Apq
/
389-ds-base
mirror of https://github.com/389ds/389-ds-base.git


			
				
					
						
						
							123456789101112131415161718192021222324252627282930313233343536373839404142434445464748495051525354555657585960616263646566676869707172737475767778798081828384858687888990919293949596979899100101102103104105106107108109110111112113114115116117118119120121122123124125
							#
# BEGIN COPYRIGHT BLOCK
# This Program is free software; you can redistribute it and/or modify it under
# the terms of the GNU General Public License as published by the Free Software
# Foundation; version 2 of the License.
# 
# This Program is distributed in the hope that it will be useful, but WITHOUT
# ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or FITNESS
# FOR A PARTICULAR PURPOSE. See the GNU General Public License for more details.
# 
# You should have received a copy of the GNU General Public License along with
# this Program; if not, write to the Free Software Foundation, Inc., 59 Temple
# Place, Suite 330, Boston, MA 02111-1307 USA.
# 
# In addition, as a special exception, Red Hat, Inc. gives You the additional
# right to link the code of this Program with code not covered under the GNU
# General Public License ("Non-GPL Code") and to distribute linked combinations
# including the two, subject to the limitations in this paragraph. Non-GPL Code
# permitted under this exception must only link to the code of this Program
# through those well defined interfaces identified in the file named EXCEPTION
# found in the source code files (the "Approved Interfaces"). The files of
# Non-GPL Code may instantiate templates or use macros or inline functions from
# the Approved Interfaces without causing the resulting work to be covered by
# the GNU General Public License. Only Red Hat, Inc. may make changes or
# additions to the list of Approved Interfaces. You must obey the GNU General
# Public License in all respects for all of the Program code and other code used
# in conjunction with the Program except the Non-GPL Code covered by this
# exception. If you modify this file, you may extend this exception to your
# version of the file, but you are not obligated to do so. If you do not wish to
# provide this exception without modification, you must delete this exception
# statement from your version and license this file solely under the GPL without
# exception. 
# 
# 
# Copyright (C) 2001 Sun Microsystems, Inc. Used by permission.
# Copyright (C) 2005 Red Hat, Inc.
# All rights reserved.
# END COPYRIGHT BLOCK
#
#
# Note: %rootdn% (Directory Manager) has all rights on every entry by nature.  
# Thus, it is not needed to give any acis.  This template has several 
# groupOfUniqueNames objects which MUST have uniqueMember.  At this moment,
# there is no entry which could be a uniqueMember.  Just to satisfy the 
# objectclass, set %rootdn% to uniqueMember of the objectclass.
#
dn: %ds_suffix%
changetype: modify
add: aci
aci: (targetattr ="*")(version 3.0;
 acl "Directory Administrators Group";allow (all) (groupdn = "ldap:///
 cn=Directory Administrators, %ds_suffix%");)

dn: cn=Directory Administrators, %ds_suffix%
objectClass: top
objectClass: groupofuniquenames
cn: Directory Administrators
uniqueMember: %rootdn%

dn: ou=Groups, %ds_suffix%
objectclass: top
objectclass: organizationalunit
ou: Groups

dn: ou=People, %ds_suffix%
objectclass: top
objectclass: organizationalunit
ou: People
aci: (targetattr ="userpassword || te
 lephonenumber || facsimiletelephonenumber")(version 3.0;acl "Allow self entry 
 modification";allow (write)(userdn = "ldap:///self");)
aci: (targetattr !="cn || sn || uid")(t
 argetfilter ="(ou=Accounting)")(version 3.0;acl "Accounting Managers G
 roup Permissions";allow (write)(groupdn = "ldap:///cn=Accounting Managers,ou
 =groups,%ds_suffix%");)
aci: (targetattr !="cn || sn || uid")(t
 argetfilter ="(ou=Human Resources)")(version 3.0;acl "HR Group Permiss
 ions";allow (write)(groupdn = "ldap:///cn=HR Managers,ou=groups,%ds_suffix%
 ");)
aci: (targetattr !="cn ||sn || uid")(t
 argetfilter ="(ou=Product Testing)")(version 3.0;acl "QA Group Permiss
 ions";allow (write)(groupdn = "ldap:///cn=QA Managers,ou=groups,%ds_suffix%
 ");)
aci: (targetattr !="cn || sn || uid")(t
 argetfilter ="(ou=Product Development)")(version 3.0;acl "Engineering 
 Group Permissions";allow (write)(groupdn = "ldap:///cn=PD Managers,ou=groups
 ,%ds_suffix%");)

dn: ou=Special Users,%ds_suffix%
objectclass: top
objectclass: organizationalUnit
ou: Special Users
description: Special Administrative Accounts

dn: cn=Accounting Managers,ou=groups,%ds_suffix%
objectclass: top
objectclass: groupOfUniqueNames
cn: Accounting Managers
ou: groups
description: People who can manage accounting entries
uniqueMember: %rootdn%

dn: cn=HR Managers,ou=groups,%ds_suffix%
objectclass: top
objectclass: groupOfUniqueNames
cn: HR Managers
ou: groups
description: People who can manage HR entries
uniqueMember: %rootdn%

dn: cn=QA Managers,ou=groups,%ds_suffix%
objectclass: top
objectclass: groupOfUniqueNames
cn: QA Managers
ou: groups
description: People who can manage QA entries
uniqueMember: %rootdn%

dn: cn=PD Managers,ou=groups,%ds_suffix%
objectclass: top
objectclass: groupOfUniqueNames
cn: PD Managers
ou: groups
description: People who can manage engineer entries
uniqueMember: %rootdn%