summaryrefslogtreecommitdiff
path: root/conf/templates/slapd.conf.template
diff options
context:
space:
mode:
Diffstat (limited to 'conf/templates/slapd.conf.template')
-rw-r--r--conf/templates/slapd.conf.template26
1 files changed, 10 insertions, 16 deletions
diff --git a/conf/templates/slapd.conf.template b/conf/templates/slapd.conf.template
index c335c44..95c79a7 100644
--- a/conf/templates/slapd.conf.template
+++ b/conf/templates/slapd.conf.template
@@ -67,21 +67,14 @@ index givenName approx,sub,pres,eq
index kolabHomeServer pres,eq
index member pres,eq
-## Domain test
-#access to filter=(&(objectClass=kolabInetOrgPerson)(mail=*@<DOMAIN>)(|(!(alias=*))(alias=*@<DOMAIN>)))
-# by group/kolabGroupOfNames="cn=<DOMAINS>,cn=domains,cn=internal,@@@base_dn@@@" write
-# by * continue
-
-#access to dn="cn=domains,cn=internal,@@@base_dn@@@"
-# by group/kolabGroupOfNames="cn=admin,cn=internal,@@@base_dn@@@" write
-# by group/kolabGroupOfNames="cn=maintainer,cn=internal,@@@base_dn@@@" write
-# by dn="cn=nobody,cn=internal,@@@base_dn@@@" read
-# by group/kolabGroupOfNames="cn=<DOMAINS>,cn=domains,@@@base_dn@@@" read
-# by * search stop
-
-#access to dn.subtree="cn=Monitor"
-# by group/kolabGroupOfNames="cn=admin,cn=internal,@@@base_dn@@@" write
-# by * none stop
+include @l_prefix@/etc/openldap/slapd.access
+
+access to dn="@@@base_dn@@@" attrs=children
+ by group/kolabGroupOfNames="cn=domain-maintainer,cn=internal,@@@base_dn@@@" write
+
+access to dn.subtree="cn=Monitor"
+ by group/kolabGroupOfNames="cn=admin,cn=internal,@@@base_dn@@@" write
+ by * none stop
access to attr=userPassword
by group/kolabGroupOfNames="cn=admin,cn=internal,@@@base_dn@@@" =wx
@@ -164,8 +157,9 @@ access to dn="cn=internal,@@@base_dn@@@"
access to dn="k=kolab,@@@base_dn@@@"
by group/kolabGroupOfNames="cn=admin,cn=internal,@@@base_dn@@@" write
by group/kolabGroupOfNames="cn=maintainer,cn=internal,@@@base_dn@@@" read
+ by group/kolabGroupOfNames="cn=domain-maintainer,cn=internal,@@@base_dn@@@" read
by dn="cn=nobody,cn=internal,@@@base_dn@@@" read
- by * none stop
+ by * none stop
access to *
by self write