2
# BEGIN COPYRIGHT BLOCK
3
# This Program is free software; you can redistribute it and/or modify it under
4
# the terms of the GNU General Public License as published by the Free Software
5
# Foundation; version 2 of the License.
7
# This Program is distributed in the hope that it will be useful, but WITHOUT
8
# ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or FITNESS
9
# FOR A PARTICULAR PURPOSE. See the GNU General Public License for more details.
11
# You should have received a copy of the GNU General Public License along with
12
# this Program; if not, write to the Free Software Foundation, Inc., 59 Temple
13
# Place, Suite 330, Boston, MA 02111-1307 USA.
15
# In addition, as a special exception, Red Hat, Inc. gives You the additional
16
# right to link the code of this Program with code not covered under the GNU
17
# General Public License ("Non-GPL Code") and to distribute linked combinations
18
# including the two, subject to the limitations in this paragraph. Non-GPL Code
19
# permitted under this exception must only link to the code of this Program
20
# through those well defined interfaces identified in the file named EXCEPTION
21
# found in the source code files (the "Approved Interfaces"). The files of
22
# Non-GPL Code may instantiate templates or use macros or inline functions from
23
# the Approved Interfaces without causing the resulting work to be covered by
24
# the GNU General Public License. Only Red Hat, Inc. may make changes or
25
# additions to the list of Approved Interfaces. You must obey the GNU General
26
# Public License in all respects for all of the Program code and other code used
27
# in conjunction with the Program except the Non-GPL Code covered by this
28
# exception. If you modify this file, you may extend this exception to your
29
# version of the file, but you are not obligated to do so. If you do not wish to
30
# provide this exception without modification, you must delete this exception
31
# statement from your version and license this file solely under the GPL without
35
# Copyright (C) 2001 Sun Microsystems, Inc. Used by permission.
36
# Copyright (C) 2005 Red Hat, Inc.
37
# All rights reserved.
41
# Note: %rootdn% (Directory Manager) has all rights on every entry by nature.
42
# Thus, it is not needed to give any acis. This template has several
43
# groupOfUniqueNames objects which MUST have uniqueMember. At this moment,
44
# there is no entry which could be a uniqueMember. Just to satisfy the
45
# objectclass, set %rootdn% to uniqueMember of the objectclass.
50
aci: (targetattr ="*")(version 3.0;
51
acl "Directory Administrators Group";allow (all) (groupdn = "ldap:///
52
cn=Directory Administrators, %ds_suffix%");)
54
dn: cn=Directory Administrators, %ds_suffix%
56
objectClass: groupofuniquenames
57
cn: Directory Administrators
58
uniqueMember: %rootdn%
60
dn: ou=Groups, %ds_suffix%
62
objectclass: organizationalunit
65
dn: ou=People, %ds_suffix%
67
objectclass: organizationalunit
69
aci: (targetattr ="userpassword || te
70
lephonenumber || facsimiletelephonenumber")(version 3.0;acl "Allow self entry
71
modification";allow (write)(userdn = "ldap:///self");)
72
aci: (targetattr !="cn || sn || uid")(t
73
argetfilter ="(ou=Accounting)")(version 3.0;acl "Accounting Managers G
74
roup Permissions";allow (write)(groupdn = "ldap:///cn=Accounting Managers,ou
75
=groups,%ds_suffix%");)
76
aci: (targetattr !="cn || sn || uid")(t
77
argetfilter ="(ou=Human Resources)")(version 3.0;acl "HR Group Permiss
78
ions";allow (write)(groupdn = "ldap:///cn=HR Managers,ou=groups,%ds_suffix%
80
aci: (targetattr !="cn ||sn || uid")(t
81
argetfilter ="(ou=Product Testing)")(version 3.0;acl "QA Group Permiss
82
ions";allow (write)(groupdn = "ldap:///cn=QA Managers,ou=groups,%ds_suffix%
84
aci: (targetattr !="cn || sn || uid")(t
85
argetfilter ="(ou=Product Development)")(version 3.0;acl "Engineering
86
Group Permissions";allow (write)(groupdn = "ldap:///cn=PD Managers,ou=groups
89
dn: ou=Special Users,%ds_suffix%
91
objectclass: organizationalUnit
93
description: Special Administrative Accounts
95
dn: cn=Accounting Managers,ou=groups,%ds_suffix%
97
objectclass: groupOfUniqueNames
98
cn: Accounting Managers
100
description: People who can manage accounting entries
101
uniqueMember: %rootdn%
103
dn: cn=HR Managers,ou=groups,%ds_suffix%
105
objectclass: groupOfUniqueNames
108
description: People who can manage HR entries
109
uniqueMember: %rootdn%
111
dn: cn=QA Managers,ou=groups,%ds_suffix%
113
objectclass: groupOfUniqueNames
116
description: People who can manage QA entries
117
uniqueMember: %rootdn%
119
dn: cn=PD Managers,ou=groups,%ds_suffix%
121
objectclass: groupOfUniqueNames
124
description: People who can manage engineer entries
125
uniqueMember: %rootdn%