summaryrefslogtreecommitdiffstats
path: root/pykolab
diff options
context:
space:
mode:
authorJeroen van Meeuwen (Kolab Systems) <vanmeeuwen@kolabsys.com>2012-08-04 13:18:35 +0100
committerJeroen van Meeuwen (Kolab Systems) <vanmeeuwen@kolabsys.com>2012-08-04 13:19:32 +0100
commitf0bdaf9a768b9fb2e180595c3ee965df146e1cde (patch)
treef096ac3cffc3a7d5c12348d1ed34b2a78cfa4909 /pykolab
parente18c12b6c8951738f685d632a1337e1e11c8a31f (diff)
downloadpykolab-f0bdaf9a768b9fb2e180595c3ee965df146e1cde.tar.gz
Set default ACL on associateddomain=%(domain)s,cn=kolab,cn=config to allow users in %(rootdn)s to read their own domain information (#927)
Diffstat (limited to 'pykolab')
-rw-r--r--pykolab/setup/setup_ldap.py1
1 files changed, 1 insertions, 0 deletions
diff --git a/pykolab/setup/setup_ldap.py b/pykolab/setup/setup_ldap.py
index 7241756..4b6f6c8 100644
--- a/pykolab/setup/setup_ldap.py
+++ b/pykolab/setup/setup_ldap.py
@@ -443,6 +443,7 @@ ServerAdminPwd = %(admin_pass)s
attrs = {}
attrs['objectclass'] = ['top','domainrelatedobject']
attrs['associateddomain'] = '%s' % (_input['domain'])
+ attrs['aci'] = '(targetattr = "*") (version 3.0;acl "Read Access for %(domain)s Users";allow (read,compare,search)(userdn = "ldap:///%(rootdn)s??sub?(objectclass=*)");)' % (_input)
# Add inetdomainbasedn in case the configured root dn is not the same as the
# standard root dn for the domain name configured