# $OpenLDAP: pkg/ldap/tests/data/slapd-acl.conf,v 1.38.2.4 2003/02/24 16:16:54 kurt Exp $ # # master slapd config -- for testing # ucdata-path ./ucdata include ./schema/core.schema include ./schema/cosine.schema include ./schema/inetorgperson.schema include ./schema/openldap.schema pidfile ./test-db/slapd.pid argsfile ./test-db/slapd.args # global ACLs access to dn.base="" attr=objectClass by users read access to * by * read ####################################################################### # ldbm database definitions ####################################################################### database @BACKEND@ #ldbm#cachesize 0 suffix "o=University of Michigan,c=US" directory ./test-db rootdn "cn=Manager,o=University of Michigan,c=US" rootpw secret #ldbm#index objectClass eq #ldbm#index cn,sn,uid pres,eq,sub #bdb#index objectClass eq #bdb#index cn,sn,uid pres,eq,sub # # normal installations should protect root dse, cn=monitor, cn=subschema # access to dn="" by * read access to dn.base="" by * read access to attr=objectclass by * =rsc stop access to filter="(objectclass=person)" attr=userpassword by anonymous auth by self write access to dn.children="ou=Alumni Association,ou=People,o=University of Michigan,c=US" by dn.regex=".+,o=University of Michigan,c=US" +c continue by dn.subtree="o=University of Michigan,c=US" +rs continue by * stop access to attr=member by dnattr=member selfwrite by * read access to attr=member filter=(mail=*edu) by * read access to filter="(objectclass=groupofnames)" by dn.base="cn=Bjorn Jensen,ou=Information Technology Division,ou=People,o=University of Michigan,c=US" =sc continue by dn="^cn=Bjorn Jensen,ou=Information Technology Division,ou=People,o=University of Michigan,c=US$" +rw stop by * break access to dn.children="ou=Information Technology Division,ou=People,o=University of Michigan,c=US" by group.exact="cn=ITD Staff,ou=Groups,o=University of Michigan,c=US" write by * read access to filter="(name=X*Y*Z)" by * continue # fall into global ACLs