forked from Personal/ansible-deploy-ldap-fusiondirectory
39 lines
946 B
Plaintext
39 lines
946 B
Plaintext
|
dn: olcDatabase={1}mdb,cn=config
|
||
|
changetype: modify
|
||
|
delete: olcAccess
|
||
|
-
|
||
|
add: olcAccess
|
||
|
olcAccess: {0}to dn.subtree="{{ base_dn }}" attrs=userPassword
|
||
|
by self write
|
||
|
by dn.base="cn=admin,{{ base_dn }}" write
|
||
|
by dn.children="ou=dsa,{{ base_dn }}" write
|
||
|
by anonymous auth
|
||
|
by * none
|
||
|
-
|
||
|
add: olcAccess
|
||
|
olcAccess: {1}to dn.subtree="ou=people,{{ base_dn }}"
|
||
|
by self read
|
||
|
by dn.base="uid=test.user,ou=people,{{ base_dn }}" write
|
||
|
by dn.base="cn=admin,{{ base_dn }}" write
|
||
|
by dn.children="ou=dsa,{{ base_dn }}" read
|
||
|
by anonymous auth
|
||
|
by * none
|
||
|
-
|
||
|
add: olcAccess
|
||
|
olcAccess: {2}to attrs=userPassword,shadowLastChange
|
||
|
by self write
|
||
|
by anonymous auth
|
||
|
by dn="cn=admin,{{ base_dn }}" write
|
||
|
by * none
|
||
|
-
|
||
|
add: olcAccess
|
||
|
olcAccess: {3}to dn.subtree="{{ base_dn }}"
|
||
|
by self read
|
||
|
by dn.base="cn=admin,{{ base_dn }}" write
|
||
|
by dn.children="ou=dsa,{{ base_dn }}" write
|
||
|
by * none
|
||
|
-
|
||
|
add: olcAccess
|
||
|
olcAccess: {4}to dn.base=""
|
||
|
by * none
|