X-Git-Url: https://git.sur5r.net/?a=blobdiff_plain;f=tests%2Fdata%2Fslapd-acl.conf;h=67bd76bd8ec31325a19046c78e7ef1715cdaf103;hb=8ce45fc80db194f7833d1009a7e3b855176d2f8a;hp=082fabf5d3dd793730733510546b42aa62f88e5b;hpb=33cccee62ab03ce1aa665e9643d14899b6ffb687;p=openldap diff --git a/tests/data/slapd-acl.conf b/tests/data/slapd-acl.conf index 082fabf5d3..67bd76bd8e 100644 --- a/tests/data/slapd-acl.conf +++ b/tests/data/slapd-acl.conf @@ -27,7 +27,7 @@ argsfile @TESTDIR@/slapd.1.args # normal installations should protect root dse, cn=monitor, cn=subschema # -access to dn.exact="" attr=objectClass +access to dn.exact="" attrs=objectClass by users read access to * by * read @@ -54,12 +54,12 @@ rootpw secret #ldbm#index objectClass eq #ldbm#index cn,sn,uid pres,eq,sub -#access to attr=objectclass dn.subtree="dc=example,dc=com" -access to attr=objectclass +#access to attrs=objectclass dn.subtree="dc=example,dc=com" +access to attrs=objectclass by * =rsc stop -#access to filter="(objectclass=person)" attr=userpassword dn.subtree="dc=example,dc=com" -access to filter="(objectclass=person)" attr=userpassword +#access to filter="(objectclass=person)" attrs=userpassword dn.subtree="dc=example,dc=com" +access to filter="(objectclass=person)" attrs=userpassword by anonymous auth by self =wx @@ -78,12 +78,12 @@ access to dn.exact="cn=Mark Elliot,ou=Alumni Association,ou=People,dc=example,d by * search access to dn.exact="cn=John Doe,ou=Information Technology Division,ou=People,dc=example,dc=com" - attrs=cn val.regex="^John D.*" + attrs=cn val.regex="^John D.+" by dn="cn=Barbara Jensen,ou=Information Technology Division,ou=People,dc=example,dc=com" read by * break access to dn.exact="cn=John Doe,ou=Information Technology Division,ou=People,dc=example,dc=com" - attrs=cn val.regex="^Jonath.*" + attrs=cn val.regex="^Jonath.+" by dn="cn=Bjorn Jensen,ou=Information Technology Division,ou=People,dc=example,dc=com" read by * break @@ -91,20 +91,31 @@ access to dn.exact="cn=John Doe,ou=Information Technology Division,ou=People,dc attrs=cn by * search +access to dn.onelevel="ou=Information Technology Division,ou=People,dc=example,dc=com" + filter="(cn=*Jensen)" + attrs=cn val.regex=".*Jensen$" + by dn="cn=Barbara Jensen,ou=Information Technology Division,ou=People,dc=example,dc=com" read + by dn="cn=Bjorn Jensen,ou=Information Technology Division,ou=People,dc=example,dc=com" read + by * break + +access to dn.exact="cn=Bjorn Jensen,ou=Information Technology Division,ou=People,dc=example,dc=com" + attrs=cn + by * search + access to dn.children="ou=Alumni Association,ou=People,dc=example,dc=com" by dn.regex=".+,dc=example,dc=com" +c continue by dn.subtree="dc=example,dc=com" +rs continue by dn.children="dc=example,dc=com" +d continue by * stop -#access to attr=member,uniquemember dn.subtree="dc=example,dc=com" -access to attr=member,uniquemember +#access to attrs=member,uniquemember dn.subtree="dc=example,dc=com" +access to attrs=member,uniquemember by dnattr=member selfwrite by dnattr=uniquemember selfwrite by * read -#access to attr=member,uniquemember filter="(mail=*com)" dn.subtree="dc=example,dc=com" -access to attr=member,uniquemember filter="(mail=*com)" +#access to attrs=member,uniquemember filter="(mail=*com)" dn.subtree="dc=example,dc=com" +access to attrs=member,uniquemember filter="(mail=*com)" by * read #access to filter="(|(objectclass=groupofnames)(objectClass=groupofuniquenames))" dn.subtree="dc=example,dc=com"