From 1be510f9529cb082f802408b472a77d074b394c0 Mon Sep 17 00:00:00 2001 From: Nicolas Vigier Date: Sun, 14 Apr 2013 13:46:12 +0000 Subject: Add zarb MLs html archives --- zarb-ml/mageia-sysadm/2010-November/000405.html | 215 ++++++++++++++++++++++++ 1 file changed, 215 insertions(+) create mode 100644 zarb-ml/mageia-sysadm/2010-November/000405.html (limited to 'zarb-ml/mageia-sysadm/2010-November/000405.html') diff --git a/zarb-ml/mageia-sysadm/2010-November/000405.html b/zarb-ml/mageia-sysadm/2010-November/000405.html new file mode 100644 index 000000000..e8d5cd50e --- /dev/null +++ b/zarb-ml/mageia-sysadm/2010-November/000405.html @@ -0,0 +1,215 @@ + + + + [Mageia-sysadm] [212] Close more anon access, and open up read access to some inetOrgPerson attrs to users + + + + + + + + + +

[Mageia-sysadm] [212] Close more anon access, and open up read access to some inetOrgPerson attrs to users

+ root at mageia.org + root at mageia.org +
+ Tue Nov 9 15:25:10 CET 2010 +

+
+ +
Revision: 212
+Author:   buchan
+Date:     2010-11-09 15:25:10 +0100 (Tue, 09 Nov 2010)
+Log Message:
+-----------
+Close more anon access, and open up read access to some inetOrgPerson attrs to users
+
+Modified Paths:
+--------------
+    puppet/modules/openldap/templates/mandriva-dit-access.conf
+
+Modified: puppet/modules/openldap/templates/mandriva-dit-access.conf
+===================================================================
+--- puppet/modules/openldap/templates/mandriva-dit-access.conf	2010-11-09 02:21:57 UTC (rev 211)
++++ puppet/modules/openldap/templates/mandriva-dit-access.conf	2010-11-09 14:25:10 UTC (rev 212)
+@@ -33,7 +33,7 @@
+         attrs=shadowLastChange
+         by self write
+         by group.exact="cn=Account Admins,ou=System Groups,dc=mageia,dc=org" write
+-        by * read
++        by users read
+ access to dn.subtree="dc=mageia,dc=org"
+ 	attrs=userPassword
+ 	by group.exact="cn=Account Admins,ou=System Groups,dc=mageia,dc=org" write
+@@ -53,7 +53,7 @@
+ # password policies
+ access to dn.subtree="ou=Password Policies,dc=mageia,dc=org"
+ 	by group.exact="cn=Account Admins,ou=System Groups,dc=mageia,dc=org" write
+-	by * read
++	by users read
+ 
+ # samba password attributes
+ # by self not strictly necessary, because samba uses its own admin user to
+@@ -77,16 +77,18 @@
+ access to dn.subtree="dc=mageia,dc=org"
+ 	attrs=pwdReset,pwdAccountLockedTime
+ 	by group.exact="cn=Account Admins,ou=System Groups,dc=mageia,dc=org" write
+-	by * read
++	by self read
+ 
+ # group owner can add/remove/edit members to groups
+ access to dn.regex="^cn=[^,]+,ou=(System Groups|Group),dc=mageia,dc=org$"
+ 	attrs=member
+ 	by dnattr=owner write
++	by group.exact="cn=Account Admins,ou=System Groups,dc=mageia,dc=org" write
+ 	by users +sx
+ 
+ access to dn.regex="^cn=[^,]+,ou=(System Groups|Group),dc=mageia,dc=org$"
+ 	attrs=cn,description,objectClass,gidNumber
++	by group.exact="cn=Account Admins,ou=System Groups,dc=mageia,dc=org" write
+ 	by users read
+ 
+ # registration - allow registrar group to create basic unprivileged accounts
+@@ -106,7 +108,7 @@
+ access to dn.subtree="ou=People,dc=mageia,dc=org"
+ 	attrs=carLicense,homePhone,homePostalAddress,mobile,pager,telephoneNumber,mail,preferredLanguage
+ 	by self write
+-	by users +sx
++	by users read
+ 
+ # create new accounts
+ access to dn.regex="^([^,]+,)?ou=(People|Group|Hosts),dc=mageia,dc=org$"
+@@ -122,21 +124,21 @@
+ access to dn.regex="^(sambaDomainName=[^,]+,)?dc=mageia,dc=org$"
+ 	attrs=children,entry, at sambaDomain, at sambaUnixIdPool
+ 	by group.exact="cn=Account Admins,ou=System Groups,dc=mageia,dc=org" write
+-	by * read
++	by users read
+ 
+ # samba ID mapping
+ access to dn.regex="^(sambaSID=[^,]+,)?ou=Idmap,dc=mageia,dc=org$"
+ 	attrs=children,entry, at sambaIdmapEntry
+ 	by group.exact="cn=Account Admins,ou=System Groups,dc=mageia,dc=org" write
+ 	by group.exact="cn=IDMAP Admins,ou=System Groups,dc=mageia,dc=org" write
+-	by * read
++	by users read
+ 
+ # global address book
+ # XXX - which class(es) to use?
+ access to dn.regex="^(.*,)?ou=Address Book,dc=mageia,dc=org"
+ 	attrs=children,entry, at inetOrgPerson, at evolutionPerson, at evolutionPersonList
+ 	by group.exact="cn=Address Book Admins,ou=System Groups,dc=mageia,dc=org" write
+-	by * read
++	by users read
+ 
+ # dhcp entries
+ # XXX - open up read access to anybody?
+@@ -150,13 +152,13 @@
+ access to dn.regex="^([^,]+,)?ou=sudoers,dc=mageia,dc=org$"
+ 	attrs=children,entry, at sudoRole
+ 	by group.exact="cn=Sudo Admins,ou=System Groups,dc=mageia,dc=org" write
+-	by * read
++	by users read
+ 
+ # dns
+ access to dn="ou=dns,dc=mageia,dc=org"
+ 	attrs=entry, at extensibleObject
+ 	by group.exact="cn=DNS Admins,ou=System Groups,dc=mageia,dc=org" write
+-	by * read
++	by users read
+ access to dn.sub="ou=dns,dc=mageia,dc=org"
+ 	attrs=children,entry, at dNSZone
+ 	by group.exact="cn=DNS Admins,ou=System Groups,dc=mageia,dc=org" write
+@@ -169,7 +171,7 @@
+ access to dn.one="ou=People,dc=mageia,dc=org"
+ 	attrs=@inetLocalMailRecipient,mail
+ 	by group.exact="cn=MTA Admins,ou=System Groups,dc=mageia,dc=org" write
+-	by * read
++	by users read
+ 
+ # KDE Configuration
+ access to dn.sub="ou=KDEConfig,dc=mageia,dc=org"
+@@ -178,5 +180,5 @@
+ 
+ # last one
+ access to dn.subtree="dc=mageia,dc=org" attrs=entry,uid,cn
+-	by * read
++	by users read
+ 
+-------------- next part --------------
+An HTML attachment was scrubbed...
+URL: </pipermail/mageia-sysadm/attachments/20101109/431b95e6/attachment-0001.html>
+
+ + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + +
+

+ +
+More information about the Mageia-sysadm +mailing list
+ -- cgit v1.2.1