ldap/server: Add ACL support for netgroups

2020-09-11 14:45:11 +00:00 · 2020-09-11 14:45:11 +00:00 · da549daaaa
commit da549daaaa
parent 8a7ad72442
1 changed files with 11 additions and 0 deletions
--- a/roles/ldap/server/templates/slapd.conf.j2
+++ b/roles/ldap/server/templates/slapd.conf.j2
@ -168,6 +168,17 @@ access to dn.one=ou=People,{{ ldap_basedn }} attrs=loginShell
    by users read
    by * none

+# allow reads to netgroups
+#   TODO: change that only sysadm + host certs can read
+access to dn.sub=ou=Netgroup,ou=System,{{ ldap_basedn }}
+    by users read
+    by * none
+
+# allow reads to ou=System object itself
+access to dn.base=ou=System,{{ ldap_basedn }}
+    by users read
+    by * none
+
 # block rest of queries to ou=System tree
 access to dn.sub=ou=System,{{ ldap_basedn }}
    by * none