mirror of
https://github.com/EGroupware/egroupware.git
synced 2024-12-27 00:58:55 +01:00
44 lines
1.8 KiB
Plaintext
44 lines
1.8 KiB
Plaintext
# Access to users personal addressbooks
|
|
|
|
# allow read of addressbook by owner and egwadmin account
|
|
access to dn.regex="^cn=([^,]+),ou=personal,ou=contacts,o=([^,]+),dc=domain,dc=com$"
|
|
attrs=entry
|
|
by dn.regex="uid=$1,ou=accounts,o=$2,dc=domain,dc=com" read
|
|
by dn.regex="cn=egwadmin,o=$2,dc=domain,dc=com" write
|
|
by users none
|
|
|
|
# allow user to create entries in own addressbook; no-one else can access it
|
|
# needs write access to the entries ENTRY attribute ...
|
|
access to dn.regex="cn=([^,]+),ou=personal,ou=contacts,o=([^,]+),dc=domain,dc=com$"
|
|
attrs=children
|
|
by dn.regex="uid=$1,ou=accounts,o=$2,dc=domain,dc=com" write
|
|
by users none
|
|
|
|
# ... and the entries CHILDREN
|
|
access to dn.regex="cn=([^,]+),ou=personal,ou=contacts,o=([^,]+),dc=domain,dc=com$"
|
|
attrs=entry,@inetOrgPerson,@mozillaAbPersonAlpha,@evolutionPerson
|
|
by dn.regex="uid=$1,ou=accounts,o=$2,dc=domain,dc=com" write
|
|
by users none
|
|
|
|
# Access to groups addressbooks
|
|
|
|
# allow read of addressbook by members and egwadmin account
|
|
access to dn.regex="^cn=([^,]+),ou=shared,ou=contacts,o=([^,]+),dc=domain,dc=com$"
|
|
attrs=entry
|
|
by group.expand="cn=$1,ou=groups,o=$2,dc=domain,dc=com" read
|
|
by dn.regex="cn=egwadmin,o=$2,dc=domain,dc=com" write
|
|
by users none
|
|
|
|
# allow members to create entries in there group addressbooks; no-one else can access it
|
|
# needs write access to the entries ENTRY attribute ...
|
|
access to dn.regex="cn=([^,]+),ou=shared,ou=contacts,o=([^,]+),dc=domain,dc=com$"
|
|
attrs=children
|
|
by group.expand="cn=$1,ou=groups,o=$2,dc=domain,dc=com" write
|
|
by users none
|
|
|
|
# ... and the entries CHILDREN
|
|
access to dn.regex="cn=([^,]+),ou=shared,ou=contacts,o=([^,]+),dc=domain,dc=com$"
|
|
attrs=entry,@inetOrgPerson,@mozillaAbPersonAlpha,@evolutionPerson
|
|
by group.expand="cn=$1,ou=groups,o=$2,dc=domain,dc=com" write
|
|
by users none
|