[Mageia-sysadm] [141] Give registrar group read access to some attributes again, and reduce users access
root at mageia.org
root at mageia.org
Fri Nov 5 13:41:39 CET 2010
Revision: 141
Author: buchan
Date: 2010-11-05 13:41:38 +0100 (Fri, 05 Nov 2010)
Log Message:
-----------
Give registrar group read access to some attributes again, and reduce users access
added in previous commit
Modified Paths:
--------------
puppet/modules/openldap/templates/mandriva-dit-access.conf
Modified: puppet/modules/openldap/templates/mandriva-dit-access.conf
===================================================================
--- puppet/modules/openldap/templates/mandriva-dit-access.conf 2010-11-05 12:38:44 UTC (rev 140)
+++ puppet/modules/openldap/templates/mandriva-dit-access.conf 2010-11-05 12:41:38 UTC (rev 141)
@@ -95,14 +95,14 @@
access to dn.subtree="ou=People,dc=mageia,dc=org"
filter="(!(objectclass=posixAccount))"
attrs=cn,sn,gn,mail,entry,children,preferredLanguage
- by group/groupOfNames/member.exact="cn=registrars,ou=system groups,dc=mageia,dc=org" =asx
+ by group/groupOfNames/member.exact="cn=registrars,ou=system groups,dc=mageia,dc=org" =asrx
by * +0 break
# let the user change some of his/her attributes
access to dn.subtree="ou=People,dc=mageia,dc=org"
attrs=carLicense,homePhone,homePostalAddress,mobile,pager,telephoneNumber,mail,preferredLanguage
by self write
- by users read
+ by users +sx
# create new accounts
access to dn.regex="^([^,]+,)?ou=(People|Group|Hosts),dc=mageia,dc=org$"
-------------- next part --------------
An HTML attachment was scrubbed...
URL: </pipermail/mageia-sysadm/attachments/20101105/10b27670/attachment-0001.html>
More information about the Mageia-sysadm
mailing list