33 lines
1.3 KiB
Plaintext
33 lines
1.3 KiB
Plaintext
# users, kosmos.org
|
|
dn: cn=users,dc=kosmos,dc=org
|
|
objectClass: top
|
|
objectClass: organizationalRole
|
|
cn: users
|
|
|
|
# kosmos.org, users, kosmos.org
|
|
dn: ou=kosmos.org,cn=users,dc=kosmos,dc=org
|
|
objectClass: top
|
|
objectClass: organizationalUnit
|
|
description: Kosmos
|
|
ou: kosmos.org
|
|
aci: (target="ldap:///cn=*,ou=kosmos.org,cn=users,dc=kosmos,dc=org")(targetattr="cn || sn || uid || mail || userPassword || nsRole || objectClass") (version 3.0; acl "service-kosmos-read-search"; allow (read,search) userdn="ldap:///uid=service,ou=kosmos.org,cn=applications,dc=kosmos,dc=org";)
|
|
|
|
# 5apps.com, users, kosmos.org
|
|
dn: ou=5apps.com,cn=users,dc=kosmos,dc=org
|
|
objectClass: top
|
|
objectClass: organizationalUnit
|
|
description: 5apps
|
|
ou: 5apps.com
|
|
aci: (target="ldap:///cn=*,ou=5apps.com,cn=users,dc=kosmos,dc=org")(targetattr="cn || sn || uid || mail || userPassword || nsRole || objectClass") (version 3.0; acl "service-5apps-read-search"; allow (read,search) userdn="ldap:///uid=service,ou=5apps.com,cn=applications,dc=kosmos,dc=org";)
|
|
|
|
# admin role
|
|
dn: cn=admin_role,ou=kosmos.org,cn=users,dc=kosmos,dc=org
|
|
objectClass: top
|
|
objectClass: LDAPsubentry
|
|
objectClass: nsRoleDefinition
|
|
objectClass: nsComplexRoleDefinition
|
|
objectClass: nsFilteredRoleDefinition
|
|
cn: admin_role
|
|
nsRoleFilter: (&(objectclass=person)(admin=true))
|
|
description: filtered role for admins
|