summaryrefslogtreecommitdiffstats
path: root/pykolab
diff options
context:
space:
mode:
authorJeroen van Meeuwen (Kolab Systems) <vanmeeuwen@kolabsys.com>2012-08-04 13:18:35 +0100
committerJeroen van Meeuwen (Kolab Systems) <vanmeeuwen@kolabsys.com>2012-08-04 13:18:35 +0100
commit3b055059da2e664b13bb2e929ccaff79b80c34dc (patch)
tree34654a595b6325a68d4e655a2e37e4e1f775b024 /pykolab
parent7f0f815d5e1b6c47df8fe973bcccef243916ee0b (diff)
downloadpykolab-3b055059da2e664b13bb2e929ccaff79b80c34dc.tar.gz
Set default ACL on associateddomain=%(domain)s,cn=kolab,cn=config to allow users in %(rootdn)s to read their own domain information (#927)
Diffstat (limited to 'pykolab')
-rw-r--r--pykolab/setup/setup_ldap.py1
1 files changed, 1 insertions, 0 deletions
diff --git a/pykolab/setup/setup_ldap.py b/pykolab/setup/setup_ldap.py
index 7241756..4b6f6c8 100644
--- a/pykolab/setup/setup_ldap.py
+++ b/pykolab/setup/setup_ldap.py
@@ -443,6 +443,7 @@ ServerAdminPwd = %(admin_pass)s
attrs = {}
attrs['objectclass'] = ['top','domainrelatedobject']
attrs['associateddomain'] = '%s' % (_input['domain'])
+ attrs['aci'] = '(targetattr = "*") (version 3.0;acl "Read Access for %(domain)s Users";allow (read,compare,search)(userdn = "ldap:///%(rootdn)s??sub?(objectclass=*)");)' % (_input)
# Add inetdomainbasedn in case the configured root dn is not the same as the
# standard root dn for the domain name configured