summaryrefslogtreecommitdiff
diff options
context:
space:
mode:
-rw-r--r--conf/templates/slapd.access.template8
-rw-r--r--conf/templates/slapd.conf.template26
2 files changed, 18 insertions, 16 deletions
diff --git a/conf/templates/slapd.access.template b/conf/templates/slapd.access.template
new file mode 100644
index 0000000..8079dd7
--- /dev/null
+++ b/conf/templates/slapd.access.template
@@ -0,0 +1,8 @@
+## Copyright (c) 2005 Klaraelvdalens Datakonsult AB
+## Written by Steffen Hansen <steffen@klaralvdalens-datakonsult.se>
+##
+## This program is Free Software under the GNU General Public License (>=v2).
+## Read the file COPYING that comes with this packages for details.
+
+# Domain ACL statements for inclusion in slapd.conf
+
diff --git a/conf/templates/slapd.conf.template b/conf/templates/slapd.conf.template
index c335c44..95c79a7 100644
--- a/conf/templates/slapd.conf.template
+++ b/conf/templates/slapd.conf.template
@@ -67,21 +67,14 @@ index givenName approx,sub,pres,eq
index kolabHomeServer pres,eq
index member pres,eq
-## Domain test
-#access to filter=(&(objectClass=kolabInetOrgPerson)(mail=*@<DOMAIN>)(|(!(alias=*))(alias=*@<DOMAIN>)))
-# by group/kolabGroupOfNames="cn=<DOMAINS>,cn=domains,cn=internal,@@@base_dn@@@" write
-# by * continue
-
-#access to dn="cn=domains,cn=internal,@@@base_dn@@@"
-# by group/kolabGroupOfNames="cn=admin,cn=internal,@@@base_dn@@@" write
-# by group/kolabGroupOfNames="cn=maintainer,cn=internal,@@@base_dn@@@" write
-# by dn="cn=nobody,cn=internal,@@@base_dn@@@" read
-# by group/kolabGroupOfNames="cn=<DOMAINS>,cn=domains,@@@base_dn@@@" read
-# by * search stop
-
-#access to dn.subtree="cn=Monitor"
-# by group/kolabGroupOfNames="cn=admin,cn=internal,@@@base_dn@@@" write
-# by * none stop
+include @l_prefix@/etc/openldap/slapd.access
+
+access to dn="@@@base_dn@@@" attrs=children
+ by group/kolabGroupOfNames="cn=domain-maintainer,cn=internal,@@@base_dn@@@" write
+
+access to dn.subtree="cn=Monitor"
+ by group/kolabGroupOfNames="cn=admin,cn=internal,@@@base_dn@@@" write
+ by * none stop
access to attr=userPassword
by group/kolabGroupOfNames="cn=admin,cn=internal,@@@base_dn@@@" =wx
@@ -164,8 +157,9 @@ access to dn="cn=internal,@@@base_dn@@@"
access to dn="k=kolab,@@@base_dn@@@"
by group/kolabGroupOfNames="cn=admin,cn=internal,@@@base_dn@@@" write
by group/kolabGroupOfNames="cn=maintainer,cn=internal,@@@base_dn@@@" read
+ by group/kolabGroupOfNames="cn=domain-maintainer,cn=internal,@@@base_dn@@@" read
by dn="cn=nobody,cn=internal,@@@base_dn@@@" read
- by * none stop
+ by * none stop
access to *
by self write