Ajoute une commande pour réinitialiser les ACLs d'une base
This commit is contained in:
parent
b760512dc3
commit
1818499ec7
|
@ -131,8 +131,8 @@ olcAccess: {5}to dn.one="ou=groups,$SUFFIX" attrs=member
|
|||
# Branche structures
|
||||
olcAccess: {6}to dn.one="ou=structures,$SUFFIX"
|
||||
by * read
|
||||
# Autorissation de recherche par tous les utilisateurs sur toute la base
|
||||
olcAccess: {6}to * by users search
|
||||
# Autorisation de recherche par tous les utilisateurs sur toute la base
|
||||
olcAccess: {7}to * by users search
|
||||
|
||||
# Create accesslog DIT
|
||||
add olcDatabase={1}mdb,cn=config
|
||||
|
|
|
@ -0,0 +1,34 @@
|
|||
#!/bin/sh
|
||||
set -e
|
||||
|
||||
if [ "x$1" = "x" ]; then
|
||||
echo Suffix de la base à réinitialiser ?
|
||||
echo -ne "> "
|
||||
read SUFFIX
|
||||
else
|
||||
SUFFIX="$1"
|
||||
fi
|
||||
|
||||
DN=`ldapsearch -H ldapi:// -Y EXTERNAL -b cn=config "olcSuffix=$SUFFIX" "" 2>/dev/null | grep ^dn | head -n1`
|
||||
|
||||
if [ "x$DN" != "" ]; then
|
||||
LDIF=`tempfile`
|
||||
cat <<EOF >$LDIF
|
||||
$DN
|
||||
changetype: modify
|
||||
replace: olcAccess
|
||||
olcAccess: {0}to * by dn.exact="gidNumber=0+uidNumber=0,cn=peercred,cn=external,cn=auth" manage by group.exact="cn=admin,ou=groups,$SUFFIX" manage by * break
|
||||
olcAccess: {1}to dn.regex="uid=[^,]+,ou=people,$SUFFIX" attrs=supannAliasLogin,supannListeRouge,eduPersonNickname,supannMailPerso,userPassword,labeledURI by self write by * break
|
||||
olcAccess: {2}to dn.one="ou=groups,$SUFFIX" by set="this/owner & user" manage by * break
|
||||
olcAccess: {3}to dn.one="ou=groups,$SUFFIX" attrs=entry,cn,description,owner,supannRefId by users read by * break
|
||||
olcAccess: {4}to dn.one="ou=groups,$SUFFIX" attrs=member by set="this/supannGroupeAdminDN/member* & user" write by set="this/supannGroupeAdminDN & user" write by set="this/supannGroupeLecteurDN/member* & user" read by set="this/supannGroupeLecteurDN & user" read by dnattr=member search
|
||||
olcAccess: {5}to dn.one="ou=structures,$SUFFIX" by * read
|
||||
olcAccess: {6}to dn.one="ou=people,$SUFFIX" by self read by users read by anonymous auth by * none
|
||||
olcAccess: {7}to * by users search
|
||||
EOF
|
||||
ldapmodify -H ldapi:// -Y EXTERNAL -f $LDIF 2>/dev/null >/dev/null
|
||||
rm $LDIF
|
||||
echo "Réinitialisation de la base $DN pour le suffixe $SUFFIX effectuée."
|
||||
else
|
||||
echo "ERREUR: Le suffixe $SUFFIX n'a pas été trouvé"
|
||||
fi
|
|
@ -0,0 +1 @@
|
|||
Réinitialise les ACLs d'une base existante
|
Reference in New Issue