summaryrefslogtreecommitdiffstats
path: root/install/share/delegation.ldif
diff options
context:
space:
mode:
Diffstat (limited to 'install/share/delegation.ldif')
-rw-r--r--install/share/delegation.ldif5
1 files changed, 5 insertions, 0 deletions
diff --git a/install/share/delegation.ldif b/install/share/delegation.ldif
index 79b5159da..9a96365d5 100644
--- a/install/share/delegation.ldif
+++ b/install/share/delegation.ldif
@@ -558,6 +558,11 @@ aci: (targetattr = "usercertificate")(target = "ldap:///krbprincipalname=*,cn=se
dn: $SUFFIX
changetype: modify
add: aci
+aci: (targetattr = "*")(target = "ldap:///cn=*,cn=roles,cn=accounts,$SUFFIX")(version 3.0; acl "No anonymous access to roles"; deny (read,search,compare) userdn != "ldap:///all";)
+
+dn: $SUFFIX
+changetype: modify
+add: aci
aci: (target = "ldap:///cn=*,cn=roles,cn=accounts,$SUFFIX")(version 3.0;acl "Add Roles";allow (add) groupdn = "ldap:///cn=addroles,cn=permissions,cn=pbac,$SUFFIX";)
aci: (target = "ldap:///cn=*,cn=roles,cn=accounts,$SUFFIX")(version 3.0;acl "Remove Roles";allow (delete) groupdn = "ldap:///cn=removeroles,cn=permissions,cn=pbac,$SUFFIX";)
aci: (targetattr = "cn || description")(target = "ldap:///cn=*,cn=roles,cn=accounts,$SUFFIX")(version 3.0; acl "Modify Roles";allow (write) groupdn = "ldap:///cn=modifyroles,cn=permissions,cn=pbac,$SUFFIX";)
generated by cgit (git 2.34.1) at 2024-11-12 05:36:49 +0000