egroupware/doc/ldap/acl_addressbook.conf

44 lines
1.8 KiB
Plaintext
Raw Permalink Normal View History

# Access to users personal addressbooks
# allow read of addressbook by owner and egwadmin account
access to dn.regex="^cn=([^,]+),ou=personal,ou=contacts,o=([^,]+),dc=domain,dc=com$"
attrs=entry
by dn.regex="uid=$1,ou=accounts,o=$2,dc=domain,dc=com" read
by dn.regex="cn=egwadmin,o=$2,dc=domain,dc=com" write
by users none
# allow user to create entries in own addressbook; no-one else can access it
# needs write access to the entries ENTRY attribute ...
access to dn.regex="cn=([^,]+),ou=personal,ou=contacts,o=([^,]+),dc=domain,dc=com$"
attrs=children
by dn.regex="uid=$1,ou=accounts,o=$2,dc=domain,dc=com" write
by users none
# ... and the entries CHILDREN
access to dn.regex="cn=([^,]+),ou=personal,ou=contacts,o=([^,]+),dc=domain,dc=com$"
attrs=entry,@inetOrgPerson,@mozillaAbPersonAlpha,@evolutionPerson
by dn.regex="uid=$1,ou=accounts,o=$2,dc=domain,dc=com" write
by users none
# Access to groups addressbooks
# allow read of addressbook by members and egwadmin account
access to dn.regex="^cn=([^,]+),ou=shared,ou=contacts,o=([^,]+),dc=domain,dc=com$"
attrs=entry
by group.expand="cn=$1,ou=groups,o=$2,dc=domain,dc=com" read
by dn.regex="cn=egwadmin,o=$2,dc=domain,dc=com" write
by users none
# allow members to create entries in there group addressbooks; no-one else can access it
# needs write access to the entries ENTRY attribute ...
access to dn.regex="cn=([^,]+),ou=shared,ou=contacts,o=([^,]+),dc=domain,dc=com$"
attrs=children
by group.expand="cn=$1,ou=groups,o=$2,dc=domain,dc=com" write
by users none
# ... and the entries CHILDREN
access to dn.regex="cn=([^,]+),ou=shared,ou=contacts,o=([^,]+),dc=domain,dc=com$"
attrs=entry,@inetOrgPerson,@mozillaAbPersonAlpha,@evolutionPerson
by group.expand="cn=$1,ou=groups,o=$2,dc=domain,dc=com" write
by users none