WIP Add service accounts and ACIs

2024-03-28 10:57:12 +04:00
parent 02af69b055
commit 0bd77bc37a
3 changed files with 20 additions and 0 deletions
--- a/schemas/ldap/aci.ldif
+++ b/schemas/ldap/aci.ldif
@@ -0,0 +1,4 @@
+dn: ou=kosmos.org,cn=users,dc=kosmos,dc=org
+changetype: modify
+add: aci
+aci: (target="ldap:///cn=*,ou=kosmos.org,cn=users,dc=kosmos,dc=org")(targetattr="cn || sn || uid || mail || userPassword || serviceEnabled || displayName || jpegPhoto || nsRole || objectClass") (version 3.0; acl "service-kosmos-read-search"; allow (read,search) userdn="ldap:///uid=service,ou=kosmos.org,cn=applications,dc=kosmos,dc=org";)
--- a/schemas/ldap/delete-aci.ldif
+++ b/schemas/ldap/delete-aci.ldif
@@ -0,0 +1,4 @@
+dn: ou=kosmos.org,cn=users,dc=kosmos,dc=org
+changetype: modify
+delete: aci
+aci: (target="ldap:///cn=*,ou=kosmos.org,cn=users,dc=kosmos,dc=org")(targetattr="cn || sn || uid || mail || userPassword || nsRole || objectClass") (version 3.0; acl "service-kosmos-read-search"; allow (read,search) userdn="ldap:///uid=service,ou=kosmos.org,cn=applications,dc=kosmos,dc=org";)