# $OpenLDAP: pkg/ldap/tests/data/slapd-acl.conf,v 1.38 2002/01/14 02:42:24 kurt Exp $ # # master slapd config -- for testing # ucdata-path ./ucdata include ./schema/core.schema include ./schema/cosine.schema include ./schema/inetorgperson.schema include ./schema/openldap.schema schemacheck off pidfile ./test-db/slapd.pid argsfile ./test-db/slapd.args # global ACLs access to dn.base="" attr=objectClass by users read access to * by * read ####################################################################### # ldbm database definitions ####################################################################### database @BACKEND@ #ldbm#cachesize 0 suffix "o=University of Michigan,c=US" directory ./test-db rootdn "cn=Manager,o=University of Michigan,c=US" rootpw secret #ldbm#index objectClass eq #ldbm#index cn,sn,uid pres,eq,sub #bdb#index objectClass eq #bdb#index cn,sn,uid pres,eq,sub # # normal installations should protect root dse, # cn=monitor, cn=schema, and cn=config # access to attr=objectclass by * =rsc stop access to filter="(objectclass=person)" attr=userpassword by anonymous auth by self write access to dn.children="ou=Alumni Association,ou=People,o=University of Michigan,c=US" by dn.regex=".+,o=University of Michigan,c=US" +c continue by dn.subtree="o=University of Michigan,c=US" +rs continue by * stop access to attr=member by dnattr=member selfwrite by * read access to filter="(objectclass=groupofnames)" by dn.base="cn=Bjorn Jensen,ou=Information Technology Division,ou=People,o=University of Michigan,c=US" =sc continue by dn="^cn=Bjorn Jensen,ou=Information Technology Division,ou=People,o=University of Michigan,c=US$" +rw stop by * break # fall into global ACLs