# Enable full access to admin user: (version 3.0; acl "%s"; allow (all, export, import, proxy) (userdn = "ldap:///cn=admin"); )
# Not working! Deny anonymous access: (target="ldap:///o=isp")(targetattr = "aci")(version 3.0; acl "%s"; deny (all) (authmethod="none")
# Replication Manage goes around the ACI
-Deny access to aci for all: (target="ldap:///o=isp")(targetattr = "aci")(version 3.0; acl "%s"; deny (all) (userdn ="ldap:///anyone");)
-Deny self removal: (target="ldap:///o=isp")(targetattr = "*")(version 3.0; acl "%s"; deny (delete) (userdn ="ldap:///self");)
-Grand User own Data read Access: (target="ldap:///o=isp")(targetattr = "*") (version 3.0; acl "%s"; allow (read,search)(userdn="ldap:///self"); )
-Enable self write for common attributes: (target="ldap:///o=isp")(targetattr="carLicense || description || displayName || facsimileTelephoneNumber || homePhone || homePostalAddress || initials || jpegPhoto || labeledURI || mail || mobile || pager
-|| photo || postOfficeBox || postalAddress || postalCode || preferredDeliveryMethod || preferredLanguage || registeredAddress || roomNumber || secretary || seeAlso || st || street || telephoneNumber || telexNumber || title || userCertificate || userPassword || userSMIMECertificate || x500UniqueIdentifier")(version 3.0; acl "%s"; allow (write) (userdn="ldap:///self");)
-Directory Administrators Group: (target="ldap:///o=isp")(targetattr ="*")(version 3.0;acl "%s";allow (all) (groupdn = "ldap:///cn=Directory Administrators,o=isp");)
-Enable read for readonly user: (target="ldap:///o=isp")(targetattr = "*")(version 3.0; acl "%s"; allow (read, search, compare)(userdn="ldap:///uid=readonly,ou=People,o=isp"); )
+Deny access to aci for all: (target="ldap:///o=isp")(targetattr = "aci")(version 3.0; acl "%s"; deny (all) (userdn ="ldap:///anyone");)
+Deny self removal: (target="ldap:///o=isp")(targetattr = "*")(version 3.0; acl "%s"; deny (delete) (userdn ="ldap:///self");)
+Grand User own Data read Access: (target="ldap:///o=isp")(targetattr = "*") (version 3.0; acl "%s"; allow (read,search)(userdn="ldap:///self"); )
+Enable self write for common attributes: (target="ldap:///o=isp")(targetattr="carLicense || description || displayName || facsimileTelephoneNumber || homePhone || homePostalAddress || initials || jpegPhoto || labeledURI || mail || mobile || pager || photo || postOfficeBox || postalAddress || postalCode || preferredDeliveryMethod || preferredLanguage || registeredAddress || roomNumber || secretary || seeAlso || st || street || telephoneNumber || telexNumber || title || userCertificate || userPassword || userSMIMECertificate || x500UniqueIdentifier")(version 3.0; acl "%s"; allow (write) (userdn="ldap:///self");)
+Directory Administrators Group: (target="ldap:///o=isp")(targetattr ="*")(version 3.0;acl "%s";allow (all) (groupdn = "ldap:///cn=Directory Administrators,o=isp");)
+Enable read for readonly user: (target="ldap:///o=isp")(targetattr = "*")(version 3.0; acl "%s"; allow (read, search, compare)(userdn="ldap:///uid=readonly,ou=People,o=isp"); )
Enable read for mail-service user: (target="ldap:///o=isp")(targetattr = "*")(version 3.0; acl "%s"; allow (read, search, compare)(userdn="ldap:///uid=mail-service,ou=Services,o=Pixelpark,o=isp"); )
# CRM Geraffel:
PxP IntraNet WebServer Authentification: (target = "ldap:///o=Pixelpark,o=isp") (targetattr = "mail || ppApplicationRight || uid || gidNumber || uniqueMember || givenName || ppCostCenter || employeeNumber || sn || ou || objectClass || o || cn") (version 3.0;acl "%s";allow (read,compare,search,selfwrite)(userdn = "ldap:///uid=wwwadm, ou=WWWServer, ou=Applications, o=Pixelpark,o=isp");)
projects / pixelpark / ldap-migration.git / commitdiff