View | Details | Raw Unified | Return to bug 42437 | Differences between
and this patch

Collapse All | Expand All

(-)a/ucs-school-ldap-acls-master/65ucsschool (-1 / +3 lines)
 Lines 1-6    Link Here 
1 
@!@
 1 
@!@
2 
# -*- coding: utf-8 -*-
 2 
# -*- coding: utf-8 -*-
3 
import re
 3 
import re
4 
from univention.lib.misc import custom_groupname
4 

          5
          

        

        

          5
          
aclset = """

          6
          
aclset = """

        

        

          6
          
# Master und Backup-Systeme duerfen die Einträge aller OUs lesen und schreiben

          7
          
# Master und Backup-Systeme duerfen die Einträge aller OUs lesen und schreiben

        

  

    

    

       Lines 25-31
      def replace_ucr_variables(template): 
    
  Link Here 
    

  

        

          25
          
	dir_ucsschool[ 'GRPADMINS' ] =	  configRegistry.get('ucsschool/ldap/default/groupprefix/admins', 'admins-')

          26
          
	dir_ucsschool[ 'GRPADMINS' ] =	  configRegistry.get('ucsschool/ldap/default/groupprefix/admins', 'admins-')

        

        

          26
          
	dir_ucsschool[ 'EXAM' ] = configRegistry.get('ucsschool/ldap/default/container/exam', 'examusers')

          27
          
	dir_ucsschool[ 'EXAM' ] = configRegistry.get('ucsschool/ldap/default/container/exam', 'examusers')

        

        

          27
          

          28
          

        

          
            

              28
              


              29
              
	dir_ucsschool['DOMAIN_ADMINS'] = custom_groupname('Domain Admins')

            

        

          29
          
	while 1:

          30
          
	while 1:

        

        

          30
          
		i = variable_token.finditer(template)

          31
          
		i = variable_token.finditer(template)

        

        

          31
          
		try:

          32
          
		try:

        

  

    

    

       Lines 236-241
      access to dn.regex="^uid=([^,]+),cn=@$@EXAM@$@,ou=([^,]+),@$@DISTRICT@$@@%@ldap/ 
    
  Link Here 
    

  

        

          236
          
# Schul-Slave-Server duerfen nur Eintraege ihrer OU lesen und schreiben (Passwortaenderungen etc.)

          238
          
# Schul-Slave-Server duerfen nur Eintraege ihrer OU lesen und schreiben (Passwortaenderungen etc.)

        

        

          237
          
# Lehrer und Memberserver duerfen sie lesen, ou-eigene bekommen Standard-ACLs, ou-fremde Server/user duerfen nichts

          239
          
# Lehrer und Memberserver duerfen sie lesen, ou-eigene bekommen Standard-ACLs, ou-fremde Server/user duerfen nichts

        

        

          238
          
access to dn.regex="^(.+,)?ou=([^,]+),@$@DISTRICT@$@@%@ldap/base@%@$$"

          240
          
access to dn.regex="^(.+,)?ou=([^,]+),@$@DISTRICT@$@@%@ldap/base@%@$$"

        

            

              
              
              241
              
	by group/univentionGroup/uniqueMember="cn=@$@DOMAIN_ADMINS@$@,cn=groups,@%@ldap/base@%@" +0 break

            

        

          239
          
	by set.expand="[ldap:///ou=$2,@%@ldap/base@%@?ou?base?%28%21%28objectClass%3DucsschoolOrganizationalUnit%29%29]/ou" +0 break

          242
          
	by set.expand="[ldap:///ou=$2,@%@ldap/base@%@?ou?base?%28%21%28objectClass%3DucsschoolOrganizationalUnit%29%29]/ou" +0 break

        

        

          240
          
	by group/univentionGroup/uniqueMember.expand="cn=OU$2-DC-Verwaltungsnetz,cn=ucsschool,cn=groups,@%@ldap/base@%@" write

          243
          
	by group/univentionGroup/uniqueMember.expand="cn=OU$2-DC-Verwaltungsnetz,cn=ucsschool,cn=groups,@%@ldap/base@%@" write

        

        

          241
          
	by group/univentionGroup/uniqueMember.expand="cn=OU$2-DC-Edukativnetz,cn=ucsschool,cn=groups,@%@ldap/base@%@" write

          244
          
	by group/univentionGroup/uniqueMember.expand="cn=OU$2-DC-Edukativnetz,cn=ucsschool,cn=groups,@%@ldap/base@%@" write

        






  

  Return to bug 42437