diff options
| author |   Jeremy Huddleston <eradicator@gentoo.org> | 2005-09-24 22:17:06 +0000 |
|---|---|---|
| committer | Jeremy Huddleston <eradicator@gentoo.org> | 2005-09-24 22:17:06 +0000 |
| commit | 047b7c426c3e95658618fda53efc8b059038a600 (patch) | |
| tree | c671e7ee69b0daca50680dfa20f0c56ffa0285a1 /www-apps/open-xchange | |
| parent | Fixed a potential auth problem since auth will need to read gecos and uid. (diff) | |
| download | gentoo-2-047b7c426c3e95658618fda53efc8b059038a600.tar.gz gentoo-2-047b7c426c3e95658618fda53efc8b059038a600.tar.bz2 gentoo-2-047b7c426c3e95658618fda53efc8b059038a600.zip | |
Fixed basedn in slapd include and added rott write access to all attributes.
(Portage version: 2.0.52-r1)
Diffstat (limited to 'www-apps/open-xchange')
| -rw-r--r-- | www-apps/open-xchange/files/slapd.ox.inc | 25 |
1 files changed, 17 insertions, 8 deletions
diff --git a/www-apps/open-xchange/files/slapd.ox.inc b/www-apps/open-xchange/files/slapd.ox.inc index e24f59d75709..b09c7d440150 100644 --- a/www-apps/open-xchange/files/slapd.ox.inc +++ b/www-apps/open-xchange/files/slapd.ox.inc @@ -1,22 +1,30 @@ -access to dn.base="" by * read -access to dn.base="cn=Subschema" by * read +access to dn.base="" + by dn="uid=root,ou=Users,ou=OxObjects,@basedn@" write + by * read + +access to dn.base="cn=Subschema" + by dn="uid=root,ou=Users,ou=OxObjects,@basedn@" write + by * read # protect the userPassword attribute access to attrs=userPassword,shadowLastChange - by dn="uid=root,ou=Users,ou=OxObjects,dc=gen-ux,dc=com" write + by dn="uid=root,ou=Users,ou=OxObjects,@basedn@" write by anonymous auth by self write by * none # global address book -access to dn.subtree="o=AddressBook,ou=OxObjects,dc=gen-ux,dc=com" - by group.exact="cn=AddressAdmins,o=AddressBook,ou=OxObjects,dc=gen-ux,dc=com" write +access to dn.subtree="o=AddressBook,ou=OxObjects,@basedn@" + by dn="uid=root,ou=Users,ou=OxObjects,@basedn@" write + by group.exact="cn=AddressAdmins,o=AddressBook,ou=OxObjects,@basedn@" write by users read # personal address book -access to dn.regex="^ou=addr,(uid=([^,]+),ou=Users,ou=OxObjects,dc=gen-ux,dc=com)$" attrs=children +access to dn.regex="^ou=addr,(uid=([^,]+),ou=Users,ou=OxObjects,@basedn@)$" attrs=children + by dn="uid=root,ou=Users,ou=OxObjects,@basedn@" write by dn.exact,expand="$1" write -access to dn.regex="^uid=([^,]+),ou=addr,(uid=([^,]+),ou=Users,ou=OxObjects,dc=gen-ux,dc=com)$" attrs=entry +access to dn.regex="^uid=([^,]+),ou=addr,(uid=([^,]+),ou=Users,ou=OxObjects,@basedn@)$" attrs=entry + by dn="uid=root,ou=Users,ou=OxObjects,@basedn@" write by dn.exact,expand="$2" write # default rule allowing users full access to their own entries @@ -28,11 +36,12 @@ access to dn.regex="^uid=([^,]+),ou=addr,(uid=([^,]+),ou=Users,ou=OxObjects,dc=g # This is not secure and thus hasn't been set here. To enable it, add # uid to the following list access to attrs=birthDay,cn,description,facsimileTelephoneNumber,gecos,givenName,homePhone,initials,l,labeledURI,mobile,o,ou,OXAppointmentDays,OXDayViewInterval,OXDayViewEndTime,OXDayViewStartTime,OXTaskDays,OXTimeZone,pager,postalCode,preferredLanguage,sn,st,street,telephoneNumber,title,userCountry + by dn="uid=root,ou=Users,ou=OxObjects,@basedn@" write by self write by * read access to * - by dn="uid=root,ou=Users,ou=OxObjects,dc=gen-ux,dc=com" write + by dn="uid=root,ou=Users,ou=OxObjects,@basedn@" write by * read # This is supposed to give a performance boose, but it just breaks things for |