|
|
|---|
| 8 |
nestedGroups = configRegistry.is_true('ldap/acl/nestedgroups', True) |
8 |
nestedGroups = configRegistry.is_true('ldap/acl/nestedgroups', True) |
| 9 |
|
9 |
|
| 10 |
if configRegistry.is_true('ldap/acl/slavepdc', True): |
10 |
if configRegistry.is_true('ldap/acl/slavepdc', True): |
| 11 |
print 'access to dn.regex="^cn=([^,]+),cn=([^,]+),cn=temporary,cn=univention,%s$$" filter="(&(objectClass=lock)(!(objectClass=posixAccount)))"' % ldap_base |
11 |
print 'access to dn.regex="^cn=([^,]+),cn=([^,]+),cn=temporary,cn=univention,%s$" filter="(&(objectClass=lock)(!(objectClass=posixAccount)))"' % ldap_base |
| 12 |
print ' by dn.base="cn=admin,%s" %s' % ( ldap_base, usr ) |
12 |
print ' by dn.base="cn=admin,%s" %s' % ( ldap_base, usr ) |
| 13 |
if nestedGroups: |
13 |
if nestedGroups: |
| 14 |
print ' by set="user & [cn=Domain Admins,cn=groups,%s]/uniqueMember*" %s' % ( ldap_base, usr ) |
14 |
print ' by set="user & [cn=Domain Admins,cn=groups,%s]/uniqueMember*" %s' % ( ldap_base, usr ) |
|
|
|---|
| 17 |
print ' by dn.onelevel="cn=dc,cn=computers,%s" %s' % ( ldap_base, usr ) |
17 |
print ' by dn.onelevel="cn=dc,cn=computers,%s" %s' % ( ldap_base, usr ) |
| 18 |
print ' by * read break' |
18 |
print ' by * read break' |
| 19 |
|
19 |
|
| 20 |
print 'access to dn.regex="^cn=([^,]+),cn=temporary,cn=univention,%s$$" attrs=children,entry' % ldap_base |
20 |
print 'access to dn.regex="^cn=([^,]+),cn=temporary,cn=univention,%s$" attrs=children,entry' % ldap_base |
| 21 |
print ' by dn.base="cn=admin,%s" %s' % ( ldap_base, usr ) |
21 |
print ' by dn.base="cn=admin,%s" %s' % ( ldap_base, usr ) |
| 22 |
if nestedGroups: |
22 |
if nestedGroups: |
| 23 |
print ' by set="user & [cn=Domain Admins,cn=groups,%s]/uniqueMember*" %s' % ( ldap_base, usr ) |
23 |
print ' by set="user & [cn=Domain Admins,cn=groups,%s]/uniqueMember*" %s' % ( ldap_base, usr ) |
|
|
|---|
| 26 |
print ' by dn.onelevel="cn=dc,cn=computers,%s" %s' % ( ldap_base, usr ) |
26 |
print ' by dn.onelevel="cn=dc,cn=computers,%s" %s' % ( ldap_base, usr ) |
| 27 |
print ' by * read break' |
27 |
print ' by * read break' |
| 28 |
|
28 |
|
| 29 |
print 'access to dn.regex="^cn=([^,]+),cn=temporary,cn=univention,%s$$" attrs=univentionLastUsedValue' % ldap_base |
29 |
print 'access to dn.regex="^cn=([^,]+),cn=temporary,cn=univention,%s$" attrs=univentionLastUsedValue' % ldap_base |
| 30 |
print ' by dn.base="cn=admin,%s" %s' % ( ldap_base, usr ) |
30 |
print ' by dn.base="cn=admin,%s" %s' % ( ldap_base, usr ) |
| 31 |
if nestedGroups: |
31 |
if nestedGroups: |
| 32 |
print ' by set="user & [cn=Domain Admins,cn=groups,%s]/uniqueMember*" %s' % ( ldap_base, usr ) |
32 |
print ' by set="user & [cn=Domain Admins,cn=groups,%s]/uniqueMember*" %s' % ( ldap_base, usr ) |
|
|
|---|
| 62 |
print ' by dn.onelevel="cn=dc,cn=computers,%s" %s' % ( ldap_base, usr ) |
62 |
print ' by dn.onelevel="cn=dc,cn=computers,%s" %s' % ( ldap_base, usr ) |
| 63 |
print ' by * read break' |
63 |
print ' by * read break' |
