Benutzer:Harry/slapd.acl.db1
Zur Navigation springen
Zur Suche springen
# Inhaber der Rolle "admin" dürfen einfach alles
access to *
by group/organizationalRole/roleOccupant="cn=admin,dc=delixs-schule,dc=de" manage
by * none break
# Passwortänderungen
access to dn.exact="cn=admin,dc=delixs-schule,dc=de"
attrs=userPassword
by self write
by anonymous auth
access to dn.subtree="ou=people,ou=accounts,dc=delixs-schule,dc=de"
attrs=userPassword,sambaLMPassword,sambaNTPassword
filter=(&(objectclass=posixAccount)(objectclass=sambaSamAccount)(gidnumber=1002))
by self write
by anonymous auth
by set="[cn=DomainAdmins,ou=groups,dc=delixs-schule,dc=de]/memberUid & user/uid" write
by set="[cn=hadmin,ou=groups,dc=delixs-schule,dc=de]/memberUid & user/uid" write
by set="[cn=tadmin,ou=groups,dc=delixs-schule,dc=de]/memberUid & user/uid" write
by set="[cn=cadmin,ou=groups,dc=delixs-schule,dc=de]/memberUid & user/uid" write
access to attrs=userPassword,sambaLMPassword,sambaNTPassword
by self write
by anonymous auth
by group/organizationalRole/roleOccupant="cn=admin,dc=delixs-schule,dc=de" manage
by set="[cn=DomainAdmins,ou=groups,dc=delixs-schule,dc=de]/memberUid & user/uid" write
by set="[cn=hadmin,ou=groups,dc=delixs-schule,dc=de]/memberUid & user/uid" write
access to dn.subtree="ou=people,ou=accounts,dc=delixs-schule,dc=de"
by group="cn=hadmin,ou=groups,dc=delixs-schule,dc=de" write
by set="[cn=DomainAdmins,ou=groups,dc=delixs-schule,dc=de]/memberUid & user/uid" read
by * read
access to dn.subtree="dc=delixs-schule,dc=de"
by group="cn=hadmin,ou=groups,dc=delixs-schule,dc=de" write
access to * by * read