fcf6ed51f2
rewrite bindrequest handling (reuse lookupdn) update acl filter cache when bind succeeds handle authenticating against a record in the journal
11 lines
339 B
Plaintext
11 lines
339 B
Plaintext
# root@fefe.de can do everything
|
|
acl (dn=cn=root,o=fefe,c=de) * * +rwdR;
|
|
# noone can read userPassword
|
|
acl * * userPassword -r;
|
|
# but everyone can authenticate using it
|
|
acl * self * +a;
|
|
# admins at fefe.de can write in their tree
|
|
acl (dn=*ou=admin,d=fefe,c=de) (dn=*,d=fefe,c=de) * +rwdR;
|
|
# everyone can read everything else
|
|
acl * * * +r;
|