Skip to content
Permalink
Browse files

[docs] Document LDAP access control in roles

  • Loading branch information...
drybjed committed Sep 28, 2019
1 parent 37403ef commit 5b81e7df3808f24a9bdec66b598f3ec76ba873ba
Showing with 48 additions and 0 deletions.
  1. +22 −0 docs/ansible/roles/debops.saslauthd/ldap-dit.rst
  2. +26 −0 docs/ansible/roles/debops.sshd/ldap-dit.rst
@@ -23,6 +23,28 @@ Object Classes and Attributes
- :ref:`debops.saslauthd`: :envvar:`Object Classes <saslauthd__ldap_self_object_classes>`, :envvar:`Attributes <saslauthd__ldap_self_attributes>`


.. _saslauthd__ref_ldap_dit_access:

Access Control
--------------

DebOps LDAP environment includes the :ref:`'ldapns' schema <slapd__ref_ldapns>`
which can be used to define access control rules to services. The lists below
define the attribute values which will grant access to the service managed by
the :ref:`debops.saslauthd` role, and specifies other roles with the same
access control rules:

The ``smtpd`` LDAP profile
~~~~~~~~~~~~~~~~~~~~~~~~~~

- objectClass ``authorizedServiceObject``, attribute ``authorizedService``:

- ``smtpd``
- ``*`` (all services)

LDAP filter definition: :envvar:`saslauthd__ldap_default_profiles`


Parent nodes
------------

@@ -23,6 +23,32 @@ Object Classes and Attributes
- :ref:`debops.sshd`: :envvar:`Object Classes <sshd__ldap_self_object_classes>`, :envvar:`Attributes <sshd__ldap_self_attributes>`


.. _sshd__ref_ldap_dit_access:

Access Control
--------------

DebOps LDAP environment includes the :ref:`'ldapns' schema <slapd__ref_ldapns>`
which can be used to define access control rules to services. The lists below
define the attribute values which will grant access to the service managed by
the :ref:`debops.sshd` role, and specifies other roles with the same access
control rules:

- objectClass ``authorizedServiceObject``, attribute ``authorizedService``:

- ``sshd``
- ``*`` (all services)

- objectClass ``hostObject``, attribute ``host``:

- ``hostname``
- ``hostname.example.org``
- ``*.example.org``
- ``*`` (all hosts)

LDAP filter definition: :envvar:`sshd__ldap_filter`


Parent nodes
------------

0 comments on commit 5b81e7d

Please sign in to comment.
You can’t perform that action at this time.