Home | History | Annotate | only in /src/external/bsd/openldap/dist/contrib/slapd-modules/acl
Up to higher level directory
NameDateSize
gssacl.c14-Aug-20217.5K
Makefile05-Sep-20251.3K
now.c05-Sep-20254.8K
posixgroup.c05-Sep-20256.8K
README.gssacl28-May-2014985
README.now05-Sep-20251.4K
README.posixgroup05-Sep-20251.3K

README.gssacl

      1 This directory contains native slapd plugins that implement access rules.
      2 
      3 gssacl.c contains a simple example that implements access control
      4 based on GSS naming extensions attributes.
      5 
      6 To use the acl-gssacl plugin, add:
      7 
      8 moduleload acl-gssacl.so
      9 
     10 to your slapd configuration file.
     11 It is configured using
     12 
     13 access to <what>
     14         by dynacl/gss/<attribute>.[.{base,regex,expand}]=<valpat> {<level>|<priv(s)>}
     15 
     16 The default is "exact"; in case of "expand", "<valpat>" results from
     17 the expansion of submatches in the "<what>" portion.  "<level>|<priv(s)>"
     18 describe the level of privilege this rule can assume.
     19 
     20 Use Makefile to compile this plugin or use a command line similar to:
     21 
     22 gcc -shared -I../../../include -I../../../servers/slapd -Wall -g \
     23 	-o acl-gssacl.so gssacl.c
     24 
     25 
     26 ---
     27 Copyright 2011 PADL Software Pty Ltd. All rights reserved.
     28 
     29 Redistribution and use in source and binary forms, with or without
     30 modification, are permitted only as authorized by the OpenLDAP
     31 Public License.
     32 
     33 

README.now

      1 # create a simple slapd.conf (e.g. by running test003)
      2 
      3 
      4 
      5 # define the attributes (replace MyOID with a valid OID)
      6 
      7 attributetype ( MyOID:1 NAME 'validityStarts'
      8         EQUALITY generalizedTimeMatch
      9         ORDERING generalizedTimeOrderingMatch
     10         SYNTAX 1.3.6.1.4.1.1466.115.121.1.24 )
     11 attributetype ( MyOID:2 NAME 'validityEnds'
     12         EQUALITY generalizedTimeMatch
     13         ORDERING generalizedTimeOrderingMatch
     14         SYNTAX 1.3.6.1.4.1.1466.115.121.1.24 )
     15 
     16 
     17 
     18 # load the module
     19 
     20 moduleload "now_dynacl.so"
     21 
     22 
     23 
     24 # and apply the following access rules
     25 
     26 access to dn.exact="dc=example,dc=com"
     27         by * read
     28 
     29 access to dn.children="dc=example,dc=com"
     30         by dynacl/now=">=validityStarts" read break
     31 
     32 access to dn.children="dc=example,dc=com"
     33         by dynacl/now="<=validityEnds" read
     34 
     35 
     36 
     37 # Then load the LDIF
     38 
     39 dn: cn=Too Late,dc=example,dc=com
     40 objectClass: device
     41 objectClass: extensibleObject
     42 cn: Too Late
     43 validityStarts: 20000101000000Z
     44 validityEnds: 20100101000000Z
     45 
     46 dn: cn=Just in Time,dc=example,dc=com
     47 objectClass: device
     48 objectClass: extensibleObject
     49 cn: Just in Time
     50 validityStarts: 20100101000000Z
     51 validityEnds: 20200101000000Z
     52 
     53 dn: cn=Too Early,dc=example,dc=com
     54 objectClass: device
     55 objectClass: extensibleObject
     56 cn: Too Early
     57 validityStarts: 20200101000000Z
     58 validityEnds: 20300101000000Z
     59 
     60 
     61 # an anonymous ldapsearch should only find the entry
     62 
     63 $ ldapsearch -x -H ldap://:9011 -b dc=example,dc=com -LLL 1.1
     64 dn: cn=Just in Time,dc=example,dc=com
     65 
     66 

README.posixgroup

      1 This directory contains native slapd plugins that implement access rules.
      2 
      3 posixgroup.c contains a simple example that implements access control
      4 based on posixGroup membership, loosely inspired by ITS#3849.  It should
      5 be made clear that this access control policy does not reflect any
      6 standard track model of handling access control, and should be 
      7 essentially viewed as an illustration of the use of the dynamic 
      8 extension of access control within slapd.
      9 
     10 To use the acl-posixgroup plugin, add:
     11 
     12 moduleload acl-posixgroup.so
     13 
     14 to your slapd configuration file; it requires "nis.schema" to be loaded.
     15 It is configured using
     16 
     17 access to <what>
     18 	by dynacl/posixGroup[.{exact,expand}]=<dnpat> {<level>|<priv(s)}
     19 
     20 The default is "exact"; in case of "expand", "<dnpat>" results from
     21 the expansion of submatches in the "<what>" portion.  "<level>|<priv(s)>"
     22 describe the level of privilege this rule can assume.
     23 
     24 Use Makefile to compile this plugin or use a command line similar to:
     25 
     26 gcc -shared -I../../../include -I../../../servers/slapd -Wall -g \
     27 	-o acl-posixgroup.so posixgroup.c
     28 
     29 ---
     30 Copyright 2005-2024 The OpenLDAP Foundation. All rights reserved.
     31 
     32 Redistribution and use in source and binary forms, with or without
     33 modification, are permitted only as authorized by the OpenLDAP
     34 Public License.
     35 
     36