davrot/neuro_ansible
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions
neuro_ansible/ldap_fix_group_permissions.lif

38 lines
2.1 KiB
Text
Raw Blame History

# ldapmodify -x -W -D "cn=admin" -f temp.lif
# ldapsearch -x -W -D "cn=admin" -b "dc=ldap,dc=neuro,dc=uni-bremen,dc=de" -LLL -s sub '(aci=*)' aci
dn: ou=groups,dc=ldap,dc=neuro,dc=uni-bremen,dc=de
changetype: modify
delete: aci
aci: (targetattr="cn || member || memberUid || gidNumber || nsUniqueId || description || objectClass")(targetfilter="(objectClass=groupOfNames)")(version 3.0; acl "Enable anyone group read"; allow (read, search, compare)(userdn="ldap:///anyone");)
dn: ou=groups,dc=ldap,dc=neuro,dc=uni-bremen,dc=de
changetype: modify
delete: aci
aci: (targetattr="member")(targetfilter="(objectClass=groupOfNames)")(version 3.0; acl "Enable group_modify to alter members"; allow (write)(groupdn="ldap:///cn=group_modify,ou=permissions,dc=ldap,dc=neuro,dc=uni-bremen,dc=de");)
dn: ou=groups,dc=ldap,dc=neuro,dc=uni-bremen,dc=de
changetype: modify
delete: aci
aci: (targetattr="cn || member || gidNumber || description || objectClass")(targetfilter="(objectClass=groupOfNames)")(version 3.0; acl "Enable group_admin to manage groups"; allow (write, add, delete)(groupdn="ldap:///cn=group_admin,ou=permissions,dc=ldap,dc=neuro,dc=uni-bremen,dc=de");)
dn: ou=groups,dc=ldap,dc=neuro,dc=uni-bremen,dc=de
changetype: modify
add: aci
aci: (targetattr="cn || member || memberUid || gidNumber || nsUniqueId || description || objectClass")(targetfilter="(objectClass=posixGroup)")(version 3.0; acl "Enable anyone group read"; allow (read, search, compare)(userdn="ldap:///anyone");)
dn: ou=groups,dc=ldap,dc=neuro,dc=uni-bremen,dc=de
changetype: modify
add: aci
aci: (targetattr="member")(targetfilter="(objectClass=posixGroup)")(version 3.0; acl "Enable group_modify to alter members"; allow (write)(groupdn="ldap:///cn=group_modify,ou=permissions,dc=ldap,dc=neuro,dc=uni-bremen,dc=de");)
dn: ou=groups,dc=ldap,dc=neuro,dc=uni-bremen,dc=de
changetype: modify
add: aci
aci: (targetattr="cn || member || gidNumber || description || objectClass")(targetfilter="(objectClass=posixGroup)")(version 3.0; acl "Enable group_admin to manage groups"; allow (write, add, delete)(groupdn="ldap:///cn=group_admin,ou=permissions,dc=ldap,dc=neuro,dc=uni-bremen,dc=de");)
Reference in a new issue View git blame Copy permalink