diff options
author | Guilhem Moulin <guilhem.moulin@fripost.org> | 2013-01-21 18:11:27 +0100 |
---|---|---|
committer | Guilhem Moulin <guilhem.moulin@fripost.org> | 2013-01-21 18:11:27 +0100 |
commit | 192be467f1d05e5e148481c5497444ffc97603eb (patch) | |
tree | d0362e606569f7b699c10f64313ea15b1f6da4cc /ldap/acl.ldif | |
parent | 4697625becadbd2d3eea9feb3eaacd2bf91ecdd4 (diff) |
Everyone can check for the absence of the 'pending' status.
Diffstat (limited to 'ldap/acl.ldif')
-rw-r--r-- | ldap/acl.ldif | 12 |
1 files changed, 9 insertions, 3 deletions
diff --git a/ldap/acl.ldif b/ldap/acl.ldif index ce2aa4c..4cf7e10 100644 --- a/ldap/acl.ldif +++ b/ldap/acl.ldif @@ -116,8 +116,14 @@ olcAccess: to dn.base="ou=virtual,o=mailHosting,dc=fripost,dc=dev" olcAccess: to dn.regex="^(fvu|fva|fvl)=(postmaster|abuse),fvd=[^,]+,ou=virtual,o=mailHosting,dc=fripost,dc=dev$" by * =0 # -# Only the domain Postmasters and Owners can read and search the unlock token and -# delete the 'pending' status. +# Everyone can check for the non-presence of the 'pending' status. +olcAccess: to dn.regex="^fvd=[^,]+,ou=virtual,o=mailHosting,dc=fripost,dc=dev$" + filter=(&(objectClass=FripostVirtualDomain)(!(fripostPendingToken=*))) + attrs=fripostPendingToken + by dn.regex="^fvu=[^,]+,fvd=[^,]+,ou=virtual,o=mailHosting,dc=fripost,dc=dev$" =s +# +# Only the domain Postmasters and Owners can search the unlock token and delete the +# 'pending' status (but not read). olcAccess: to dn.regex="^fvd=[^,]+,ou=virtual,o=mailHosting,dc=fripost,dc=dev$" filter=(objectClass=FripostVirtualDomain) attrs=fripostPendingToken @@ -175,7 +181,7 @@ olcAccess: to dn.regex="^fvd=[^,]+,ou=virtual,o=mailHosting,dc=fripost,dc=dev$" by dnattr=fripostPostmaster =wrscd by dn.regex="^fvu=[^,]+,fvd=[^,]+,ou=virtual,o=mailHosting,dc=fripost,dc=dev$" +0 # -# Every one can add or delete children, but we will be carefull with the +# Everyone can add or delete children, but we will be carefull with the # kid's "entry" attribute, which require +a and +z to add and delete # respectively. olcAccess: to dn.regex="^fvd=[^,]+,ou=virtual,o=mailHosting,dc=fripost,dc=dev$" |