| 64 |
|
64 |
|
| 65 |
print 'access to dn.regex="^cn=.*,cn=dc,cn=computers,%s$$" attrs=userPassword,krb5Key,krb5KDCFlags,sambaNTPassword,sambaLMPassword,sambaPwdLastSet,pwhistory,krb5KeyVersionNumber,univentionWindowsReinstall,sambaPwdCanChange,sambaPwdMustChange' % ( ldap_base ) |
65 |
print 'access to dn.regex="^cn=.*,cn=dc,cn=computers,%s$" attrs=userPassword,krb5Key,krb5KDCFlags,sambaNTPassword,sambaLMPassword,sambaPwdLastSet,pwhistory,krb5KeyVersionNumber,univentionWindowsReinstall,sambaPwdCanChange,sambaPwdMustChange' % ( ldap_base ) |
| 66 |
print ' by dn.base="cn=admin,%s" %s' % ( ldap_base, usr ) |
66 |
print ' by dn.base="cn=admin,%s" %s' % ( ldap_base, usr ) |
| 67 |
if nestedGroups: |
67 |
if nestedGroups: |
| 68 |
print ' by set="user & [cn=Domain Admins,cn=groups,%s]/uniqueMember*" %s' % ( ldap_base, usr ) |
68 |
print ' by set="user & [cn=Domain Admins,cn=groups,%s]/uniqueMember*" %s' % ( ldap_base, usr ) |
|
|
|---|
| 72 |
print ' by dn.onelevel="cn=dc,cn=computers,%s" read' % ( ldap_base ) |
72 |
print ' by dn.onelevel="cn=dc,cn=computers,%s" read' % ( ldap_base ) |
| 73 |
print ' by * none' |
73 |
print ' by * none' |
| 74 |
|
74 |
|
| 75 |
print 'access to dn.regex="^cn=.*,cn=memberserver,cn=computers,%s$$" attrs=userPassword,krb5Key,krb5KDCFlags,sambaNTPassword,sambaLMPassword,sambaPwdLastSet,pwhistory,krb5KeyVersionNumber,univentionWindowsReinstall,sambaPwdCanChange,sambaPwdMustChange' % ( ldap_base ) |
75 |
print 'access to dn.regex="^cn=.*,cn=memberserver,cn=computers,%s$" attrs=userPassword,krb5Key,krb5KDCFlags,sambaNTPassword,sambaLMPassword,sambaPwdLastSet,pwhistory,krb5KeyVersionNumber,univentionWindowsReinstall,sambaPwdCanChange,sambaPwdMustChange' % ( ldap_base ) |
| 76 |
print ' by dn.base="cn=admin,%s" %s' % ( ldap_base, usr ) |
76 |
print ' by dn.base="cn=admin,%s" %s' % ( ldap_base, usr ) |
| 77 |
if nestedGroups: |
77 |
if nestedGroups: |
| 78 |
print ' by set="user & [cn=Domain Admins,cn=groups,%s]/uniqueMember*" %s' % ( ldap_base, usr ) |
78 |
print ' by set="user & [cn=Domain Admins,cn=groups,%s]/uniqueMember*" %s' % ( ldap_base, usr ) |
|
|
|---|
| 82 |
print ' by self %s' % ( usr ) |
82 |
print ' by self %s' % ( usr ) |
| 83 |
print ' by * none' |
83 |
print ' by * none' |
| 84 |
|
84 |
|
| 85 |
print 'access to dn.regex="^cn=.*,cn=memberserver,cn=computers,%s$$" attrs=objectClass,sambaSID,sambaPrimaryGroupSID,displayName,sambaAcctFlags' % ( ldap_base ) |
85 |
print 'access to dn.regex="^cn=.*,cn=memberserver,cn=computers,%s$" attrs=objectClass,sambaSID,sambaPrimaryGroupSID,displayName,sambaAcctFlags' % ( ldap_base ) |
| 86 |
print ' by dn.base="cn=admin,%s" %s' % ( ldap_base, usr ) |
86 |
print ' by dn.base="cn=admin,%s" %s' % ( ldap_base, usr ) |
| 87 |
if nestedGroups: |
87 |
if nestedGroups: |
| 88 |
print ' by set="user & [cn=Domain Admins,cn=groups,%s]/uniqueMember*" %s' % ( ldap_base, usr ) |
88 |
print ' by set="user & [cn=Domain Admins,cn=groups,%s]/uniqueMember*" %s' % ( ldap_base, usr ) |