/usr/share/doc/libcipux-storage-perl/examples/debian-edu/slapd_acl_cipuxroot.conf is in libcipux-storage-perl 3.4.0.2-6.1.
This file is owned by root:root, with mode 0o644.
The actual contents of the file can be viewed below.
1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 | # CipUX authenticates with LDAP using the account cipuxroot.
# This account needs access to objects CipUX supports.
# ...but should be excluded from other access for improved security.
# Allow authentication and updating itself
access to dn.exact="cn=cipuxroot,dc=skole,dc=skolelinux,dc=no"
by dn.exact="cn=cipuxroot,dc=skole,dc=skolelinux,dc=no" ssf=128 =wx
by * none break
# Allow overwriting passwords but not reading or guessing
access to attrs=userPassword,sambaLMPassword,sambaNTPassword
by dn.exact="cn=cipuxroot,dc=skole,dc=skolelinux,dc=no" ssf=128 =w
by * none break
access to dn.subtree="ou=Group,dc=skole,dc=skolelinux,dc=no"
by dn.exact="cn=cipuxroot,dc=skole,dc=skolelinux,dc=no" ssf=128 write
by * none break
access to dn.subtree="ou=People,dc=skole,dc=skolelinux,dc=no"
by dn.exact="cn=cipuxroot,dc=skole,dc=skolelinux,dc=no" ssf=128 write
by * none break
access to dn.subtree="ou=Netgroup,dc=skole,dc=skolelinux,dc=no"
by dn.exact="cn=cipuxroot,dc=skole,dc=skolelinux,dc=no" ssf=128 write
by * none break
access to dn.subtree="ou=CAT,dc=skole,dc=skolelinux,dc=no"
by dn.exact="cn=cipuxroot,dc=skole,dc=skolelinux,dc=no" ssf=128 write
by * none break
access to dn.subtree="ou=Room,dc=skole,dc=skolelinux,dc=no"
by dn.exact="cn=cipuxroot,dc=skole,dc=skolelinux,dc=no" ssf=128 write
by * none break
access to dn.subtree="ou=Task,dc=skole,dc=skolelinux,dc=no"
by dn.exact="cn=cipuxroot,dc=skole,dc=skolelinux,dc=no" ssf=128 write
by * none break
# Not yet supported by CipUX
#access to dn.exact="cn=nextID,ou=Variables,dc=skole,dc=skolelinux,dc=no"
# attrs=gidNumber
# by dn.exact="cn=cipuxroot,dc=skole,dc=skolelinux,dc=no" ssf=128 write
# by * none break
|