Skip to content
Snippets Groups Projects
Verified Commit ad6e2f6e authored by sistason's avatar sistason
Browse files

update ACLs to allow for a user_connection of testadmin to manage users/groups.

This is an example implementation of writing ACLs for a user_connection.
parent 1979ef2c
No related branches found
No related tags found
1 merge request!3update ACLs to allow for a user_connection of testadmin to manage users/groups.
Pipeline #6405 passed
...@@ -34,20 +34,37 @@ all: ...@@ -34,20 +34,37 @@ all:
description: "Adminrechte im uffd Selfservice" description: "Adminrechte im uffd Selfservice"
acls: acls:
- >- - >-
{0}to * {0}to attrs=userPassword
by dn="cn=uffd,ou=system,dc=example,dc=com" =xw
by group="cn=uffd_admin,ou=groups,dc=example,dc=com" =xw
by self =xw
by anonymous auth
- >-
{1}to attrs=shadowLastChange
by dn="cn=uffd,ou=system,dc=example,dc=com" write
by group="cn=uffd_admin,ou=groups,dc=example,dc=com" write
by self write
- >-
{2}to dn.subtree="ou=users,dc=example,dc=com"
by dn="cn=uffd,ou=system,dc=example,dc=com" write by dn="cn=uffd,ou=system,dc=example,dc=com" write
by * break by group="cn=uffd_admin,ou=groups,dc=example,dc=com" write
by self write
by * read
- >- - >-
{1}to dn.children="ou=groups,dc=example,dc=com" {3}to dn.children="ou=groups,dc=example,dc=com"
by dn="cn=uffd,ou=system,dc=example,dc=com" write by dn="cn=uffd,ou=system,dc=example,dc=com" write
by * break by group="cn=uffd_admin,ou=groups,dc=example,dc=com" write
by * read
- >- - >-
{2}to dn.children="ou=postfix,dc=example,dc=com" {4}to dn.children="ou=postfix,dc=example,dc=com"
by dn="cn=uffd,ou=system,dc=example,dc=com" write by dn="cn=uffd,ou=system,dc=example,dc=com" write
by * break by group="cn=uffd_admin,ou=groups,dc=example,dc=com" write
- '{3}to attrs=userPassword by self write by anonymous auth by * none' by * read
- '{4}to attrs=shadowLastChange by self write by * read' # - >-
- '{5}to * by * read' # {5}to *
# by dn="cn=uffd,ou=system,dc=example,dc=com" write
# by dn="uid=testadmin,ou=users,dc=example,dc=com" write
# by * read
certificates: certificates:
disable_letsencrypt_account_registration: True disable_letsencrypt_account_registration: True
certs: certs:
......
0% Loading or .
You are about to add 0 people to the discussion. Proceed with caution.
Please register or to comment