ucs-school-ldap-acls-master (20.0.0) unstable; urgency=medium

  * Bug #56913 fix: allow teachers to reset passwords if account is locked

 -- Florian Best <best@univention.de>  Thu, 19 Mar 2026 12:07:29 +0100

ucs-school-ldap-acls-master (19.1.2) unstable; urgency=medium

  * fix: add default value for ucsschool/ldap/default/container/legal_guardians
    Issue univention/dev/education/ucsschool#1456

 -- Jürn Brodersen <brodersen@univention.de>  Fri, 29 Aug 2025 17:06:19 +0200

ucs-school-ldap-acls-master (19.1.1) unstable; urgency=low

  * Issue: univention/dev/education/ucsschool#1476: add constraints and
    refint for ucsschoolLegalGuardian and ucsschoolLegalWard

 -- Sönke Schwardt-Krummrich <schwardt@univention.de>  Thu, 21 Aug 2025 16:02:56 +0200

ucs-school-ldap-acls-master (19.1.0) unstable; urgency=medium

  * Issue univention/dev/education/ucsschool#1453: add refint for
    ucsschoolLegalGuardian
  * Issue univention/dev/education/ucsschool#1456: add acl for
    ucsschoolLegalGuardian

 -- Jürn Brodersen <brodersen@univention.de>  Thu, 21 Aug 2025 16:02:55 +0200

ucs-school-ldap-acls-master (19.0.0) unstable; urgency=medium

  * UCS@school 5.2

 -- Ole Schwiegert <schwiegert@univention.de>  Wed, 19 Feb 2025 11:17:00 +0200

ucs-school-ldap-acls-master (18.100.1) unstable; urgency=medium

  * UCS@school 5.1

 -- Florian Best <best@univention.de>  Fri, 22 Sep 2023 13:53:33 +0200

ucs-school-ldap-acls-master (18.99.1) unstable; urgency=medium

  * UCS@school 5.1

 -- Florian Best <best@univention.de>  Fri, 22 Sep 2023 13:44:08 +0200

ucs-school-ldap-acls-master (18.0.4) unstable; urgency=medium

  * Bug #51279:  Replication works if users reside in non-school ou (e.g. global admin group)

 -- Siavash Sefid Rodi <sefid-rodi.extern@univention.de>  Tue, 15 Mar 2022 15:08:40 +0100

ucs-school-ldap-acls-master (18.0.3) unstable; urgency=medium

  * Bug #52602: change server role terminology

 -- Christian Castens <castens@univention.de>  Wed, 08 Sep 2021 12:24:25 +0200

ucs-school-ldap-acls-master (18.0.2) unstable; urgency=medium

  * Bug #20255: allow school DC Slaves to read settings/printeruri

 -- Florian Best <best@univention.de>  Wed, 25 Aug 2021 10:43:58 +0200

ucs-school-ldap-acls-master (18.0.1) unstable; urgency=medium

  * Bug #52578: UCS@school 5.0 version bump

 -- Florian Best <best@univention.de>  Tue, 15 Jun 2021 15:05:08 +0200

ucs-school-ldap-acls-master (17.0.4-10) unstable; urgency=medium

  * Bug #52604: migrate UCR ACL templates to be python3 compatible

 -- Florian Best <best@univention.de>  Tue, 01 Jun 2021 23:03:58 +0200

ucs-school-ldap-acls-master (17.0.4-9) unstable; urgency=low

  * Bug #42138: Remove school admin access to replication node password data

 -- Ole Schwiegert <schwiegert@univention.de>  Thu, 05 Nov 2020 13:11:34 +0200

ucs-school-ldap-acls-master (17.0.4-8) unstable; urgency=low

  * Bug #52215: Grant school servers write access to mailPrimaryAddress
    temporary objects

