Lines 187-197
access to dn.regex="^cn=([^,]+),cn=shares,ou=([^,]+),@$@DISTRICT@$@@%@ldap/base@
|
Link Here
|
---|
|
187 |
|
187 |
|
188 |
# Mitglieder der lokalen Administratoren muessen einige temporaere Objekte schreiben duerfen |
188 |
# Mitglieder der lokalen Administratoren muessen einige temporaere Objekte schreiben duerfen |
189 |
# da keine regulaeren Ausdruecke auf Gruppenmitgliedschaften moeglich sind wird dies allen Lehrern erlaubt |
189 |
# da keine regulaeren Ausdruecke auf Gruppenmitgliedschaften moeglich sind wird dies allen Lehrern erlaubt |
190 |
access to dn.regex="^cn=([^,]+),cn=(groupName|sid|gid|gidNumber|mac),cn=temporary,cn=univention,@%@ldap/base@%@$$" filter="(&(objectClass=lock)(!(|(uidNumber=*)(objectClass=SambaSamAccount))))" |
190 |
access to dn.regex="^cn=([^,]+),cn=(groupName|sid|gid|gidNumber|mac|uidNumber),cn=temporary,cn=univention,@%@ldap/base@%@$$" filter="(&(objectClass=lock)(!(|(uidNumber=*)(objectClass=SambaSamAccount))))" |
191 |
by dn.regex="^uid=([^,]+),cn=(@$@TEACHERS@$@|@$@TEACHERS-STAFF@$@|@$@STAFF@$@|@$@ADMINS@$@),cn=users,ou=([^,]+),@$@DISTRICT@$@@%@ldap/base@%@$$" write |
191 |
by dn.regex="^uid=([^,]+),cn=(@$@TEACHERS@$@|@$@TEACHERS-STAFF@$@|@$@STAFF@$@|@$@ADMINS@$@),cn=users,ou=([^,]+),@$@DISTRICT@$@@%@ldap/base@%@$$" write |
192 |
by * none break |
192 |
by * none break |
193 |
|
193 |
|
194 |
access to dn.regex="^cn=(groupName|sid|gid|gidNumber|mac),cn=temporary,cn=univention,@%@ldap/base@%@$$" attrs=children,entry |
194 |
access to dn.regex="^cn=(groupName|sid|gid|gidNumber|mac|uidNumber),cn=temporary,cn=univention,@%@ldap/base@%@$$" attrs=children,entry |
195 |
by dn.regex="^uid=([^,]+),cn=(@$@TEACHERS@$@|@$@TEACHERS-STAFF@$@|@$@STAFF@$@|@$@ADMINS@$@),cn=users,ou=([^,]+),@$@DISTRICT@$@@%@ldap/base@%@$$" write |
195 |
by dn.regex="^uid=([^,]+),cn=(@$@TEACHERS@$@|@$@TEACHERS-STAFF@$@|@$@STAFF@$@|@$@ADMINS@$@),cn=users,ou=([^,]+),@$@DISTRICT@$@@%@ldap/base@%@$$" write |
196 |
by * none break |
196 |
by * none break |
197 |
|
197 |
|
Lines 199-204
access to dn.base="cn=gidNumber,cn=temporary,cn=univention,@%@ldap/base@%@" attr
|
Link Here
|
---|
|
199 |
by dn.regex="^uid=([^,]+),cn=(@$@TEACHERS@$@|@$@TEACHERS-STAFF@$@|@$@STAFF@$@|@$@ADMINS@$@),cn=users,ou=([^,]+),@$@DISTRICT@$@@%@ldap/base@%@$$" write |
199 |
by dn.regex="^uid=([^,]+),cn=(@$@TEACHERS@$@|@$@TEACHERS-STAFF@$@|@$@STAFF@$@|@$@ADMINS@$@),cn=users,ou=([^,]+),@$@DISTRICT@$@@%@ldap/base@%@$$" write |
200 |
by * none break |
200 |
by * none break |
201 |
|
201 |
|
|
|
202 |
access to dn.base="cn=uidNumber,cn=temporary,cn=univention,@%@ldap/base@%@" attrs=univentionLastUsedValue |
203 |
by dn.regex="^uid=([^,]+),cn=(@$@TEACHERS@$@|@$@TEACHERS-STAFF@$@|@$@STAFF@$@|@$@ADMINS@$@),cn=users,ou=([^,]+),@$@DISTRICT@$@@%@ldap/base@%@$$" write |
204 |
by * none break |
205 |
|
202 |
# Mitglieder der lokalen Administratoren duerfen MAC-Adressen im Rechner- und DHCP-Objekt aendern |
206 |
# Mitglieder der lokalen Administratoren duerfen MAC-Adressen im Rechner- und DHCP-Objekt aendern |
203 |
access to dn.regex="^cn=([^,]+),cn=computers,ou=([^,]+),@$@DISTRICT@$@@%@ldap/base@%@$$" attrs=macAddress,sambaNTPassword |
207 |
access to dn.regex="^cn=([^,]+),cn=computers,ou=([^,]+),@$@DISTRICT@$@@%@ldap/base@%@$$" attrs=macAddress,sambaNTPassword |
204 |
by group/univentionGroup/uniqueMember.expand="cn=@$@GRPADMINS@$@$2,cn=ouadmins,cn=groups,@%@ldap/base@%@" write |
208 |
by group/univentionGroup/uniqueMember.expand="cn=@$@GRPADMINS@$@$2,cn=ouadmins,cn=groups,@%@ldap/base@%@" write |