[Mageia-sysadm] [141] Give registrar group read access to some attributes again, and reduce users access

root at mageia.org root at mageia.org
Fri Nov 5 13:41:39 CET 2010


Revision: 141
Author:   buchan
Date:     2010-11-05 13:41:38 +0100 (Fri, 05 Nov 2010)
Log Message:
-----------
Give registrar group read access to some attributes again, and reduce users access
 added in previous commit

Modified Paths:
--------------
    puppet/modules/openldap/templates/mandriva-dit-access.conf

Modified: puppet/modules/openldap/templates/mandriva-dit-access.conf
===================================================================
--- puppet/modules/openldap/templates/mandriva-dit-access.conf	2010-11-05 12:38:44 UTC (rev 140)
+++ puppet/modules/openldap/templates/mandriva-dit-access.conf	2010-11-05 12:41:38 UTC (rev 141)
@@ -95,14 +95,14 @@
 access to dn.subtree="ou=People,dc=mageia,dc=org" 
 	filter="(!(objectclass=posixAccount))"
 	attrs=cn,sn,gn,mail,entry,children,preferredLanguage
-	by group/groupOfNames/member.exact="cn=registrars,ou=system groups,dc=mageia,dc=org" =asx
+	by group/groupOfNames/member.exact="cn=registrars,ou=system groups,dc=mageia,dc=org" =asrx
 	by * +0 break
 
 # let the user change some of his/her attributes
 access to dn.subtree="ou=People,dc=mageia,dc=org"
 	attrs=carLicense,homePhone,homePostalAddress,mobile,pager,telephoneNumber,mail,preferredLanguage
 	by self write
-	by users read
+	by users +sx
 
 # create new accounts
 access to dn.regex="^([^,]+,)?ou=(People|Group|Hosts),dc=mageia,dc=org$"
-------------- next part --------------
An HTML attachment was scrubbed...
URL: </pipermail/mageia-sysadm/attachments/20101105/10b27670/attachment-0001.html>


More information about the Mageia-sysadm mailing list