Début de formalisation des règles d'accès

2014-11-10 12:01:19 +01:00 · 2014-11-10 12:01:19 +01:00 · 8b5e367823
parent 45c4cc66d4
commit 8b5e367823
1 changed files with 35 additions and 0 deletions
--- a/lot1/access
+++ b/lot1/access
@ -0,0 +1,35 @@
+# Accès super-utilisateur
+to *
+  by dn.regex="gidNumber=0+uidNumber=0,cn=peercred,cn=external,cn=auth" manage
+  by group.exact="cn=admin,ou=groups,$SUFFIX" manage
+  by * break
+
+# Branche people
+to dn.regex="uid=[^,]+,ou=people,$SUFFIX" attrs=supannAliasLogin,supannListeRouge,eduPersoNickname,supannMailPerso,userPassword,labeledURI
+  by self write break
+  by * break
+
+# Les accès aux autres attributs utilisateurs
+to dn.one="ou=people,$SUFFIX"
+  by users read
+  by anonymous auth
+  by * none
+
+# Branche groups
+to dn.one="ou=groups,$SUFFIX"
+  by set="this/owner & user" manage
+  by * break
+
+to dn.one="ou=groups,$SUFFIX" attrs=cn,description,owner,supannRefId
+  by users read
+  by * break
+
+to dn.one="ou=groups,$SUFFIX" attrs=member
+  by set="this/supannGroupeAdminDN/member* & user" write
+  by set="this/supannGroupeAdminDN & user" write
+  by set="this/supannGroupeLecteurDN/member* & user" read
+  by set="this/supannGroupeLecteurDN & user" read
+
+# Les accès à la branche des structures
+to dn.one="ou=structures,$SUFFIX"
+  by * read