diff options
Diffstat (limited to 'zarb-ml/mageia-sysadm/2010-November/000405.html')
| -rw-r--r-- | zarb-ml/mageia-sysadm/2010-November/000405.html | 215 |
1 files changed, 215 insertions, 0 deletions
diff --git a/zarb-ml/mageia-sysadm/2010-November/000405.html b/zarb-ml/mageia-sysadm/2010-November/000405.html new file mode 100644 index 000000000..e8d5cd50e --- /dev/null +++ b/zarb-ml/mageia-sysadm/2010-November/000405.html @@ -0,0 +1,215 @@ +<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 3.2//EN"> +<HTML> + <HEAD> + <TITLE> [Mageia-sysadm] [212] Close more anon access, and open up read access to some inetOrgPerson attrs to users + </TITLE> + <LINK REL="Index" HREF="index.html" > + <LINK REL="made" HREF="mailto:mageia-sysadm%40mageia.org?Subject=Re%3A%20%5BMageia-sysadm%5D%20%5B212%5D%20Close%20more%20anon%20access%2C%0A%20and%20open%20up%20read%20access%20to%20some%20inetOrgPerson%20attrs%20to%20users&In-Reply-To=%3C20101109142511.08E0B3F92B%40valstar.mageia.org%3E"> + <META NAME="robots" CONTENT="index,nofollow"> + <META http-equiv="Content-Type" content="text/html; charset=us-ascii"> + <LINK REL="Previous" HREF="000415.html"> + <LINK REL="Next" HREF="000411.html"> + </HEAD> + <BODY BGCOLOR="#ffffff"> + <H1>[Mageia-sysadm] [212] Close more anon access, and open up read access to some inetOrgPerson attrs to users</H1> + <B>root at mageia.org</B> + <A HREF="mailto:mageia-sysadm%40mageia.org?Subject=Re%3A%20%5BMageia-sysadm%5D%20%5B212%5D%20Close%20more%20anon%20access%2C%0A%20and%20open%20up%20read%20access%20to%20some%20inetOrgPerson%20attrs%20to%20users&In-Reply-To=%3C20101109142511.08E0B3F92B%40valstar.mageia.org%3E" + TITLE="[Mageia-sysadm] [212] Close more anon access, and open up read access to some inetOrgPerson attrs to users">root at mageia.org + </A><BR> + <I>Tue Nov 9 15:25:10 CET 2010</I> + <P><UL> + <LI>Previous message: <A HREF="000415.html">[Mageia-sysadm] install of a websvn on svn server ? +</A></li> + <LI>Next message: <A HREF="000411.html">[Mageia-sysadm] [213] - rename iurt to buildsystem +</A></li> + <LI> <B>Messages sorted by:</B> + <a href="date.html#405">[ date ]</a> + <a href="thread.html#405">[ thread ]</a> + <a href="subject.html#405">[ subject ]</a> + <a href="author.html#405">[ author ]</a> + </LI> + </UL> + <HR> +<!--beginarticle--> +<PRE>Revision: 212 +Author: buchan +Date: 2010-11-09 15:25:10 +0100 (Tue, 09 Nov 2010) +Log Message: +----------- +Close more anon access, and open up read access to some inetOrgPerson attrs to users + +Modified Paths: +-------------- + puppet/modules/openldap/templates/mandriva-dit-access.conf + +Modified: puppet/modules/openldap/templates/mandriva-dit-access.conf +=================================================================== +--- puppet/modules/openldap/templates/mandriva-dit-access.conf 2010-11-09 02:21:57 UTC (rev 211) ++++ puppet/modules/openldap/templates/mandriva-dit-access.conf 2010-11-09 14:25:10 UTC (rev 212) +@@ -33,7 +33,7 @@ + attrs=shadowLastChange + by self write + by group.exact="cn=Account Admins,ou=System Groups,dc=mageia,dc=org" write +- by * read ++ by users read + access to dn.subtree="dc=mageia,dc=org" + attrs=userPassword + by group.exact="cn=Account Admins,ou=System Groups,dc=mageia,dc=org" write +@@ -53,7 +53,7 @@ + # password policies + access to dn.subtree="ou=Password Policies,dc=mageia,dc=org" + by group.exact="cn=Account Admins,ou=System Groups,dc=mageia,dc=org" write +- by * read ++ by users read + + # samba password attributes + # by self not strictly necessary, because samba uses its own admin user to +@@ -77,16 +77,18 @@ + access to dn.subtree="dc=mageia,dc=org" + attrs=pwdReset,pwdAccountLockedTime + by group.exact="cn=Account Admins,ou=System Groups,dc=mageia,dc=org" write +- by * read ++ by self read + + # group owner can add/remove/edit members to groups + access to dn.regex="^cn=[^,]+,ou=(System Groups|Group),dc=mageia,dc=org$" + attrs=member + by dnattr=owner write ++ by group.exact="cn=Account Admins,ou=System Groups,dc=mageia,dc=org" write + by users +sx + + access to dn.regex="^cn=[^,]+,ou=(System Groups|Group),dc=mageia,dc=org$" + attrs=cn,description,objectClass,gidNumber ++ by group.exact="cn=Account Admins,ou=System Groups,dc=mageia,dc=org" write + by users read + + # registration - allow registrar group to create basic unprivileged accounts +@@ -106,7 +108,7 @@ + access to dn.subtree="ou=People,dc=mageia,dc=org" + attrs=carLicense,homePhone,homePostalAddress,mobile,pager,telephoneNumber,mail,preferredLanguage + by self write +- by users +sx ++ by users read + + # create new accounts + access to dn.regex="^([^,]+,)?ou=(People|Group|Hosts),dc=mageia,dc=org$" +@@ -122,21 +124,21 @@ + access to dn.regex="^(sambaDomainName=[^,]+,)?dc=mageia,dc=org$" + attrs=<A HREF="https://www.mageia.org/mailman/listinfo/mageia-sysadm">children,entry, at sambaDomain</A><A HREF="https://www.mageia.org/mailman/listinfo/mageia-sysadm">, at sambaUnixIdPool</A> + by group.exact="cn=Account Admins,ou=System Groups,dc=mageia,dc=org" write +- by * read ++ by users read + + # samba ID mapping + access to dn.regex="^(sambaSID=[^,]+,)?ou=Idmap,dc=mageia,dc=org$" + attrs=<A HREF="https://www.mageia.org/mailman/listinfo/mageia-sysadm">children,entry, at sambaIdmapEntry</A> + by group.exact="cn=Account Admins,ou=System Groups,dc=mageia,dc=org" write + by group.exact="cn=IDMAP Admins,ou=System Groups,dc=mageia,dc=org" write +- by * read ++ by users read + + # global address book + # XXX - which class(es) to use? + access to dn.regex="^(.*,)?ou=Address Book,dc=mageia,dc=org" + attrs=<A HREF="https://www.mageia.org/mailman/listinfo/mageia-sysadm">children,entry, at inetOrgPerson</A><A HREF="https://www.mageia.org/mailman/listinfo/mageia-sysadm">, at evolutionPerson</A><A HREF="https://www.mageia.org/mailman/listinfo/mageia-sysadm">, at evolutionPersonList</A> + by group.exact="cn=Address Book Admins,ou=System Groups,dc=mageia,dc=org" write +- by * read ++ by users read + + # dhcp entries + # XXX - open up read access to anybody? +@@ -150,13 +152,13 @@ + access to dn.regex="^([^,]+,)?ou=sudoers,dc=mageia,dc=org$" + attrs=<A HREF="https://www.mageia.org/mailman/listinfo/mageia-sysadm">children,entry, at sudoRole</A> + by group.exact="cn=Sudo Admins,ou=System Groups,dc=mageia,dc=org" write +- by * read ++ by users read + + # dns + access to dn="ou=dns,dc=mageia,dc=org" + attrs=<A HREF="https://www.mageia.org/mailman/listinfo/mageia-sysadm">entry, at extensibleObject</A> + by group.exact="cn=DNS Admins,ou=System Groups,dc=mageia,dc=org" write +- by * read ++ by users read + access to dn.sub="ou=dns,dc=mageia,dc=org" + attrs=<A HREF="https://www.mageia.org/mailman/listinfo/mageia-sysadm">children,entry, at dNSZone</A> + by group.exact="cn=DNS Admins,ou=System Groups,dc=mageia,dc=org" write +@@ -169,7 +171,7 @@ + access to dn.one="ou=People,dc=mageia,dc=org" + attrs=@inetLocalMailRecipient,mail + by group.exact="cn=MTA Admins,ou=System Groups,dc=mageia,dc=org" write +- by * read ++ by users read + + # KDE Configuration + access to dn.sub="ou=KDEConfig,dc=mageia,dc=org" +@@ -178,5 +180,5 @@ + + # last one + access to dn.subtree="dc=mageia,dc=org" attrs=entry,uid,cn +- by * read ++ by users read + +-------------- next part -------------- +An HTML attachment was scrubbed... +URL: </pipermail/mageia-sysadm/attachments/20101109/431b95e6/attachment-0001.html> +</PRE> + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + +<!--endarticle--> + <HR> + <P><UL> + <!--threads--> + <LI>Previous message: <A HREF="000415.html">[Mageia-sysadm] install of a websvn on svn server ? +</A></li> + <LI>Next message: <A HREF="000411.html">[Mageia-sysadm] [213] - rename iurt to buildsystem +</A></li> + <LI> <B>Messages sorted by:</B> + <a href="date.html#405">[ date ]</a> + <a href="thread.html#405">[ thread ]</a> + <a href="subject.html#405">[ subject ]</a> + <a href="author.html#405">[ author ]</a> + </LI> + </UL> + +<hr> +<a href="https://www.mageia.org/mailman/listinfo/mageia-sysadm">More information about the Mageia-sysadm +mailing list</a><br> +</body></html> |