Browse Source

roles/ldap: fix acl to add user to groups

python3
Zolfa 5 years ago
parent
commit
2c3d068809
Signed by: zolfa GPG Key ID: E1A43B038C4D6616
1 changed files with 8 additions and 7 deletions
  1. +8
    -7
      roles/ldap/tasks/1_configure_server.yaml

+ 8
- 7
roles/ldap/tasks/1_configure_server.yaml View File

@ -147,18 +147,19 @@
by self write
by anonymous {{ 'tls_ssf=256 ' if ldap_tls_enabled }}auth
by * none
# [1.1] -> Admins can list the full People tree
# [1.1] -> Admins can add/remove People entries
- >-
{2} to dn.exact=ou=People,{{ ldap_basedn }} attrs=children
by group.exact=cn=admin,ou=Group,{{ ldap_basedn }} write
by * none
# [1.2] -> Admins can list the full People tree
# -> Servers can perform search on People tree
- >-
{2} to dn.exact=ou=People,{{ ldap_basedn }}
{3} to dn.exact=ou=People,{{ ldap_basedn }}
by group.exact=cn=admin,ou=Group,{{ ldap_basedn }} read
by dn.children=ou=Server,{{ ldap_basedn }} search
by * none
# [1.2] -> Admins can add/remove People entries
- >-
{3} to dn.exact=ou=People,{{ ldap_basedn }} attrs=children
by group.exact=cn=admin,ou=Group,{{ ldap_basedn }} write
by * none
# [1.3] -> Admins can edit all People attributes
# -> Servers can read all People attributes (except userPassword)
# -> People can read all their attributes


Loading…
Cancel
Save