summaryrefslogtreecommitdiffstats
path: root/tests/data/slapd-acl.conf
diff options
context:
space:
mode:
Diffstat (limited to 'tests/data/slapd-acl.conf')
-rw-r--r--tests/data/slapd-acl.conf144
1 files changed, 144 insertions, 0 deletions
diff --git a/tests/data/slapd-acl.conf b/tests/data/slapd-acl.conf
new file mode 100644
index 0000000..7afdc03
--- /dev/null
+++ b/tests/data/slapd-acl.conf
@@ -0,0 +1,144 @@
+# provider slapd config -- for testing
+# $OpenLDAP$
+## This work is part of OpenLDAP Software <http://www.openldap.org/>.
+##
+## Copyright 1998-2022 The OpenLDAP Foundation.
+## All rights reserved.
+##
+## Redistribution and use in source and binary forms, with or without
+## modification, are permitted only as authorized by the OpenLDAP
+## Public License.
+##
+## A copy of this license is available in the file LICENSE in the
+## top-level directory of the distribution or, alternatively, at
+## <http://www.OpenLDAP.org/license.html>.
+
+include @SCHEMADIR@/core.schema
+include @SCHEMADIR@/cosine.schema
+include @SCHEMADIR@/inetorgperson.schema
+include @SCHEMADIR@/openldap.schema
+include @SCHEMADIR@/nis.schema
+pidfile @TESTDIR@/slapd.1.pid
+argsfile @TESTDIR@/slapd.1.args
+
+# global ACLs
+#
+# normal installations should protect root dse, cn=monitor, cn=subschema
+#
+
+access to dn.exact="" attrs=objectClass
+ by users read
+access to *
+ by * read
+
+#mod#modulepath ../servers/slapd/back-@BACKEND@/
+#mod#moduleload back_@BACKEND@.la
+
+#######################################################################
+# database definitions
+#######################################################################
+
+database @BACKEND@
+
+suffix "dc=example,dc=com"
+rootdn "cn=Manager,dc=example,dc=com"
+rootpw secret
+#~null~#directory @TESTDIR@/db.1.a
+#indexdb#index objectClass eq
+#indexdb#index cn,sn,uid pres,eq,sub
+#ndb#dbname db_1
+#ndb#include @DATADIR@/ndb.conf
+add_content_acl on
+#access to attrs=objectclass dn.subtree="dc=example,dc=com"
+access to attrs=objectclass
+ by dn.exact="cn=Bjorn Jensen,ou=Information Technology Division,ou=People,dc=example,dc=com" add
+ by * =rsc stop
+
+#access to filter="(objectclass=person)" attrs=userpassword dn.subtree="dc=example,dc=com"
+access to filter="(objectclass=person)" attrs=userpassword
+ by anonymous auth
+ by self =wx
+
+access to dn.exact="cn=Mark Elliot,ou=Alumni Association,ou=People,dc=example,dc=com"
+ attrs=cn val="Mark A Elliot"
+ by dn="cn=Barbara Jensen,ou=Information Technology Division,ou=People,dc=example,dc=com" read
+ by * break
+
+access to dn.exact="cn=Mark Elliot,ou=Alumni Association,ou=People,dc=example,dc=com"
+ attrs=cn val="Mark Elliot"
+ by dn="cn=Bjorn Jensen,ou=Information Technology Division,ou=People,dc=example,dc=com" read
+ by * break
+
+access to dn.exact="cn=Mark Elliot,ou=Alumni Association,ou=People,dc=example,dc=com"
+ attrs=cn
+ by * search
+
+access to dn.exact="cn=John Doe,ou=Information Technology Division,ou=People,dc=example,dc=com"
+ attrs=cn val.regex="^John D.+"
+ by dn="cn=Barbara Jensen,ou=Information Technology Division,ou=People,dc=example,dc=com" read
+ by * break
+
+access to dn.exact="cn=John Doe,ou=Information Technology Division,ou=People,dc=example,dc=com"
+ attrs=cn val.regex="^Jonath.+"
+ by dn="cn=Bjorn Jensen,ou=Information Technology Division,ou=People,dc=example,dc=com" read
+ by * break
+
+access to dn.exact="cn=John Doe,ou=Information Technology Division,ou=People,dc=example,dc=com"
+ attrs=cn
+ by * search
+
+access to dn.onelevel="ou=Information Technology Division,ou=People,dc=example,dc=com"
+ filter="(cn=*Jensen)"
+ attrs=cn val.regex=".*Jensen$"
+ by dn="cn=Barbara Jensen,ou=Information Technology Division,ou=People,dc=example,dc=com" read
+ by dn="cn=Bjorn Jensen,ou=Information Technology Division,ou=People,dc=example,dc=com" read
+ by * break
+
+access to dn.exact="cn=Bjorn Jensen,ou=Information Technology Division,ou=People,dc=example,dc=com"
+ attrs=cn
+ by * search
+
+access to dn.children="ou=Alumni Association,ou=People,dc=example,dc=com"
+ by dn.regex=".+,dc=example,dc=com" +c continue
+ by dn.subtree="dc=example,dc=com" +rs continue
+ by dn.children="dc=example,dc=com" +d continue
+ by * stop
+
+#access to attrs=member,uniquemember dn.subtree="dc=example,dc=com"
+access to attrs=member,uniquemember
+ by dn.exact="cn=James A Jones 1,ou=Alumni Association,ou=People,dc=example,dc=com" selfwrite
+ by dnattr=member selfwrite
+ by dnattr=uniquemember selfwrite
+ by * read
+
+#access to attrs=member,uniquemember filter="(mail=*com)" dn.subtree="dc=example,dc=com"
+access to attrs=member,uniquemember filter="(mail=*com)"
+ by * read
+
+#access to filter="(|(objectclass=groupofnames)(objectClass=groupofuniquenames))" dn.subtree="dc=example,dc=com"
+access to filter="(|(objectclass=groupofnames)(objectClass=groupofuniquenames))"
+ by dn.exact="cn=Bjorn Jensen,ou=Information Technology Division,ou=People,dc=example,dc=com" =sc continue
+ by dn.regex="^cn=Bjorn Jensen,ou=Information Technology Division,ou=People,dc=example,dc=com$" +rw stop
+ by * break
+
+access to dn.children="ou=Information Technology Division,ou=People,dc=example,dc=com"
+ by group/groupOfUniqueNames/uniqueMember.exact="cn=ITD Staff,ou=Groups,dc=example,dc=com" write
+ by * read
+
+access to dn.exact="cn=Alumni Assoc Staff,ou=Groups,dc=example,dc=com"
+ by set="[cn=Alumni Assoc Staff,ou=Groups,dc=example,dc=com]/member* & user" write
+ by * read
+
+#access to filter="(name=X*Y*Z)" dn.subtree="dc=example,dc=com"
+access to filter="(name=X*Y*Z)"
+ by * continue
+
+access to dn.subtree="ou=Add & Delete,dc=example,dc=com"
+ by dn.exact="cn=Bjorn Jensen,ou=Information Technology Division,ou=People,dc=example,dc=com" add
+ by dn.exact="cn=Barbara Jensen,ou=Information Technology Division,ou=People,dc=example,dc=com" delete
+ by dn.exact="cn=James A Jones 1,ou=Alumni Association,ou=People,dc=example,dc=com" write
+ by * read
+
+# fall into global ACLs
+
+database monitor