45 lines
1.4 KiB
Plaintext
45 lines
1.4 KiB
Plaintext
dn: olcDatabase={-1}frontend,cn=config
|
|
changetype: modify
|
|
replace: olcAccess
|
|
olcAccess: {0}to *
|
|
by dn.exact="gidNumber=0+uidNumber=0,cn=peercred,cn=external,cn=auth" manage
|
|
by dn.exact="cn=admin,{{ base_dn }}" manage
|
|
by group.exact="cn=admins,ou=privileged-groups,{{ base_dn }}" manage
|
|
by * break
|
|
olcAccess: {1}to dn.exact=""
|
|
by * read
|
|
olcAccess: {2}to dn.base="cn=Subschema"
|
|
by * read
|
|
|
|
dn: olcDatabase={0}config,cn=config
|
|
changetype: modify
|
|
replace: olcAccess
|
|
olcAccess: {0}to *
|
|
by dn.exact="gidNumber=0+uidNumber=0,cn=peercred,cn=external,cn=auth" manage
|
|
by dn.exact="cn=admin,{{ base_dn }}" manage
|
|
by group.exact="cn=admins,ou=privileged-groups,{{ base_dn }}" manage
|
|
by * break
|
|
|
|
dn: olcDatabase={1}mdb,cn=config
|
|
changetype: modify
|
|
replace: olcAccess
|
|
olcAccess: {0}to attrs=userPassword
|
|
by self write
|
|
by anonymous auth
|
|
by dn.exact="gidNumber=0+uidNumber=0,cn=peercred,cn=external,cn=auth" manage
|
|
by dn.exact="{{ admin_dn }}" manage
|
|
by group.exact="cn=admins,ou=privileged-groups,{{ base_dn }}" manage
|
|
by * none
|
|
olcAccess: {1}to attrs=shadowLastChange
|
|
by self write
|
|
by * read
|
|
olcAccess: {2}to dn.base=""
|
|
by * read
|
|
olcAccess: {3}to *
|
|
by dn.exact="gidNumber=0+uidNumber=0,cn=peercred,cn=external,cn=auth" manage
|
|
by dn.exact="{{ admin_dn }}" manage
|
|
by dn.exact="cn=readonly,ou=service-accounts,{{ base_dn }}" read
|
|
by group.exact="cn=admins,ou=privileged-groups,{{ base_dn }}" manage
|
|
by self read
|
|
by * none
|