66 lines
2.4 KiB
Plaintext
66 lines
2.4 KiB
Plaintext
version: 1
|
|
|
|
dn: dc=domain,dc=example,dc=com
|
|
objectclass: top
|
|
objectclass: domain
|
|
administrativeRole: accessControlSpecificArea
|
|
dc: domain
|
|
|
|
dn: cn=domainAuthenticationRequirementsACISubentry,dc=domain,dc=example,dc=com
|
|
objectClass: accessControlSubentry
|
|
objectClass: subentry
|
|
objectClass: top
|
|
subtreeSpecification: { }
|
|
prescriptiveACI: { identificationTag "subtreeFullAccessACI", precedence 11, authenticationLevel simple, itemOrUserFirst userFirst: { userClasses { name { "uid=application,ou=bind,dc=domain,dc=example,dc=com" } }, userPermissions { { protectedItems { entry, allUserAttributeTypesAndValues }, grantsAndDenials { grantCompare, grantBrowse, grantRename, grantRemove, grantAdd, grantRead, grantFilterMatch, grantReturnDN, grantModify } } } } }
|
|
prescriptiveACI: { identificationTag "allUsersACI", precedence 9, authenticationLevel none, itemOrUserFirst userFirst: { userClasses { allUsers }, userPermissions { { protectedItems { attributeType { userPassword } }, grantsAndDenials { denyRead, denyFilterMatch, denyCompare } }, { protectedItems { entry, allUserAttributeTypesAndValues }, grantsAndDenials { grantCompare, grantBrowse,grantDiscloseOnError, grantRead, grantFilterMatch, grantReturnDN } } } } }
|
|
cn: domainAuthenticationRequirementsACISubentry
|
|
|
|
dn: ou=groups,dc=domain,dc=example,dc=com
|
|
objectClass: top
|
|
objectClass: organizationalUnit
|
|
ou: groups
|
|
|
|
dn: ou=users,dc=domain,dc=example,dc=com
|
|
objectClass: top
|
|
objectClass: organizationalUnit
|
|
ou: users
|
|
|
|
dn: ou=bind,dc=domain,dc=example,dc=com
|
|
objectClass: top
|
|
objectClass: organizationalUnit
|
|
ou: bind
|
|
|
|
dn: uid=admin,ou=users,dc=domain,dc=example,dc=com
|
|
objectClass: top
|
|
objectClass: inetOrgPerson
|
|
objectClass: person
|
|
objectClass: organizationalPerson
|
|
cn: system administrator
|
|
sn: administrator
|
|
displayName: Directory Superuser
|
|
uid: admin
|
|
userPassword: admin-secret
|
|
|
|
dn: cn=login,ou=groups,dc=domain,dc=example,dc=com
|
|
objectClass: top
|
|
objectClass: groupOfUniqueNames
|
|
cn: login
|
|
uniqueMember: uid=admin,ou=users,dc=domain,dc=example,dc=com
|
|
|
|
dn: cn=admins,ou=groups,dc=domain,dc=example,dc=com
|
|
objectClass: top
|
|
objectClass: groupOfUniqueNames
|
|
cn: admins
|
|
uniqueMember: uid=admin,ou=users,dc=domain,dc=example,dc=com
|
|
|
|
dn: uid=application,ou=bind,dc=domain,dc=example,dc=com
|
|
objectClass: top
|
|
objectClass: inetOrgPerson
|
|
objectClass: person
|
|
objectClass: organizationalPerson
|
|
cn: application bind user
|
|
sn: administrator
|
|
displayName: Application User
|
|
uid: application
|
|
userPassword: app-secret
|