From 3bf2893deb176ea0bedca88e45680866a5342a79 Mon Sep 17 00:00:00 2001
From: Peter Palfrader <peter@palfrader.org>
Date: Wed, 11 Aug 2010 11:12:36 +0200
Subject: [PATCH] Fix ACL rule for keyring maintainers

---
 debian/changelog           | 4 +++-
 userdir-ldap-slapd.conf.in | 2 +-
 2 files changed, 4 insertions(+), 2 deletions(-)

diff --git a/debian/changelog b/debian/changelog
index b9d0cef..a608a32 100644
--- a/debian/changelog
+++ b/debian/changelog
@@ -11,8 +11,10 @@ userdir-ldap (0.3.7x) xnstable; urgency=low
       get the account list (now a list of Account classes instead of
       ldap result array of tuples of hashes) passed to them like well-behaved
       functions.
+  * userdir-ldap-slapd.conf: Fix ACL rule for keyring maintainers
+    (we want group=..., not dn=...).
 
- -- Peter Palfrader <weasel@debian.org>  Mon, 02 Aug 2010 23:35:55 +0000
+ -- Peter Palfrader <weasel@debian.org>  Wed, 11 Aug 2010 11:11:53 +0200
 
 userdir-ldap (0.3.77) unstable; urgency=low
 
diff --git a/userdir-ldap-slapd.conf.in b/userdir-ldap-slapd.conf.in
index 4e4c92a..7b306c3 100644
--- a/userdir-ldap-slapd.conf.in
+++ b/userdir-ldap-slapd.conf.in
@@ -33,7 +33,7 @@ access to *
 # allow keyring maint to write to the keyFingerPrint attribute
 # (make an exception for adm for security reasons)
 access to filter="(!(supplementaryGid=adm))" attrs=keyFingerPrint
-	by dn="cn=Keyring Maintainers,ou=users,@@DN@@" write
+	by group="cn=Keyring Maintainers,ou=users,@@DN@@" write
 	by * break
 
 # allow users write access to an explicit subset of their fields
-- 
2.20.1