aboutsummaryrefslogtreecommitdiffstats
path: root/ldap/acl.ldif
diff options
context:
space:
mode:
authorGuilhem Moulin <guilhem.moulin@fripost.org>2013-01-21 18:11:27 +0100
committerGuilhem Moulin <guilhem.moulin@fripost.org>2013-01-21 18:11:27 +0100
commit192be467f1d05e5e148481c5497444ffc97603eb (patch)
treed0362e606569f7b699c10f64313ea15b1f6da4cc /ldap/acl.ldif
parent4697625becadbd2d3eea9feb3eaacd2bf91ecdd4 (diff)
Everyone can check for the absence of the 'pending' status.
Diffstat (limited to 'ldap/acl.ldif')
-rw-r--r--ldap/acl.ldif12
1 files changed, 9 insertions, 3 deletions
diff --git a/ldap/acl.ldif b/ldap/acl.ldif
index ce2aa4c..4cf7e10 100644
--- a/ldap/acl.ldif
+++ b/ldap/acl.ldif
@@ -116,8 +116,14 @@ olcAccess: to dn.base="ou=virtual,o=mailHosting,dc=fripost,dc=dev"
olcAccess: to dn.regex="^(fvu|fva|fvl)=(postmaster|abuse),fvd=[^,]+,ou=virtual,o=mailHosting,dc=fripost,dc=dev$"
by * =0
#
-# Only the domain Postmasters and Owners can read and search the unlock token and
-# delete the 'pending' status.
+# Everyone can check for the non-presence of the 'pending' status.
+olcAccess: to dn.regex="^fvd=[^,]+,ou=virtual,o=mailHosting,dc=fripost,dc=dev$"
+ filter=(&(objectClass=FripostVirtualDomain)(!(fripostPendingToken=*)))
+ attrs=fripostPendingToken
+ by dn.regex="^fvu=[^,]+,fvd=[^,]+,ou=virtual,o=mailHosting,dc=fripost,dc=dev$" =s
+#
+# Only the domain Postmasters and Owners can search the unlock token and delete the
+# 'pending' status (but not read).
olcAccess: to dn.regex="^fvd=[^,]+,ou=virtual,o=mailHosting,dc=fripost,dc=dev$"
filter=(objectClass=FripostVirtualDomain)
attrs=fripostPendingToken
@@ -175,7 +181,7 @@ olcAccess: to dn.regex="^fvd=[^,]+,ou=virtual,o=mailHosting,dc=fripost,dc=dev$"
by dnattr=fripostPostmaster =wrscd
by dn.regex="^fvu=[^,]+,fvd=[^,]+,ou=virtual,o=mailHosting,dc=fripost,dc=dev$" +0
#
-# Every one can add or delete children, but we will be carefull with the
+# Everyone can add or delete children, but we will be carefull with the
# kid's "entry" attribute, which require +a and +z to add and delete
# respectively.
olcAccess: to dn.regex="^fvd=[^,]+,ou=virtual,o=mailHosting,dc=fripost,dc=dev$"