dataset/seed/openldap/templates/config_acl.ldif

#RISOTTO: do not compare
{% set name_family = 'gnunux' %}
{% set dns = {} %}
{% set groups = [] %}
{{ groups.append('cn=remote_test0,' + ldap_base_dn) }}
{{ groups.append('cn=remote_test1,' + ldap_base_dn) }}
{{ groups.append('cn=remote_test2,' + ldap_base_dn) }}
{{ dns.setdefault(None, []).append(('cn=remote_test0,' + ldap_base_dn, 'read')) }}
{{ dns.setdefault('all', []).append(('cn=remote_test1,' + ldap_base_dn, 'read')) }}
{{ dns.setdefault(name_family, []).append(('cn=remote_test2,' + ldap_base_dn, 'read')) }}
{% for remote in accounts.remotes %}
{% set name = remote|normalize_family %}
{% set family = accounts['remote_' + name]['family_' + name] %}
{{ groups.append(accounts['remote_' + name]['dn_' + name]) }}
{% set right = 'read' %}
{{ dns.setdefault(family, []).append((accounts['remote_' + name]['dn_' + name], right)) }}
{% endfor %}
dn: olcDatabase={2}mdb,cn=config
changetype:modify
replace: olcAccess
olcAccess: {0}to attrs=userPassword
    by self write
    by anonymous auth
    by * none
olcAccess: {1}to dn.subtree="{{ ldap_group_dn }}"
{% for group in groups %}
    by dn="{{ group }}" read
{% endfor %}
    by * none
{% set acl = {'idx': 2} %}
{% for family, remotes in dns.items() %}
{% if family != 'all' %}
olcAccess: { {{- acl['idx'] -}} }to dn.subtree="{{ ldap_base_dn|calc_ldapclient_base_dn(family) }}"
    by self read
{% for remote in remotes %}
    by dn="{{ remote[0] }}" {{ remote[1] }}
{% endfor %}
{% if 'all' in dns %}
{% for remote in dns['all'] %}
    by dn="{{ remote[0] }}" {{ remote[1] }}
{% endfor %}
{% endif %}
{% set x=acl.__setitem__('idx', acl['idx'] + 1) %}
    by * none
{% endif %}
{% endfor %}
{% if 'all' in dns %}
olcAccess: { {{- acl['idx'] -}} }to dn.subtree="{{ ldap_account_dn }}"
    by self read
{% for remote in dns['all'] %}
    by dn="{{ remote[0] }}" {{ remote[1] }}
{% endfor %}
    by * none
{% endif %}
update documentations 2023-01-17 21:43:32 +01:00			`#RISOTTO: do not compare`
ansible template 2023-06-23 08:12:05 +02:00			`{% set name_family = 'gnunux' %}`
			`{% set dns = {} %}`
			`{% set groups = [] %}`
			`{{ groups.append('cn=remote_test0,' + ldap_base_dn) }}`
			`{{ groups.append('cn=remote_test1,' + ldap_base_dn) }}`
			`{{ groups.append('cn=remote_test2,' + ldap_base_dn) }}`
			`{{ dns.setdefault(None, []).append(('cn=remote_test0,' + ldap_base_dn, 'read')) }}`
			`{{ dns.setdefault('all', []).append(('cn=remote_test1,' + ldap_base_dn, 'read')) }}`
			`{{ dns.setdefault(name_family, []).append(('cn=remote_test2,' + ldap_base_dn, 'read')) }}`
			`{% for remote in accounts.remotes %}`
			`{% set name = remote\|normalize_family %}`
			`{% set family = accounts['remote_' + name]['family_' + name] %}`
			`{{ groups.append(accounts['remote_' + name]['dn_' + name]) }}`
			`{% set right = 'read' %}`
			`{{ dns.setdefault(family, []).append((accounts['remote_' + name]['dn_' + name], right)) }}`
			`{% endfor %}`
fork from cadoles' risotto-dataset 2022-03-08 19:42:28 +01:00			`dn: olcDatabase={2}mdb,cn=config`
			`changetype:modify`
			`replace: olcAccess`
			`olcAccess: {0}to attrs=userPassword`
			`by self write`
			`by anonymous auth`
			`by * none`
ansible template 2023-06-23 08:12:05 +02:00			`olcAccess: {1}to dn.subtree="{{ ldap_group_dn }}"`
			`{% for group in groups %}`
			`by dn="{{ group }}" read`
			`{% endfor %}`
update 2022-06-24 19:00:16 +02:00			`by * none`
ansible template 2023-06-23 08:12:05 +02:00			`{% set acl = {'idx': 2} %}`
			`{% for family, remotes in dns.items() %}`
			`{% if family != 'all' %}`
			`olcAccess: { {{- acl['idx'] -}} }to dn.subtree="{{ ldap_base_dn\|calc_ldapclient_base_dn(family) }}"`
dovecot 2022-05-04 10:29:03 +02:00			`by self read`
ansible template 2023-06-23 08:12:05 +02:00			`{% for remote in remotes %}`
			`by dn="{{ remote[0] }}" {{ remote[1] }}`
			`{% endfor %}`
			`{% if 'all' in dns %}`
			`{% for remote in dns['all'] %}`
			`by dn="{{ remote[0] }}" {{ remote[1] }}`
			`{% endfor %}`
			`{% endif %}`
			`{% set x=acl.__setitem__('idx', acl['idx'] + 1) %}`
fork from cadoles' risotto-dataset 2022-03-08 19:42:28 +01:00			`by * none`
ansible template 2023-06-23 08:12:05 +02:00			`{% endif %}`
			`{% endfor %}`
			`{% if 'all' in dns %}`
			`olcAccess: { {{- acl['idx'] -}} }to dn.subtree="{{ ldap_account_dn }}"`
add test for ldap 2022-07-07 09:37:49 +02:00			`by self read`
ansible template 2023-06-23 08:12:05 +02:00			`{% for remote in dns['all'] %}`
			`by dn="{{ remote[0] }}" {{ remote[1] }}`
			`{% endfor %}`
add test for ldap 2022-07-07 09:37:49 +02:00			`by * none`
ansible template 2023-06-23 08:12:05 +02:00			`{% endif %}`