 -- Ole Schwiegert <schwiegert@univention.de>  Thu, 15 Oct 2020 12:41:02 +0200

ucs-school-ldap-acls-master (17.0.4-7) unstable; urgency=low

  * Bug #52215: Fix changelog entry

 -- Ole Schwiegert <schwiegert@univention.de>  Thu, 15 Oct 2020 08:21:34 +0200

ucs-school-ldap-acls-master (17.0.4-6) unstable; urgency=low

  * Bug #52215: Grant teachers write access to mailPrimaryAddress temporary objects

 -- Ole Schwiegert <schwiegert@univention.de>  Thu, 15 Oct 2020 07:51:01 +0200

ucs-school-ldap-acls-master (17.0.4-5) unstable; urgency=low

  * Bug #51661: Fix LDAP ACLs for Domain Admins creating non school users

 -- Ole Schwiegert <schwiegert@univention.de>  Mon, 03 Aug 2020 13:42:12 +0100

ucs-school-ldap-acls-master (17.0.4-4) unstable; urgency=low

  * Bug #50669: better identify global users in new ACLs

 -- Ole Schwiegert <schwiegert@univention.de>  Mon, 04 May 2020 12:32:35 +0100

ucs-school-ldap-acls-master (17.0.4-3) unstable; urgency=low

  * Bug #50669: fix problem in new ACLs

 -- Ole Schwiegert <schwiegert@univention.de>  Mon, 04 May 2020 10:31:50 +0100

ucs-school-ldap-acls-master (17.0.4-2) unstable; urgency=low

  * Bug #50669: limit access to user password data

 -- Ole Schwiegert <schwiegert@univention.de>  Sun, 03 May 2020 15:40:10 +0100

ucs-school-ldap-acls-master (17.0.4-1) unstable; urgency=low

  * Bug #50830: limit read access to unique-usernames/unique-email counters

 -- Sönke Schwardt-Krummrich <schwardt@univention.de>  Mon, 17 Feb 2020 14:30:14 +0100

ucs-school-ldap-acls-master (17.0.3-1) unstable; urgency=low

  * Bug #50274: fix ACL regression caused by bug 49734 - LDAP ACLs on DC
    slaves are not required

 -- Sönke Schwardt-Krummrich <schwardt@univention.de>  Fri, 25 Oct 2019 16:05:28 +0200

ucs-school-ldap-acls-master (17.0.2-1) unstable; urgency=low

  * Bug #35447: prevent school admins from changing other school admins passwords

 -- Sönke Schwardt-Krummrich <schwardt@univention.de>  Thu, 04 Jul 2019 22:03:54 +0200

ucs-school-ldap-acls-master (17.0.1-2) unstable; urgency=low

  * Bug #48080: OU-Admins are allowed to write ucsschoolRole on computer obj

 -- Ole Schwiegert <schwiegert@univention.de>  Wed, 26 Jun 2019 15:34:54 +0200

ucs-school-ldap-acls-master (17.0.1-1) unstable; urgency=low

  * Bug #48924: give permission for administrative slaves/memberservers to
    read/replicate multi-OU staff users

 -- Sönke Schwardt-Krummrich <schwardt@univention.de>  Mon, 06 May 2019 13:57:00 +0200

ucs-school-ldap-acls-master (17.0.0-2) unstable; urgency=medium

  * Bug #49434: remove ACLs for creating/modifying shares as teacher

 -- Florian Best <best@univention.de>  Wed, 08 May 2019 17:47:14 +0200

ucs-school-ldap-acls-master (17.0.0-1) unstable; urgency=low

  * Bug #48731: use call_joinscript instead of calling join scripts directly

 -- Sönke Schwardt-Krummrich <schwardt@univention.de>  Sun, 24 Feb 2019 00:17:22 +0100

ucs-school-ldap-acls-master (17.0.0-0) unstable; urgency=low

  * bump version for UCS@school 4.4

 -- Sönke Schwardt-Krummrich <schwardt@univention.de>  Fri, 14 Dec 2018 22:14:32 +0200

ucs-school-ldap-acls-master (16.0.3-1) unstable; urgency=low

  * Bug #48068: added UCR variable ucsschool/ldap/replicate_staff_to_edu
    that reconfigures the LDAP ACLs to enable staff users to be replicated
    to educational slaves/memberservers. There is no change in behaviour
    by default.
  * Bug #47625:
    - students may no longer read password attributes from other users
      (but all other attributes)
    - give users read permissions to other OU's user/group containers
    - fix wrong LDAP filter in ACL

