Revision

142

Author

buchan

Date

2010-11-05 14:03:26 +0100 (Fri, 05 Nov 2010)

Log Message

Try and allow users to identify the groups another user is in

Modified Paths

• puppet/modules/openldap/templates/mandriva-dit-access.conf

Modified: puppet/modules/openldap/templates/mandriva-dit-access.conf
===================================================================
--- puppet/modules/openldap/templates/mandriva-dit-access.conf	2010-11-05 12:41:38 UTC (rev 141)
+++ puppet/modules/openldap/templates/mandriva-dit-access.conf	2010-11-05 13:03:26 UTC (rev 142)
@@ -83,8 +83,12 @@
 access to dn.regex="^cn=[^,]+,ou=(System Groups|Group),dc=mageia,dc=org$"
 	attrs=member
 	by dnattr=owner write
-	by * break
+	by users +sx
 
+access to dn.regex="^cn=[^,]+,ou=(System Groups|Group),dc=mageia,dc=org$"
+	attrs=cn,description
+	by users read
+
 # registration - allow registrar group to create basic unprivileged accounts
 access to dn.subtree="ou=People,dc=mageia,dc=org" 
 	attrs="objectClass"