# Django : 2015-07-17
# setzen unterschiedlicher Berechtigungen im DIT unseres OpenLDAP-Servers
# https://dokuwiki.nausch.org/doku.php/centos:ldap_c7:tecbind#zugriffsrechte_des_technischen_user_beschraenken

dn: olcDatabase={2}hdb,cn=config
changetype: modify
replace: olcAccess
olcAccess: {0}to attrs=userPassword,shadowLastChange,shadowMax,shadowWarning by self write by dn="cn=Manager,dc=nausch,dc=org" write by dn="cn=Technischeruser,dc=nausch,dc=org" read by anonymous auth by * none
olcAccess: {1}to dn="cn=Manager,dc=nausch,dc=org" by self write by * none
olcAccess: {2}to dn="cn=Technischeruser,dc=nausch,dc=org" by self write by dn="cn=Manager,dc=nausch,dc=org" write by * none
olcAccess: {3}to dn.regex="cn=([^,]+),ou=Group,dc=nausch,dc=org" by self write by dn="cn=Manager,dc=nausch,dc=org" write by dn="cn=Technischeruser,dc=nausch,dc=org" read by dn.exact,expand="uid=$1,ou=People,dc=nausch,dc=org" read by * none
olcAccess: {4}to dn.regex="uid=([^,]+),ou=People,dc=nausch,dc=org" by self write by dn="cn=Manager,dc=nausch,dc=org" write by dn="cn=Technischeruser,dc=nausch,dc=org" read by dn.exact,expand="uid=$1,ou=People,dc=nausch,dc=org" read by * none
olcAccess: {5}to * by self write by dn.base="cn=Manager,dc=nausch,dc=org" write by * read