index 5ab60813c62ac43ca2c8fcfff34c5a0dfea228e4..38ca72b5a6abc00f93916632dd59b7e99cc204b3 100644 (file)
access to dn.base=""
by * read
+access to dn.base="cn=Subschema"
+ by * read
access to dn.subtree=cn=Monitor
by * read
# changed by the entry owning it if they are authenticated.
# Others should not be able to see it, except the admin
# entry below
-access to attrs=userPassword,sambaPwdLastSet,sambaPwdMustChange,sambaPwdCanChange,shadowMax,shadowExpire
+access to attrs=userPassword,userPKCS12,sambaPwdLastSet,sambaPwdMustChange,sambaPwdCanChange,shadowMax,shadowExpire
by dn="cn=ldapadmin,dc=gonicus,dc=de" write
by dn.regex="uid=[^/]+/admin\+(realm=GONICUS.LOCAL)?" write
by anonymous auth
by self write
by * none
+access to attrs=shadowLastChange
+ by self write
+ by * read
# Deny access to imap/fax/kerberos admin passwords stored
# in ldap tree
index gosaMailAlternateAddress,gosaMailForwardingAddress eq
index cn,sn,givenName,ou pres,eq,sub
index objectClass pres,eq
-index uidNumber,gidNumber,memberuid eq
+index uidNumber,gidNumber,memberuid,macAddress eq
index gosaSubtreeACL,gosaObject,gosaUser pres,eq
# Indexing for Kolab