 -- Sönke Schwardt-Krummrich <schwardt@univention.de>  Thu, 09 Aug 2018 15:13:28 +0200

ucs-school-ldap-acls-master (16.0.2-1) unstable; urgency=medium

  * Bug #46725: Allow read access to GPO list for all DC-Slaves

 -- Jürn Brodersen <brodersen@univention.de>  Wed, 21 Mar 2018 15:10:29 +0100

ucs-school-ldap-acls-master (16.0.1-1) unstable; urgency=low

  * Bug #46453: add dependency to ucs-school-import to fix LDAP ACL/schema
    issues

 -- Sönke Schwardt-Krummrich <schwardt@univention.de>  Sun, 04 Mar 2018 21:11:29 +0100

ucs-school-ldap-acls-master (16.0.0-1) unstable; urgency=low

  * Bug #45988: bumped version

 -- Daniel Troeder <troeder@univention.de>  Mon, 15 Jan 2018 13:17:47 +0100

ucs-school-ldap-acls-master (15.0.0-9) unstable; urgency=low

  * Bug #41725
    - revert last change
    - grant at least read access to school slave controllers to
      operational attributes in 61ucsschool_presettings

 -- Sönke Schwardt-Krummrich <schwardt@univention.de>  Sun, 02 Apr 2017 23:15:19 +0200

ucs-school-ldap-acls-master (15.0.0-8) unstable; urgency=low

  * Bug #41725: grant read access to school slaves to internal attributes of school OUs

 -- Sönke Schwardt-Krummrich <schwardt@univention.de>  Sun, 02 Apr 2017 22:37:04 +0200

ucs-school-ldap-acls-master (15.0.0-7) unstable; urgency=low

  * Bug #41725: use correct LDAP schema file name

 -- Sönke Schwardt-Krummrich <schwardt@univention.de>  Fri, 31 Mar 2017 13:33:45 +0200

ucs-school-ldap-acls-master (15.0.0-6) unstable; urgency=low

  * Bug #41725: add fix for LDAP ACLs to prevent missing ACLs if
    univention-printerserver is not installed
  * Bug #41725: join script should stop if any command fails

 -- Sönke Schwardt-Krummrich <schwardt@univention.de>  Fri, 31 Mar 2017 12:31:03 +0200

ucs-school-ldap-acls-master (15.0.0-5) unstable; urgency=low

  * Bug #43908: remove old rule / replace old rule with new construct

 -- Sönke Schwardt-Krummrich <schwardt@univention.de>  Sat, 25 Mar 2017 01:08:53 +0100

ucs-school-ldap-acls-master (15.0.0-4) unstable; urgency=low

  * Bug #41725: ACL fixup for group, share and DHCP objects

 -- Sönke Schwardt-Krummrich <schwardt@univention.de>  Fri, 24 Mar 2017 23:18:34 +0100

ucs-school-ldap-acls-master (15.0.0-3) unstable; urgency=low

  * Bug #43042: revert last commit

 -- Sönke Schwardt-Krummrich <schwardt@univention.de>  Fri, 17 Mar 2017 09:55:22 +0100

ucs-school-ldap-acls-master (15.0.0-2) unstable; urgency=low

  * Bug #41725: massive changes to LDAP acls for better security

 -- Sönke Schwardt-Krummrich <schwardt@univention.de>  Wed, 15 Mar 2017 15:40:06 +0100

ucs-school-ldap-acls-master (15.0.0-1) unstable; urgency=low

  * Bug #43570: version bump for UCS@school 4.2

 -- Daniel Troeder <troeder@univention.de>  Fri, 17 Feb 2017 12:14:30 +0100

ucs-school-ldap-acls-master (14.0.2-2) unstable; urgency=medium

  * Revert svn r74509  "Bug #42065: restrict access to shares; school
    admins still can create shares"

