Sophie

Sophie

distrib > Mandriva > current > x86_64 > media > contrib-testing > by-pkgid > 95399aa8541db3e5b11ac6449466d5cf > files > 23

egroupware-1.8.001.20101201-1mdv2010.1.noarch.rpm

#######################################################################
#
# Access to accounts
#
#######################################################################

# only the user itself, the global admin, and the domain admin can
# modify user passwords
# required for authentication and changing password as user and admin
access to dn.regex="^uid=([^,]+),ou=accounts,ou=([^,]+),dc=localdomain$"
	attrs=userPassword,userPKCS12
	by dn.exact,expand="cn=egwadmin,ou=$2,dc=localdomain" write
	by anonymous auth
	by self write
	by * none

# allow admins to add new accounts to the tree
access to dn.regex="^ou=accounts,ou=([^,]+),dc=localdomain$"
	attrs=children
	by dn.exact,expand="cn=egwadmin,ou=$1,dc=localdomain" write
	by * none

# allow users readonly access to accounts in their own domain
# access is limited to attributes of objectclass inetOrgPerson,mozillaAbPersonAlpha and evolutionPerson
# used to display accounts in the addressbook
access to dn.regex="ou=accounts,ou=([^,]+),dc=localdomain$"
	attrs=entry,@inetOrgPerson,@mozillaAbPersonAlpha,@evolutionPerson
	by dn.children,expand="ou=accounts,ou=$1,dc=localdomain" read
	by users none break
	by * none

# allow admin account access to accounts in their own domain
# used to modify and add new accounts
access to dn.regex="ou=accounts,ou=([^,]+),dc=localdomain$"
	attrs=entry,@inetOrgPerson,@mozillaAbPersonAlpha,@evolutionPerson,@dbmailUser,@shadowAccount
	by dn.exact,expand="cn=egwadmin,ou=$1,dc=localdomain" write
	by * none


#######################################################################
#
# Access to groups
#
#######################################################################


# allow admins to add new groups to the tree
access to dn.regex="^ou=groups,ou=([^,]+),dc=localdomain$"
	attrs=children
	by dn.exact,expand="cn=egwadmin,ou=$1,dc=localdomain" write
	by * none

# allow admin account access to groups in their own domain
# used to modify and add new groups
access to dn.regex="^cn=([^,]+),ou=groups,ou=([^,]+),dc=localdomain$"
	attrs=entry,@posixGroup,@groupOfNames
	by dn.exact,expand="cn=egwadmin,ou=$2,dc=localdomain" write
	by * none


#######################################################################
#
# Access to personal addressbooks
#
#######################################################################

# allow admins to add new personal addressbooks to the tree
access to dn.regex="^ou=personal,ou=contacts,ou=([^,]+),dc=localdomain$"
	attrs=children
	by dn.exact,expand="cn=egwadmin,ou=$1,dc=localdomain" write
	by * none

# allow admins to add new personal addressbooks
# user can read the addressbooks only
access to dn.regex="^cn=([^,]+),ou=personal,ou=contacts,ou=([^,]+),dc=localdomain$"
	attrs=entry
	by dn.exact,expand="uid=$1,ou=accounts,ou=$2,dc=localdomain" read
	by dn.exact,expand="cn=egwadmin,ou=$2,dc=localdomain" write
	by * none

# allow user and egwadmin to manage personal addressbook entries
access to dn.regex="cn=([^,]+),ou=personal,ou=contacts,ou=([^,]+),dc=localdomain$"
	by dn.exact,expand="uid=$1,ou=accounts,ou=$2,dc=localdomain" write
	by dn.exact,expand="cn=egwadmin,ou=$2,dc=localdomain" write
	by * none

#######################################################################
#
# Access to group addressbooks
#
#######################################################################

# allow admins to add new group addressbooks to the tree
access to dn.regex="^ou=shared,ou=contacts,ou=([^,]+),dc=localdomain$"
	attrs=children
	by dn.exact,expand="cn=egwadmin,ou=$1,dc=localdomain" write
	by users none

# allow admins to add new group addressbooks
# groupmembers can read the addressbooks only
access to dn.regex="^cn=([^,]+),ou=shared,ou=contacts,ou=([^,]+),dc=localdomain$"
	attrs=entry
	by group.expand="cn=$1,ou=groups,ou=$2,dc=localdomain" read
	by dn.exact,expand="cn=egwadmin,ou=$2,dc=localdomain" write
	by * none

# allow groups and egwadmin to manage group addressbook entries
#	by group.expand="cn=$1,ou=groups,ou=$2,dc=localdomain" peername=127.0.0.1 write
access to dn.regex="cn=([^,]+),ou=shared,ou=contacts,ou=([^,]+),dc=localdomain$"
	by group.expand="cn=$1,ou=groups,ou=$2,dc=localdomain" write
	by dn.exact,expand="cn=egwadmin,ou=$2,dc=localdomain" write
	by * none

Perl :: Catalyst :: PostgreSQL :: RPM Valid HTML 4.01 Transitional