blob: 0781b3d0dec1194c2ead4831601f6e7635441c1f (
plain)
- # Ensure read access to the base for things like
- # supportedSASLMechanisms. Without this you may
- # have problems with SASL not knowing what
- # mechanisms are available and the like.
- # Note that this is covered by the 'access to *'
- # ACL below too but if you change that as people
- # are wont to do you'll still need this if you
- # want SASL (and possible other things) to work
- # happily.
- access to dn.base=""
- by * read
- access to dn.subtree="cn=monitor"
- by * read
- # The admin dn has full write access, everyone else
- # needs further checking
- access to dn.subtree="@SUFFIX@"
- by dn.exact="cn=admin,@SUFFIX@" write
- by group/groupOfUniqueNames/uniqueMember="cn=DSA,ou=Administrators,ou=Groups,ou=Access Control,@SUFFIX@" write
- by group/groupOfUniqueNames/uniqueMember="cn=Replicants,ou=Groups,ou=Access Control,@SUFFIX@" write
- by * break
|