 -- Florian Best <best@univention.de>  Wed, 23 Nov 2016 11:50:45 +0100

ucs-school-ldap-acls-master (14.0.2-1) unstable; urgency=medium

  * Bug #42437: fix ACL's for school users which are domain admins at the same
    time

 -- Florian Best <best@univention.de>  Wed, 16 Nov 2016 15:32:56 +0100

ucs-school-ldap-acls-master (14.0.1-15) unstable; urgency=low

  * bug #41725: bump version because changelog entries of reverted commits
    have been kept

 -- Sönke Schwardt-Krummrich <schwardt@univention.de>  Mon, 08 Aug 2016 10:58:43 +0200

ucs-school-ldap-acls-master (14.0.1-14) unstable; urgency=medium

  * Bug #41725: generate ACL's dynamically; add blacklist for certain object
  	classes

 -- Florian Best <best@univention.de>  Fri, 22 Jul 2016 16:39:32 +0200

ucs-school-ldap-acls-master (14.0.1-13) unstable; urgency=medium

  * Bug #41725: check if schema exists before referencing attribute names
    otherwise joining will completely fail

 -- Florian Best <best@univention.de>  Wed, 20 Jul 2016 17:14:13 +0200

ucs-school-ldap-acls-master (14.0.1-12) unstable; urgency=medium

  * Bug #41725: add more restrictions

 -- Florian Best <best@univention.de>  Tue, 19 Jul 2016 16:09:47 +0200

ucs-school-ldap-acls-master (14.0.1-11) unstable; urgency=medium

  * Bug #41818: fix typo in last commit

 -- Florian Best <best@univention.de>  Tue, 19 Jul 2016 14:12:20 +0200

ucs-school-ldap-acls-master (14.0.1-10) unstable; urgency=medium

  * Bug #41818: DC Verwaltungsserver can read teacher+staff users again

 -- Florian Best <best@univention.de>  Mon, 18 Jul 2016 15:58:22 +0200

ucs-school-ldap-acls-master (14.0.1-9) unstable; urgency=medium

  * Bug #41725: allow write access to cn=samba children

 -- Florian Best <best@univention.de>  Mon, 11 Jul 2016 17:15:14 +0200

ucs-school-ldap-acls-master (14.0.1-8) unstable; urgency=medium

  * Bug #41720: simplify filter

 -- Florian Best <best@univention.de>  Fri, 08 Jul 2016 15:43:08 +0200

ucs-school-ldap-acls-master (14.0.1-8) unstable; urgency=medium

  * Bug #41725: restrict access to cn=WMIPolicy,cn=system,
  	cn=policies,cn=system, sambaDomain objects and cn=idmap,cn=univention

 -- Florian Best <best@univention.de>  Wed, 06 Jul 2016 12:07:00 +0200

ucs-school-ldap-acls-master (14.0.1-7) unstable; urgency=medium

  * Bug #41725: restrict access to UVMM and AppCenter object classes

 -- Florian Best <best@univention.de>  Mon, 04 Jul 2016 19:47:34 +0200

ucs-school-ldap-acls-master (14.0.1-6) unstable; urgency=medium

  * Bug #41720: adjust joinscript version

 -- Florian Best <best@univention.de>  Mon, 04 Jul 2016 12:25:32 +0200

ucs-school-ldap-acls-master (14.0.1-5) unstable; urgency=medium

  * Bug #41720: staff only users should not be able to modify shares

 -- Florian Best <best@univention.de>  Mon, 04 Jul 2016 12:21:12 +0200

ucs-school-ldap-acls-master (14.0.1-4) unstable; urgency=medium

  * Bug #41636: allow read access to own OU by e.g. UCC clients

 -- Florian Best <best@univention.de>  Wed, 22 Jun 2016 14:40:25 +0200

ucs-school-ldap-acls-master (14.0.1-3) unstable; urgency=low

  * Bug #41494: fixed ACL for OU admin groups

 -- Sönke Schwardt-Krummrich <schwardt@univention.de>  Wed, 08 Jun 2016 23:48:38 +0200

