap-slapd.conf.in
@@ -33,7 +33,7 @@ access to *
 # allow keyring maint to write to the keyFingerPrint attribute
 # (make an exception for adm for security reasons)
 access to filter="(!(supplementaryGid=adm))" attrs=keyFingerPrint
-	by dn="cn=Keyring Maintainers,ou=users,@@DN@@" write
+	by group="cn=Keyring Maintainers,ou=users,@@DN@@" write
 	by * break
 
 # allow users write access to an explicit subset of their fields