[Date Prev][Date Next]
[Chronological]
[Thread]
[Top]
speeding up searches and better security - access lists
Hi all,
I have a question regarding access lists. I have read the man pages and
manuals but I am still unclear as to how I can use the stop and break
arguments in an access list. I am assuming that that will speed up my
searches. Also, from a plain security point of view, where is this list
wrong? dn: cn=admin is the user to bind for auth with imap, samba, sasl.
Your help would be much appreciated.
Thanks.
Ben
access to dn.subtree="ou=Utiba,ou=People,dc=cpc" attr=userPassword
by anonymous auth
by dn="cn=admin,ou=People,dc=cpc" auth
by self write
by dn="uid=root,ou=System,ou=People,dc=cpc" write
by group="cn=sysadmin,ou=grpUtiba,ou=Group,dc=cpc" write
access to dn.subtree="ou=Contacts,ou=People,dc=cpc"
by users read
by self write
by * write
by group="cn=utiba,ou=grpUtiba,ou=Group,dc=cpc" write
by anonymous read
access to dn.subtree="ou=People,dc=cpc"
attrs=loginShell,uid,cn,sn,uidNumber,gidNumber,userPassword,mailMessageStore,mailHost,accountStatus,homeDirectory,amavisVirusLover,amavisBannedFilesLover,amavisBypassVirusChecks,amavisBypassSpamChecks,amavisSpamTagLevel,amavisSpamTag2Level,amavisSpamKillLevel,amavisSpamModifiesSubj,amavisWhitelistSender,amavisBlacklistSender,mailForwardingAddress
by anonymous read
by users read
by self write
by dn="cn=admin,ou=People,dc=cpc" write
by dn="uid=root,ou=System,ou=People,dc=cpc" write
by group="cn=sysadmin,ou=grpUtiba,ou=Group,dc=cpc" write
access to dn.subtree="ou=auto.home,dc=cpc"
by anonymous read
by self write
access to dn=.*
by anonymous read
by dn="uid=root,ou=System,ou=People,dc=cpc" write
by dn="uid=admin,ou=System,ou=People,dc=cpc" write
by dn="cn=sysadmin,ou=grpUtiba,ou=Group,dc=cpc" write
access to dn.exact=""
by * read
(rest pretty much supplied with mandrake openldap)
access to dn.regex="^([^,]*,)?ou=[^,]+,(dc=[^,]+(,dc=[^,]+)*)$"
attrs=lmPassword,ntPassword,sambaLMPassword,sambaNTPassword,userPassword,sambaPasswordHistory
by self write
by dn.exact,expand="uid=root,ou=System,ou=People,$2" write
by group="cn=Domain Controllers,ou=Group,$2" write
by group="cn=Domain Admins,ou=grpSystem,ou=Group,$2" write
by group="cn=Replicator,ou=Group,$2" write
by anonymous auth
by * none
access to dn.regex="^([^,]+,)?ou=People,(dc=[^,]+(,dc=[^,]+)*)$"
attrs=entry,children,posixAccount,sambaAccount,sambaSamAccount
by dn.exact,expand="uid=root,ou=System,ou=People,$2" write
by group="cn=Domain Controllers,ou=Group,$2" write
by group="cn=Domain Admins,ou=grpSystem,ou=Group,$2" write
by group="cn=Replicator,ou=Group,$2" write
by users read
by anonymous read
access to dn.regex="([^,]+,)?ou=People,(dc=[^,]+(,dc=[^,]+)*)$"
attrs=inetOrgPerson,mail
by self write
by dn.exact,expand="uid=root,ou=System,ou=People,$2" write
by group="cn=Domain Controllers,ou=Group,$2" write
by group="cn=Domain Admins,ou=grpSystem,ou=Group,$2" write
by group="cn=Replicator,ou=Group,$2" write
by users read
by anonymous read
access to dn.regex="^([^,]+,)?ou=Group,(dc=[^,]+(,dc=[^,]+)*)$"
attrs=entry,children,posixGroup,sambaGroupMapping
by dn.exact,expand="uid=root,ou=System,ou=People,$2" write
by group="cn=Domain Controllers,ou=Group,$2" write
by group="cn=Domain Admins,ou=grpSystem,ou=Group,$2" write
by group="cn=Replicator,ou=Group,$2" write
by users read
by anonymous read
access to dn.regex="^([^,]+,)?ou=Hosts,(dc=[^,]+(,dc=[^,]+)*)$"
attrs=entry,children,posixAccount,inetOrgperson,sambaSamAccount
by dn.exact,expand="uid=root,ou=System,ou=People,$2" write
by group="cn=Domain Controllers,ou=Group,$2" write
by group="cn=Domain Admins,ou=grpSystem,ou=Group,$2" write
by group="cn=Replicator,ou=Group,$2" write
by users read
by anonymous read
access to dn.regex="^([^,]+,)?ou=Idmap,(dc=[^,]+(,dc=[^,]+)*)$"
attrs=entry,children,sambaIdmapEntry
by dn.exact,expand="uid=root,ou=System,ou=People,$2" write
by group="cn=Domain Controllers,ou=Group,$2" write
by group="cn=Domain Admins,ou=grpSystem,ou=Group,$2" write
by group="cn=Replicator,ou=Group,$2" write
by users read
by anonymous read
access to dn.regex="^([^,],)?ou=Contacts,(dc=[^,]+(,dc=[^,]+)*)$"
attrs=children,entry,inetOrgPerson,evolutionperson,calEntry
by dn="uid=[^,]+,ou=People,$2" write
by group="cn=Replicator,ou=Group,$2" write
by group="cn=Domain Admins,ou=grpSystem,ou=Group,$2" write
by users read
by anonymous read
_________________________________________________________________
FREE pop-up blocking with the new MSN Toolbar - get it now!
http://toolbar.msn.click-url.com/go/onm00200415ave/direct/01/