xref: /netbsd-src/external/bsd/openldap/dist/tests/data/slapd-acl.conf (revision 4b71a66d0f279143147d63ebfcfd8a59499a3684) 
1# master slapd config -- for testing
2# $OpenLDAP: pkg/ldap/tests/data/slapd-acl.conf,v 1.71.2.5 2008/02/12 01:07:39 quanah Exp $
3## This work is part of OpenLDAP Software <http://www.openldap.org/>.
4##
5## Copyright 1998-2008 The OpenLDAP Foundation.
6## All rights reserved.
7##
8## Redistribution and use in source and binary forms, with or without
9## modification, are permitted only as authorized by the OpenLDAP
10## Public License.
11##
12## A copy of this license is available in the file LICENSE in the
13## top-level directory of the distribution or, alternatively, at
14## <http://www.OpenLDAP.org/license.html>.
15
16include		@SCHEMADIR@/core.schema
17include		@SCHEMADIR@/cosine.schema
18include		@SCHEMADIR@/inetorgperson.schema
19include		@SCHEMADIR@/openldap.schema
20include		@SCHEMADIR@/nis.schema
21pidfile		@TESTDIR@/slapd.1.pid
22argsfile	@TESTDIR@/slapd.1.args
23
24# global ACLs
25#
26# normal installations should protect root dse, cn=monitor, cn=subschema
27#
28
29access		to dn.exact="" attrs=objectClass
30		by users read
31access		to *
32		by * read
33
34#mod#modulepath	../servers/slapd/back-@BACKEND@/
35#mod#moduleload	back_@BACKEND@.la
36#monitormod#modulepath ../servers/slapd/back-monitor/
37#monitormod#moduleload back_monitor.la
38
39#######################################################################
40# database definitions
41#######################################################################
42
43database	@BACKEND@
44
45suffix		"dc=example,dc=com"
46directory	@TESTDIR@/db.1.a
47rootdn		"cn=Manager,dc=example,dc=com"
48rootpw		secret
49#bdb#index		objectClass	eq
50#bdb#index		cn,sn,uid	pres,eq,sub
51#hdb#index		objectClass	eq
52#hdb#index		cn,sn,uid	pres,eq,sub
53
54#access		to attrs=objectclass dn.subtree="dc=example,dc=com"
55access		to attrs=objectclass
56		by * =rsc stop
57
58#access		to filter="(objectclass=person)" attrs=userpassword dn.subtree="dc=example,dc=com"
59access		to filter="(objectclass=person)" attrs=userpassword
60		by anonymous auth
61		by self =wx
62
63access		to dn.exact="cn=Mark Elliot,ou=Alumni Association,ou=People,dc=example,dc=com"
64			attrs=cn val="Mark A Elliot"
65		by dn="cn=Barbara Jensen,ou=Information Technology Division,ou=People,dc=example,dc=com" read
66		by * break
67
68access		to dn.exact="cn=Mark Elliot,ou=Alumni Association,ou=People,dc=example,dc=com"
69			attrs=cn val="Mark Elliot"
70		by dn="cn=Bjorn Jensen,ou=Information Technology Division,ou=People,dc=example,dc=com" read
71		by * break
72
73access		to dn.exact="cn=Mark Elliot,ou=Alumni Association,ou=People,dc=example,dc=com"
74			attrs=cn
75		by * search
76
77access		to dn.exact="cn=John Doe,ou=Information Technology Division,ou=People,dc=example,dc=com"
78			attrs=cn val.regex="^John D.+"
79		by dn="cn=Barbara Jensen,ou=Information Technology Division,ou=People,dc=example,dc=com" read
80		by * break
81
82access		to dn.exact="cn=John Doe,ou=Information Technology Division,ou=People,dc=example,dc=com"
83			attrs=cn val.regex="^Jonath.+"
84		by dn="cn=Bjorn Jensen,ou=Information Technology Division,ou=People,dc=example,dc=com" read
85		by * break
86
87access		to dn.exact="cn=John Doe,ou=Information Technology Division,ou=People,dc=example,dc=com"
88			attrs=cn
89		by * search
90
91access		to dn.onelevel="ou=Information Technology Division,ou=People,dc=example,dc=com"
92			filter="(cn=*Jensen)"
93			attrs=cn val.regex=".*Jensen$"
94		by dn="cn=Barbara Jensen,ou=Information Technology Division,ou=People,dc=example,dc=com" read
95		by dn="cn=Bjorn Jensen,ou=Information Technology Division,ou=People,dc=example,dc=com" read
96		by * break
97
98access		to dn.exact="cn=Bjorn Jensen,ou=Information Technology Division,ou=People,dc=example,dc=com"
99			attrs=cn
100		by * search
101
102access		to dn.children="ou=Alumni Association,ou=People,dc=example,dc=com"
103		by dn.regex=".+,dc=example,dc=com" +c continue
104		by dn.subtree="dc=example,dc=com" +rs continue
105		by dn.children="dc=example,dc=com" +d continue
106		by * stop
107
108#access		to attrs=member,uniquemember dn.subtree="dc=example,dc=com"
109access		to attrs=member,uniquemember
110		by dn.exact="cn=James A Jones 1,ou=Alumni Association,ou=People,dc=example,dc=com" selfwrite
111		by dnattr=member selfwrite
112		by dnattr=uniquemember selfwrite
113		by * read
114
115#access		to attrs=member,uniquemember filter="(mail=*com)" dn.subtree="dc=example,dc=com"
116access		to attrs=member,uniquemember filter="(mail=*com)"
117		by * read
118
119#access		to filter="(|(objectclass=groupofnames)(objectClass=groupofuniquenames))" dn.subtree="dc=example,dc=com"
120access		to filter="(|(objectclass=groupofnames)(objectClass=groupofuniquenames))"
121		by dn.exact="cn=Bjorn Jensen,ou=Information Technology Division,ou=People,dc=example,dc=com" =sc continue
122		by dn.regex="^cn=Bjorn Jensen,ou=Information Technology Division,ou=People,dc=example,dc=com$" +rw stop
123		by * break
124
125access		to dn.children="ou=Information Technology Division,ou=People,dc=example,dc=com"
126		by group/groupOfUniqueNames/uniqueMember.exact="cn=ITD Staff,ou=Groups,dc=example,dc=com" write
127		by * read
128
129access		to dn.exact="cn=Alumni Assoc Staff,ou=Groups,dc=example,dc=com"
130		by set="[cn=Alumni Assoc Staff,ou=Groups,dc=example,dc=com]/member* & user" write
131		by * read
132
133#access		to filter="(name=X*Y*Z)" dn.subtree="dc=example,dc=com"
134access		to filter="(name=X*Y*Z)"
135		by * continue
136
137access		to dn.subtree="ou=Add & Delete,dc=example,dc=com"
138		by dn.exact="cn=Bjorn Jensen,ou=Information Technology Division,ou=People,dc=example,dc=com" add
139		by dn.exact="cn=Barbara Jensen,ou=Information Technology Division,ou=People,dc=example,dc=com" delete
140		by dn.exact="cn=James A Jones 1,ou=Alumni Association,ou=People,dc=example,dc=com" write
141		by * read
142
143# fall into global ACLs
144
145#monitor#database	monitor
146