From bf529770246e474fb6a280ab61741d69651334b5 Mon Sep 17 00:00:00 2001
From: Buchan Milne <buchan@mageia.org>
Date: Fri, 5 Nov 2010 13:03:26 +0000
Subject: Try and allow users to identify the groups another user is in

---
 modules/openldap/templates/mandriva-dit-access.conf | 6 +++++-
 1 file changed, 5 insertions(+), 1 deletion(-)

diff --git a/modules/openldap/templates/mandriva-dit-access.conf b/modules/openldap/templates/mandriva-dit-access.conf
index 7283fcac..347edcdb 100644
--- a/modules/openldap/templates/mandriva-dit-access.conf
+++ b/modules/openldap/templates/mandriva-dit-access.conf
@@ -83,7 +83,11 @@ access to dn.subtree="dc=mageia,dc=org"
 access to dn.regex="^cn=[^,]+,ou=(System Groups|Group),dc=mageia,dc=org$"
 	attrs=member
 	by dnattr=owner write
-	by * break
+	by users +sx
+
+access to dn.regex="^cn=[^,]+,ou=(System Groups|Group),dc=mageia,dc=org$"
+	attrs=cn,description
+	by users read
 
 # registration - allow registrar group to create basic unprivileged accounts
 access to dn.subtree="ou=People,dc=mageia,dc=org" 
-- 
cgit v1.2.1