Externalize config

author: Alex Auvolat <alex@adnab.me> 2020-01-26 19:27:17 +0100
committer: Alex Auvolat <alex@adnab.me> 2020-01-26 19:27:17 +0100
commit: c1f0247586c98bbdfc42c4a8db3410d34dfbc500 (patch)
tree: 8fb0d95dd922d5d6b7a5dd748f91ee050261ae35 /README.md
parent: 611d182907c3c567f9000c4e0dc00da95e2d64f6 (diff)
download: bottin-c1f0247586c98bbdfc42c4a8db3410d34dfbc500.tar.gz
bottin-c1f0247586c98bbdfc42c4a8db3410d34dfbc500.zip
1 files changed, 16 insertions, 0 deletions
diff --git a/README.md b/README.md
new file mode 100644
index 0000000..b4a95bf
--- /dev/null
+++ b/README.md
@@ -0,0 +1,16 @@
+## ACL examples
+
+```
+// Anybody (before binding) can bind to an entity under ou=users,dc=gobottin,dc=eu
+"ANONYMOUS::bind:*,ou=users,dc=gobottin,dc=eu:",
+// Anybody (before binding) can bind to the specific admin entity
+"ANONYMOUS::bind:cn=admin,dc=gobottin,dc=eu:",
+// Anybody who is logged in can read anything that is not a userpassword attribute
+"*,dc=gobottin,dc=eu::read:*:* !userpassword",
+// Anybody can read and modify anything from their own entry
+"*::read modify:SELF:*",
+// The admin can read, add, modify, delete anything
+"cn=admin,dc=gobottin,dc=eu::read add modify delete:*:*",
+// Members of the admin group can read, add, modify, delete anything
+"*:cn=admin,ou=groups,dc=gobottin,dc=eu:read add modify delete:*:*"
+```
author	Alex Auvolat <alex@adnab.me>	2020-01-26 19:27:17 +0100
committer	Alex Auvolat <alex@adnab.me>	2020-01-26 19:27:17 +0100
commit	c1f0247586c98bbdfc42c4a8db3410d34dfbc500 (patch)
tree	8fb0d95dd922d5d6b7a5dd748f91ee050261ae35 /README.md
parent	611d182907c3c567f9000c4e0dc00da95e2d64f6 (diff)
download	bottin-c1f0247586c98bbdfc42c4a8db3410d34dfbc500.tar.gz bottin-c1f0247586c98bbdfc42c4a8db3410d34dfbc500.zip