dataset/seed/applicationservice/2022.03.08/openldap-server/templates/config_acl.ldif

dn: olcDatabase={2}mdb,cn=config
changetype:modify
replace: olcAccess
olcAccess: {0}to attrs=userPassword
    by self write
    by anonymous auth
    by * none
olcAccess: {1}to dn.subtree="ou=users,%%ldap_base_dn"
    by self read
%set %%aclidx = 1
%for %%remote in %%accounts.remotes
 %set %%name = %%normalize_family(%%remote)
    by dn="%%accounts['remote_' + %%name]['dn_' + %%name]" %slurp
 %if %%accounts['remote_' + %%name]['read_only_' + %%name]
read%slurp
 %else
write%slurp
 %end if
%end for

    by * none
%for %%idx, %%acl in %%enumerate(%%accounts.acl.ldap_acl_attribute)
 %set %%aclidx += 1
olcAccess: {%%aclidx}to %%acl %echo ' '.join(%%acl.ldap_acl_rights)
%end for
fork from cadoles' risotto-dataset 2022-03-08 19:42:28 +01:00			`dn: olcDatabase={2}mdb,cn=config`
			`changetype:modify`
			`replace: olcAccess`
			`olcAccess: {0}to attrs=userPassword`
			`by self write`
			`by anonymous auth`
			`by * none`
			`olcAccess: {1}to dn.subtree="ou=users,%%ldap_base_dn"`
			`by self read`
			`%set %%aclidx = 1`
			`%for %%remote in %%accounts.remotes`
			`%set %%name = %%normalize_family(%%remote)`
			`by dn="%%accounts['remote_' + %%name]['dn_' + %%name]" %slurp`
			`%if %%accounts['remote_' + %%name]['read_only_' + %%name]`
			`read%slurp`
			`%else`
			`write%slurp`
			`%end if`
			`%end for`

			`by * none`
			`%for %%idx, %%acl in %%enumerate(%%accounts.acl.ldap_acl_attribute)`
			`%set %%aclidx += 1`
			`olcAccess: {%%aclidx}to %%acl %echo ' '.join(%%acl.ldap_acl_rights)`
			`%end for`