From 8e4537d2ef7cad3428d1ca668568d928f2a472d3 Mon Sep 17 00:00:00 2001 From: Alex Auvolat Date: Sun, 26 Jan 2020 21:03:18 +0100 Subject: Fixes --- README.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) (limited to 'README.md') diff --git a/README.md b/README.md index a18e052..e8b2487 100644 --- a/README.md +++ b/README.md @@ -71,7 +71,7 @@ A rule is a string composed of five fields separated by `:`. The fields are the 1. The name of the user that must be bound (logged in) for the rule to apply. May contain wildcards such as `*` (see the format used by Go's `path.Match`). The special name `ANONYMOUS` applies to clients before they bind to an LDAP entity. 2. The groups that the user must be a part of, separated by spaces. Wildcards may also be used. If several groups (or wildcard group patterns) are specified, for each pattern the user must be part of a group that matches it. -3. The action, a subset of `read`, `add`, `delete`, `modify` separated by spaces. +3. The action, a subset of `bind`, `read`, `add`, `delete`, `modify` separated by spaces. 4. The target entity of the action as a pattern that may contain wildcards. The special word `SELF` is replaced by the entity name of the bound user before trying to match. 5. The allowed attributes for a read, add or modify operation. This is specified as a list of patterns to include and exclude attributes, separated by spaces. A pattern that starts by `!` is an exclude pattern, otherwise it is an include pattern. To read/write an attribute, it has to match at least one include pattern and not match any exclude pattern. Delete operations do not check for any attribute, thus as soon as `delete` is included in the allowed actions, the right to delete entities is granted. -- cgit v1.2.3