Try and allow users to identify the groups another user is in

author: Buchan Milne <buchan@mageia.org> 2010-11-05 13:03:26 +0000
committer: Buchan Milne <buchan@mageia.org> 2010-11-05 13:03:26 +0000
commit: bf529770246e474fb6a280ab61741d69651334b5 (patch)
tree: 507d33c8423317655fd9eb19c21e0b0650896358 /modules/openldap
parent: 3ca2360fda5babf630ad7c33269a818d07db110b (diff)
download: puppet-bf529770246e474fb6a280ab61741d69651334b5.tar
puppet-bf529770246e474fb6a280ab61741d69651334b5.tar.gz
puppet-bf529770246e474fb6a280ab61741d69651334b5.tar.bz2
puppet-bf529770246e474fb6a280ab61741d69651334b5.tar.xz
puppet-bf529770246e474fb6a280ab61741d69651334b5.zip
1 files changed, 5 insertions, 1 deletions
diff --git a/modules/openldap/templates/mandriva-dit-access.conf b/modules/openldap/templates/mandriva-dit-access.conf
index 7283fcac..347edcdb 100644
--- a/modules/openldap/templates/mandriva-dit-access.conf
+++ b/modules/openldap/templates/mandriva-dit-access.conf
@@ -83,7 +83,11 @@ access to dn.subtree="dc=mageia,dc=org"
 access to dn.regex="^cn=[^,]+,ou=(System Groups|Group),dc=mageia,dc=org$"
 	attrs=member
 	by dnattr=owner write
-	by * break
+	by users +sx
+
+access to dn.regex="^cn=[^,]+,ou=(System Groups|Group),dc=mageia,dc=org$"
+	attrs=cn,description
+	by users read
 
 # registration - allow registrar group to create basic unprivileged accounts
 access to dn.subtree="ou=People,dc=mageia,dc=org"
author	Buchan Milne <buchan@mageia.org>	2010-11-05 13:03:26 +0000
committer	Buchan Milne <buchan@mageia.org>	2010-11-05 13:03:26 +0000
commit	bf529770246e474fb6a280ab61741d69651334b5 (patch)
tree	507d33c8423317655fd9eb19c21e0b0650896358 /modules/openldap
parent	3ca2360fda5babf630ad7c33269a818d07db110b (diff)
download	puppet-bf529770246e474fb6a280ab61741d69651334b5.tar puppet-bf529770246e474fb6a280ab61741d69651334b5.tar.gz puppet-bf529770246e474fb6a280ab61741d69651334b5.tar.bz2 puppet-bf529770246e474fb6a280ab61741d69651334b5.tar.xz puppet-bf529770246e474fb6a280ab61741d69651334b5.zip