|
Lines 187-197
access to dn.regex="^cn=([^,]+),cn=shares,ou=([^,]+),@$@DISTRICT@$@@%@ldap/base@
|
Link Here
|
|---|
|
|---|
| 187 |
|
187 |
|
| 188 |
# Mitglieder der lokalen Administratoren muessen einige temporaere Objekte schreiben duerfen |
188 |
# Mitglieder der lokalen Administratoren muessen einige temporaere Objekte schreiben duerfen |
| 189 |
# da keine regulaeren Ausdruecke auf Gruppenmitgliedschaften moeglich sind wird dies allen Lehrern erlaubt |
189 |
# da keine regulaeren Ausdruecke auf Gruppenmitgliedschaften moeglich sind wird dies allen Lehrern erlaubt |
| 190 |
access to dn.regex="^cn=([^,]+),cn=(groupName|sid|gid|gidNumber|mac),cn=temporary,cn=univention,@%@ldap/base@%@$$" filter="(&(objectClass=lock)(!(|(uidNumber=*)(objectClass=SambaSamAccount))))" |
190 |
access to dn.regex="^cn=([^,]+),cn=(groupName|sid|gid|gidNumber|mac|uidNumber),cn=temporary,cn=univention,@%@ldap/base@%@$$" filter="(&(objectClass=lock)(!(|(uidNumber=*)(objectClass=SambaSamAccount))))" |
| 191 |
by dn.regex="^uid=([^,]+),cn=(@$@TEACHERS@$@|@$@TEACHERS-STAFF@$@|@$@STAFF@$@|@$@ADMINS@$@),cn=users,ou=([^,]+),@$@DISTRICT@$@@%@ldap/base@%@$$" write |
191 |
by dn.regex="^uid=([^,]+),cn=(@$@TEACHERS@$@|@$@TEACHERS-STAFF@$@|@$@STAFF@$@|@$@ADMINS@$@),cn=users,ou=([^,]+),@$@DISTRICT@$@@%@ldap/base@%@$$" write |
| 192 |
by * none break |
192 |
by * none break |
| 193 |
|
193 |
|
| 194 |
access to dn.regex="^cn=(groupName|sid|gid|gidNumber|mac),cn=temporary,cn=univention,@%@ldap/base@%@$$" attrs=children,entry |
194 |
access to dn.regex="^cn=(groupName|sid|gid|gidNumber|mac|uidNumber),cn=temporary,cn=univention,@%@ldap/base@%@$$" attrs=children,entry |
| 195 |
by dn.regex="^uid=([^,]+),cn=(@$@TEACHERS@$@|@$@TEACHERS-STAFF@$@|@$@STAFF@$@|@$@ADMINS@$@),cn=users,ou=([^,]+),@$@DISTRICT@$@@%@ldap/base@%@$$" write |
195 |
by dn.regex="^uid=([^,]+),cn=(@$@TEACHERS@$@|@$@TEACHERS-STAFF@$@|@$@STAFF@$@|@$@ADMINS@$@),cn=users,ou=([^,]+),@$@DISTRICT@$@@%@ldap/base@%@$$" write |
| 196 |
by * none break |
196 |
by * none break |
| 197 |
|
197 |
|
|
Lines 199-204
access to dn.base="cn=gidNumber,cn=temporary,cn=univention,@%@ldap/base@%@" attr
|
Link Here
|
|---|
|
|---|
| 199 |
by dn.regex="^uid=([^,]+),cn=(@$@TEACHERS@$@|@$@TEACHERS-STAFF@$@|@$@STAFF@$@|@$@ADMINS@$@),cn=users,ou=([^,]+),@$@DISTRICT@$@@%@ldap/base@%@$$" write |
199 |
by dn.regex="^uid=([^,]+),cn=(@$@TEACHERS@$@|@$@TEACHERS-STAFF@$@|@$@STAFF@$@|@$@ADMINS@$@),cn=users,ou=([^,]+),@$@DISTRICT@$@@%@ldap/base@%@$$" write |
| 200 |
by * none break |
200 |
by * none break |
| 201 |
|
201 |
|
|
|
202 |
access to dn.base="cn=uidNumber,cn=temporary,cn=univention,@%@ldap/base@%@" attrs=univentionLastUsedValue |
| 203 |
by dn.regex="^uid=([^,]+),cn=(@$@TEACHERS@$@|@$@TEACHERS-STAFF@$@|@$@STAFF@$@|@$@ADMINS@$@),cn=users,ou=([^,]+),@$@DISTRICT@$@@%@ldap/base@%@$$" write |
| 204 |
by * none break |
| 205 |
|
| 202 |
# Mitglieder der lokalen Administratoren duerfen MAC-Adressen im Rechner- und DHCP-Objekt aendern |
206 |
# Mitglieder der lokalen Administratoren duerfen MAC-Adressen im Rechner- und DHCP-Objekt aendern |
| 203 |
access to dn.regex="^cn=([^,]+),cn=computers,ou=([^,]+),@$@DISTRICT@$@@%@ldap/base@%@$$" attrs=macAddress,sambaNTPassword |
207 |
access to dn.regex="^cn=([^,]+),cn=computers,ou=([^,]+),@$@DISTRICT@$@@%@ldap/base@%@$$" attrs=macAddress,sambaNTPassword |
| 204 |
by group/univentionGroup/uniqueMember.expand="cn=@$@GRPADMINS@$@$2,cn=ouadmins,cn=groups,@%@ldap/base@%@" write |
208 |
by group/univentionGroup/uniqueMember.expand="cn=@$@GRPADMINS@$@$2,cn=ouadmins,cn=groups,@%@ldap/base@%@" write |