ucs-school-ldap-acls-master (14.0.1-2) unstable; urgency=medium

  * Bug #41115: fix typo in last commit

 -- Florian Best <best@univention.de>  Wed, 01 Jun 2016 13:13:30 +0200

ucs-school-ldap-acls-master (14.0.1-1) unstable; urgency=medium

  * Bug #41115: prevent read access to every object by all school objects

 -- Florian Best <best@univention.de>  Wed, 01 Jun 2016 12:20:12 +0200

ucs-school-ldap-acls-master (14.0.0-2) unstable; urgency=medium

  * Bug #41115: revert regression which caused failed.ldif during join

 -- Florian Best <best@univention.de>  Thu, 26 May 2016 16:56:49 +0200

ucs-school-ldap-acls-master (14.0.0-1) unstable; urgency=medium

  * Bug #41273: allow read access to cn=default,cn=univention for school
  	server
  * Bug #41115: adjust LDAP ACL for new school structure

 -- Florian Best <best@univention.de>  Mon, 25 Apr 2016 16:58:08 +0200

ucs-school-ldap-acls-master (13.0.2-4) unstable; urgency=low

  * allow slaves to write msPrintConnectionPolicy objects (Bug #32041)

 -- Felix Botner <botner@univention.de>  Mon, 11 Jan 2016 15:39:32 +0100

ucs-school-ldap-acls-master (13.0.2-3) unstable; urgency=low

  * allow slaves to write msPrintConnectionPolicy objects (Bug #32041)

 -- Felix Botner <botner@univention.de>  Fri, 18 Dec 2015 15:36:15 +0100

ucs-school-ldap-acls-master (13.0.2-2) unstable; urgency=low

  * fix packaging (Bug #40123)

 -- Daniel Troeder <troeder@univention.de>  Tue, 15 Dec 2015 13:48:54 +0100

ucs-school-ldap-acls-master (13.0.2-1) unstable; urgency=low

  * register LDAP ACLs domain wide using ucs_registerLDAPExtension (Bug #40123)

 -- Daniel Troeder <troeder@univention.de>  Tue, 01 Dec 2015 14:04:16 +0100

ucs-school-ldap-acls-master (13.0.1-1) unstable; urgency=medium

  * Bug #39967: adjust LDAP ACL's for creating temporary objects which need to
  	read/write uidNumber

 -- Florian Best <best@univention.de>  Mon, 16 Nov 2015 13:14:51 +0100

ucs-school-ldap-acls-master (13.0.0-1) unstable; urgency=medium

  * Bug #39534: Start UCS@school 4.1 development

 -- Florian Best <best@univention.de>  Wed, 14 Oct 2015 15:29:54 +0200

ucs-school-ldap-acls-master (12.0.0-1) unstable; urgency=medium

  * Bug #35892: Start UCS 4.0 development

 -- Florian Best <best@univention.de>  Wed, 05 Nov 2014 14:59:48 +0100

ucs-school-ldap-acls-master (11.0.1-1) unstable; urgency=medium

  * Update to UCS 4.0 (Bug #35892)
  * Give DCs and member servers permissions to add LDAP cloud connection
    objects (Bug #35892)

 -- Stefan Gohmann <gohmann@univention.de>  Tue, 28 Oct 2014 09:09:03 +0100

ucs-school-ldap-acls-master (10.0.1-3) unstable; urgency=medium

  * Grant read access to cn=udm_syntax,cn=univention and
    cn=udm_hook,cn=univention for Slave DCs (Bug #33819)

 -- Arvid Requate <requate@univention.de>  Fri, 24 Jan 2014 17:37:48 +0100

ucs-school-ldap-acls-master (10.0.1-2) unstable; urgency=medium

  * Grant RW access to CN=WMIPolicy,CN=System for Slave DCs (Bug #33980)

