From 43de9af71f7f4ca5731b94a06d688ae8412ba427 Mon Sep 17 00:00:00 2001
From: M.Gergo
Date: Fri, 6 Jul 2018 11:14:41 +0200
Subject: 2018/Feb/28 -i állapot hozzáadva, mint a módosítások kiindulási
 állapota

---
 .../install/base/ldap/access-control/mayor.acl     | 97 ++++++++++++++++++++++
 1 file changed, 97 insertions(+)
 create mode 100644 mayor-orig/install/base/ldap/access-control/mayor.acl

(limited to 'mayor-orig/install/base/ldap/access-control')

diff --git a/mayor-orig/install/base/ldap/access-control/mayor.acl b/mayor-orig/install/base/ldap/access-control/mayor.acl
new file mode 100644
index 00000000..abc5b4d5
--- /dev/null
+++ b/mayor-orig/install/base/ldap/access-control/mayor.acl
@@ -0,0 +1,97 @@
+#
+# Jelszó változtatás
+#
+
+access to dn.subtree="ou=diak,%BASEDN%"
+    attrs=userPassword
+        by anonymous auth
+        by self write
+	by group/mayorGroup/member="cn=useradmin,ou=Groups,%BASEDN%" write
+        by group/mayorGroup/member="cn=diakadmin,ou=Groups,%BASEDN%" write
+        by * none
+
+access to attrs=userPassword
+    by anonymous auth
+    by self write
+    by group/mayorGroup/member="cn=useradmin,ou=Groups,%BASEDN%" write
+    by * none
+
+
+access to dn.subtree="ou=diak,%BASEDN%"
+    attrs=shadowLastChange,shadowExpire
+        by anonymous read
+        by self write
+	by group/mayorGroup/member="cn=useradmin,ou=Groups,%BASEDN%" write
+        by group/mayorGroup/member="cn=diakadmin,ou=Groups,%BASEDN%" write
+        by * read
+
+access to attrs=shadowLastChange,shadowExpire
+    by anonymous read
+    by self write
+    by group/mayorGroup/member="cn=useradmin,ou=Groups,%BASEDN%" write
+    by * read
+
+#
+# Személyes adatok
+#
+
+# A session nyitáshoz szükséges adatoknak publikusan olvashatónak kell lennie (shadow, studyId)
+
+access to dn.subtree="ou=diak,%BASEDN%"
+    attrs=mail
+        by self write
+        by group/mayorGroup/member="cn=useradmin,ou=Groups,%BASEDN%" write
+        by group/mayorGroup/member="cn=diakadmin,ou=Groups,%BASEDN%" write
+        by * read
+
+access to dn.subtree="ou=diak,%BASEDN%"
+    attrs=telephonenumber,mobile
+        by self write
+        by group/mayorGroup/member="cn=useradmin,ou=Groups,%BASEDN%" write
+        by group/mayorGroup/member="cn=diakadmin,ou=Groups,%BASEDN%" write
+        by users read
+        by * none
+
+access to dn.subtree="ou=diak,%BASEDN%"
+    attrs=cn,studyId
+        by group/mayorGroup/member="cn=useradmin,ou=Groups,%BASEDN%" write
+        by group/mayorGroup/member="cn=diakadmin,ou=Groups,%BASEDN%" write
+        by * read
+
+access to dn.subtree="ou=diak,%BASEDN%"
+    attrs=l,street,postaladdress,postalcode
+        by group/mayorGroup/member="cn=useradmin,ou=Groups,%BASEDN%" write
+        by group/mayorGroup/member="cn=diakadmin,ou=Groups,%BASEDN%" write
+        by users read
+        by * none
+
+# ******************************************************************* #
+
+access to attrs=mail
+        by self write
+        by group/mayorGroup/member="cn=useradmin,ou=Groups,%BASEDN%" write
+        by * read
+
+access to attrs=telephonenumber,mobile
+        by self write
+        by group/mayorGroup/member="cn=useradmin,ou=Groups,%BASEDN%" write
+        by users read
+        by * none
+
+access to attrs=cn,studyId
+        by group/mayorGroup/member="cn=useradmin,ou=Groups,%BASEDN%" write
+        by * read
+
+access to attrs=l,street,postaladdress,postalcode
+        by group/mayorGroup/member="cn=useradmin,ou=Groups,%BASEDN%" write
+        by users read
+        by * none
+
+#
+# Alapértelmezett
+#
+
+access to *
+        by group/mayorGroup/member="cn=useradmin,ou=Groups,%BASEDN%" write
+        by anonymous read
+        by * read
-- 
cgit v1.2.3