From 7ad67630c40c0669cc1c140ff2d42311fb780b47 Mon Sep 17 00:00:00 2001 From: Jonas Gunz Date: Thu, 27 Jul 2023 21:46:38 +0200 Subject: openldap move access control to hostettings --- roles/openldap/README.md | 26 +++++++++++++++++++++++++- 1 file changed, 25 insertions(+), 1 deletion(-) (limited to 'roles/openldap/README.md') diff --git a/roles/openldap/README.md b/roles/openldap/README.md index ed34f52..fb30537 100644 --- a/roles/openldap/README.md +++ b/roles/openldap/README.md @@ -25,7 +25,31 @@ ldap: DESC 'MANDATORY: OpenSSH LPK objectclass' MAY ( sshPublicKey $ uid ) )" - + ous: + - users + - apps + - groups + - unixgroups + groupsofnames: + in: 'ou=groups,dc=example,dc=com' + names: + - ldap_admin + - external_auth + access_control: + - >- + {0}to attrs=userPassword + by self write + by group/groupOfNames/member=cn=external_auth,ou=groups,dc=example,dc=com read + by anonymous auth + by * none + - >- + {1}to attrs=shadowLastChange + by self write + by * read + - >- + {2}to * + by users read + by group/groupOfNames/member=cn=ldap_admin,ou=groups,dc=example,dc=com manage ``` ## Notes -- cgit v1.2.3