Univention Bugzilla – Attachment 8227 Details for
Bug 42437
Traceback in UMC if user is member of Domain Admins and UCS@school user
Home
|
New
|
Browse
|
Search
|
[?]
|
Reports
|
Requests
|
Help
|
New Account
|
Log In
[x]
|
Forgot Password
Login:
[x]
[patch]
patch 2
42437-2.patch (text/plain), 1.64 KB, created by
Florian Best
on 2016-11-16 15:50:57 CET
(
hide
)
Description:
patch 2
Filename:
MIME Type:
Creator:
Florian Best
Created:
2016-11-16 15:50:57 CET
Size:
1.64 KB
patch
obsolete
>diff --git a/ucs-school-ldap-acls-master/65ucsschool b/ucs-school-ldap-acls-master/65ucsschool >index 516e323..7220aae 100644 >--- a/ucs-school-ldap-acls-master/65ucsschool >+++ b/ucs-school-ldap-acls-master/65ucsschool >@@ -1,6 +1,7 @@ > @!@ > # -*- coding: utf-8 -*- > import re >+from univention.lib.misc import custom_groupname > > aclset = """ > # Master und Backup-Systeme duerfen die Einträge aller OUs lesen und schreiben >@@ -25,7 +26,7 @@ def replace_ucr_variables(template): > dir_ucsschool[ 'GRPADMINS' ] = configRegistry.get('ucsschool/ldap/default/groupprefix/admins', 'admins-') > dir_ucsschool[ 'EXAM' ] = configRegistry.get('ucsschool/ldap/default/container/exam', 'examusers') > >- >+ dir_ucsschool['DOMAIN_ADMINS'] = custom_groupname('Domain Admins') > while 1: > i = variable_token.finditer(template) > try: >@@ -236,6 +238,7 @@ access to dn.regex="^uid=([^,]+),cn=@$@EXAM@$@,ou=([^,]+),@$@DISTRICT@$@@%@ldap/ > # Schul-Slave-Server duerfen nur Eintraege ihrer OU lesen und schreiben (Passwortaenderungen etc.) > # Lehrer und Memberserver duerfen sie lesen, ou-eigene bekommen Standard-ACLs, ou-fremde Server/user duerfen nichts > access to dn.regex="^(.+,)?ou=([^,]+),@$@DISTRICT@$@@%@ldap/base@%@$$" >+ by group/univentionGroup/uniqueMember="cn=@$@DOMAIN_ADMINS@$@,cn=groups,@%@ldap/base@%@" +0 break > by set.expand="[ldap:///ou=$2,@%@ldap/base@%@?ou?base?%28%21%28objectClass%3DucsschoolOrganizationalUnit%29%29]/ou" +0 break > by group/univentionGroup/uniqueMember.expand="cn=OU$2-DC-Verwaltungsnetz,cn=ucsschool,cn=groups,@%@ldap/base@%@" write > by group/univentionGroup/uniqueMember.expand="cn=OU$2-DC-Edukativnetz,cn=ucsschool,cn=groups,@%@ldap/base@%@" write
<b>You cannot view the attachment while viewing its details because your browser does not support IFRAMEs. <a href="attachment.cgi?id=8227">View the attachment on a separate page</a>.</b>
View Attachment As Diff
View Attachment As Raw
Actions:
View
|
Diff
Attachments on
bug 42437
:
8226
| 8227