This repository has been archived by the owner on May 17, 2018. It is now read-only.
-
Notifications
You must be signed in to change notification settings - Fork 1
/
Copy pathINSTALL
54 lines (39 loc) · 2.22 KB
/
INSTALL
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
Clacks installation guide
=========================
There's nothing final right now. Please take a look at the DEVELOP file.
Setting ACLs
------------
Until now, we've no access control defined and the only reason why we can
contact by the shell is that there is an override defined in the clacks
configuration.
The following commands create an administrative role and allow to add a
certain user be occupant of the role. You can use a web interface to handle
all the ACL issues instead of applying them by the ACL utilty.
Create GUI Acl-Role
~~~~~~~~~~~~~~~~~~~
# acl-admin add role "dc=example,dc=net" GUI
# acl-admin add roleacl with-actions name=GUI,dc=example,dc=net 0 \
sub "^net\.example\.command\.core\.(getSessionUser|getBase|search):x"
# acl-admin add roleacl with-actions name=GUI,dc=example,dc=net 0 \
sub "^net\.example\.command\.gosa\..*:x"emplateI18N|getAvailableObjectNames|getGuiTemplates|getObjectDetails|searchForObjectDetails|loadUserPreferences|saveUserPreferences):x"
Create self service role
~~~~~~~~~~~~~~~~~~~~~~~~
# acl-admin add role "dc=example,dc=net" SelfService
# acl-admin add roleacl with-actions name=SelfService,dc=example,dc=net 0 \
sub "^net\.example\.command\.core\.(openObject|dispatchObjectMethod|setObjectProperty|closeObject):x"
# acl-admin add roleacl with-actions name=SelfService,dc=example,dc=net 0 \
sub "^net\.example\.command\.password\.(listPasswordMethods|accountLockable|accountUnlockable):x"
# acl-admin add roleacl with-actions name=SelfService,dc=example,dc=net 0 \
sub "^net\.example\.command\.objects\.(User|PosixUser|SambaUser|ShadowUser):crowdsexm"
Create Administrative Role
~~~~~~~~~~~~~~~~~~~~~~~~~~
# acl-admin add role "dc=example,dc=net" Administrators
# acl-admin add roleacl with-actions name=Administrators,dc=example,dc=net 0 \
sub "^net\.example\..*:crwdsex"
Assign user 'admin' the role 'Administrators'
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
# acl-admin add acl with-role dc=example,dc=net -100 admin Administrators
Assign user 'user' the SelfService and GUI role
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
# acl-admin add acl with-role dc=example,dc=net 0 user SelfService
# acl-admin add acl with-role dc=example,dc=net 0 user GUI