36 lines
1.0 KiB
Plaintext
36 lines
1.0 KiB
Plaintext
# Accès super-utilisateur
|
|
to *
|
|
by dn.regex="gidNumber=0+uidNumber=0,cn=peercred,cn=external,cn=auth" manage
|
|
by group.exact="cn=admin,ou=groups,$SUFFIX" manage
|
|
by * break
|
|
|
|
# Branche people
|
|
to dn.regex="uid=[^,]+,ou=people,$SUFFIX" attrs=supannAliasLogin,supannListeRouge,eduPersoNickname,supannMailPerso,userPassword,labeledURI
|
|
by self write break
|
|
by * break
|
|
|
|
# Les accès aux autres attributs utilisateurs
|
|
to dn.one="ou=people,$SUFFIX"
|
|
by users read
|
|
by anonymous auth
|
|
by * none
|
|
|
|
# Branche groups
|
|
to dn.one="ou=groups,$SUFFIX"
|
|
by set="this/owner & user" manage
|
|
by * break
|
|
|
|
to dn.one="ou=groups,$SUFFIX" attrs=cn,description,owner,supannRefId
|
|
by users read
|
|
by * break
|
|
|
|
to dn.one="ou=groups,$SUFFIX" attrs=member
|
|
by set="this/supannGroupeAdminDN/member* & user" write
|
|
by set="this/supannGroupeAdminDN & user" write
|
|
by set="this/supannGroupeLecteurDN/member* & user" read
|
|
by set="this/supannGroupeLecteurDN & user" read
|
|
|
|
# Les accès à la branche des structures
|
|
to dn.one="ou=structures,$SUFFIX"
|
|
by * read
|