finish up idm_server hostclass

author: Cullum Smith <cullum@sacredheartsc.com> 2024-09-24 22:35:45 -0400
committer: Cullum Smith <cullum@sacredheartsc.com> 2024-09-24 22:35:45 -0400
commit: 6e00c9e8137aae1fb8dd568a62d9fb5fc4a277cb (patch)
tree: 9279f7a330affbb5da6a1f147739b8dfd92d4a19 /files/usr/local/etc/openldap/slapd.ldif.idm_server
parent: d9c18b3fcb9b036b6cdf69397828b59ab4c53091 (diff)
download: infrastructure-6e00c9e8137aae1fb8dd568a62d9fb5fc4a277cb.tar.gz
1 files changed, 2 insertions, 2 deletions
diff --git a/files/usr/local/etc/openldap/slapd.ldif.idm_server b/files/usr/local/etc/openldap/slapd.ldif.idm_server
index 784c63a..9dc0086 100644
--- a/files/usr/local/etc/openldap/slapd.ldif.idm_server
+++ b/files/usr/local/etc/openldap/slapd.ldif.idm_server
@@ -119,8 +119,8 @@ olcAccess: {1}to dn.base="cn=Subschema"
   by * read
 olcAccess: {3}to *
   by dn.exact=${slapd_replicator_dn} read
-  by dn.exact=uid=${idm_admin_username},${robots_basedn} manage
-  by group/groupOfMembers/member=cn=${idm_admin_groupname},${groups_basedn} manage
+  by dn.exact=krbPrincipalName=${boxconf_username},${robots_basedn} manage
+  by set="[cn=${slapd_admin_role},${roles_basedn}]/member* & user" manage
   by * break
 olcAccess: {4}to dn.subtree=${sudo_basedn}
   by dn.children=${hosts_basedn} read
author	Cullum Smith <cullum@sacredheartsc.com>	2024-09-24 22:35:45 -0400
committer	Cullum Smith <cullum@sacredheartsc.com>	2024-09-24 22:35:45 -0400
commit	6e00c9e8137aae1fb8dd568a62d9fb5fc4a277cb (patch)
tree	9279f7a330affbb5da6a1f147739b8dfd92d4a19 /files/usr/local/etc/openldap/slapd.ldif.idm_server
parent	d9c18b3fcb9b036b6cdf69397828b59ab4c53091 (diff)
download	infrastructure-6e00c9e8137aae1fb8dd568a62d9fb5fc4a277cb.tar.gz