Add aci to make managed netgroups immutable.

ticket 962
2025-02-25 18:55:28 -06:00 · 2011-02-17 17:19:24 -05:00
parent 6943acc161
commit 496ab3f738
2 changed files with 6 additions and 1 deletions
--- a/install/updates/20-aci.update
+++ b/install/updates/20-aci.update
@@ -0,0 +1,4 @@
+# Don't allow managed netgroups to be modified
+dn: cn=ng,cn=alt,$SUFFIX
+add:aci: '(targetfilter = "(objectClass=mepManagedEntry)")(targetattr = "*")(version 3.0; acl "Managed netgroups cannot be modified"; deny (write) userdn = "ldap:///all";)'
+