Source

iredmail / iRedMail / samples / ldapd.conf

Diff from to

iRedMail/samples/ldapd.conf

     index   accessPolicy
     index   memberOfGroup
 
-    # TODO: access policy
+    #
+    # Access policies
+    #
+    # Deny by default.
+    deny read,write access to subtree root by any
+
+    # Update by self
+    allow write access to subtree root by self
+
+    # Read all mail accounts
+    allow read access to subtree "PH_LDAP_BASEDN" by "PH_LDAP_BINDDN"
+
+    # Allow to manage (read+write) mail accounts
+    allow read,write access to subtree "PH_LDAP_BASEDN" by "PH_LDAP_ADMIN_DN"
+    allow read,write access to subtree "PH_LDAP_ADMIN_BASEDN" by "PH_LDAP_ADMIN_DN"
+
 }