## gosaAclEntry 0: contains the ACL for the gosa ldap admin
## defined in gosa.ldif; the cryptic string is the dn of the
## corresponding user in base64 encoding, compare:
## echo -n "uid=super-admin,ou=people,dc=skole,dc=skolelinux,dc=no" | base64
##

## gosaAclEntry 1: All users in the teachers group are allowed to read
## all personal data.
## echo -n "cn=teachers,ou=group,ou=Teachers,dc=skole,dc=skolelinux,dc=no" | base64 -w0
##
## gosaAclEntry 2:  compare: echo -n "*" | base64
## All users are allowed to change some personal data and their password.
## If you prefer a default user is allowed to only change his password use: 
##     gosaAclEntry: 1:psub:Kg==:users/password;srw
##
## gosaAclEntry 3: predefined admin role defined in: 
## echo -n "cn=admin,ou=aclroles,dc=skole,dc=skolelinux,dc=no" | base64 -w0
## (no default members)
##
dn: dc=skole,dc=skolelinux,dc=no
objectClass: top
objectClass: dcObject
objectClass: labeledURIObject
objectClass: organization
objectClass: gosaAcl
objectClass: gosaDepartment
description: Debian-Edu
dc: skole
ou: skole
o: skole.skolelinux.no
labeledURI: https://www/ LDAP for Debian Edu/Skolelinux
gosaAclEntry: 0:psub:$GOSAADMINSDN64:all/all;cmdrw,department/department;cmdrw,department/domain;r,department/organization;r,department/dcObject;r,department/country;r,department/DynamicLdapGroup;r,users/posixAccount;#shadowLastChange;r#gotoLastSystemLogin;r#mustchangepassword;r#shadowMin;r#shadowMax;r#shadowWarning;r#shadowInactive;r#shadowExpire;r#sshPublicKey;r#accessTo;r
gosaAclEntry: 1:psub:$TEACHERSDN64:users/user;r
gosaAclEntry: 2:psub:Kg==:users/user;sr#personalTitle;w#academicTitle;w#dateOfBirth;w#gender;w#preferredLanguage;w#userPicture;w#homePostalAddress;w#homePhone;w#labeledURI;w,users/password;srw
gosaAclEntry: 3:role:$ADMINROLEDN64:

dn: ou=attic,dc=skole,dc=skolelinux,dc=no
objectClass: top
objectClass: organizationalUnit
ou: attic

dn: ou=people,dc=skole,dc=skolelinux,dc=no
objectClass: top
objectClass: organizationalUnit
objectClass: labeledURIObject
ou: people

dn: ou=systems,dc=skole,dc=skolelinux,dc=no
objectClass: top
objectClass: organizationalUnit
ou: systems

dn: ou=workstations,ou=systems,dc=skole,dc=skolelinux,dc=no
objectClass: organizationalUnit
ou: workstations

dn: ou=terminals,ou=systems,dc=skole,dc=skolelinux,dc=no
objectClass: organizationalUnit
ou: terminals

dn: ou=printers,ou=systems,dc=skole,dc=skolelinux,dc=no
objectClass: organizationalUnit
ou: printers

dn: ou=group,dc=skole,dc=skolelinux,dc=no
objectClass: top
objectClass: organizationalUnit
ou: group

dn: ou=variables,dc=skole,dc=skolelinux,dc=no
objectClass: top
objectClass: organizationalUnit
ou: variables

dn: ou=ldap-access,dc=skole,dc=skolelinux,dc=no
objectClass: top
objectClass: organizationalUnit
ou: ldap-access

dn: cn=admin,ou=ldap-access,dc=skole,dc=skolelinux,dc=no
objectClass: top
objectClass: organizationalRole
objectClass: gosaAccount
objectClass: simpleSecurityObject
cn: admin
uid: admin
description: LDAP Administrator
userPassword: $ROOTPWDSSHAHASH

dn: cn=gosa-admin,ou=ldap-access,dc=skole,dc=skolelinux,dc=no
objectClass: top
objectClass: organizationalRole
objectClass: simpleSecurityObject
cn: gosa-admin
description: LDAP administrator used by gosa
userPassword: $GOSAPWDHASH

dn: cn=ldap-admins,ou=ldap-access,dc=skole,dc=skolelinux,dc=no
objectClass: top
objectClass: groupOfNames
cn: ldap-admins
description: All system administrators with full LDAP access
member: cn=admin,ou=ldap-access,dc=skole,dc=skolelinux,dc=no
member: cn=gosa-admin,ou=ldap-access,dc=skole,dc=skolelinux,dc=no