 -- Arvid Requate <requate@univention.de>  Thu, 23 Jan 2014 16:38:34 +0100

ucs-school-ldap-acls-master (10.0.1-1) unstable; urgency=low

  * Bug #33421: grant write access to cn=apps,cn=univention to school DCs

 -- Sönke Schwardt-Krummrich <schwardt@univention.de>  Fri, 15 Nov 2013 15:12:44 +0100

ucs-school-ldap-acls-master (10.0.0-1) unstable; urgency=low

  * Give DC slaves read access to cn=Builtin (Bug #32894)
  * Give DC slaves read access to cn=apps, cn=udm:module, cn=ldapacl and
    cn=ldapschema (Bug #32411)
  * Bump version for UCS@school 3.2

 -- Stefan Gohmann <gohmann@univention.de>  Fri, 18 Oct 2013 19:09:30 +0200

ucs-school-ldap-acls-master (9.0.0-0) unstable; urgency=low

  * bumped version for UCS@school 3.1 R2

 -- Sönke Schwardt <schwardt@univention.de>  Fri, 17 May 2013 15:13:21 +0200

ucs-school-ldap-acls-master (8.0.5-1) unstable; urgency=low

  * adapt LDAP ACLs to be more restrictive; Bug #31299

 -- Florian Best <best@univention.de>  Tue, 07 May 2013 16:58:03 +0200

ucs-school-ldap-acls-master (8.0.4-1) unstable; urgency=low

  * group ACLs; Bug #30527

 -- Florian Best <best@univention.de>  Tue, 07 May 2013 11:37:54 +0200

ucs-school-ldap-acls-master (8.0.3-1) unstable; urgency=low

  * give teachers and teachers-staff permission to create and modify
  	workgroups; Bug #30527

 -- Florian Best <best@univention.de>  Fri, 19 Apr 2013 12:20:16 +0200

ucs-school-ldap-acls-master (8.0.2-1) unstable; urgency=low

  * add read ACL for license container for UCS@school domaincontroller
    slaves and memberservers (Bug #30229)

 -- Sönke Schwardt-Krummrich <schwardt@univention.de>  Fri, 01 Feb 2013 10:14:17 +0100

ucs-school-ldap-acls-master (8.0.1-1) unstable; urgency=low

  * update Copyright; Bug #30123

 -- Florian Best <best@univention.de>  Wed, 23 Jan 2013 13:38:05 +0100

ucs-school-ldap-acls-master (8.0.0-1) unstable; urgency=low

  * Version bump (Bug #29814)

 -- Jascha Geerds <geerds@univention.de>  Thu, 13 Dec 2012 15:47:30 +0100

ucs-school-ldap-acls-master (7.0.9-1) unstable; urgency=low

  * fixed postinst (rename objects for redistribute) (Bug #27933)

 -- Felix Botner <botner@univention.de>  Tue, 31 Jul 2012 11:57:32 +0200

ucs-school-ldap-acls-master (7.0.8-1) unstable; urgency=low

  * redistribute cn=mail,* (Bug #27933)

 -- Felix Botner <botner@univention.de>  Wed, 25 Jul 2012 16:22:57 +0200

ucs-school-ldap-acls-master (7.0.7-1) unstable; urgency=low

  * redistribute cn=Virtual Machine Manager,* (Bug #27626)

 -- Felix Botner <botner@univention.de>  Thu, 21 Jun 2012 10:33:43 +0200

ucs-school-ldap-acls-master (7.0.6-1) unstable; urgency=low

  * Undo: Give school admins the permission to modify the group
    memberships of classes (Bug #26997)

 -- Stefan Gohmann <gohmann@univention.de>  Mon, 21 May 2012 17:05:51 +0200

ucs-school-ldap-acls-master (7.0.5-1) unstable; urgency=low

  * Give school admins the permission to modify the group memberships of
    classes (Bug #26997)

 -- Stefan Gohmann <gohmann@univention.de>  Tue, 15 May 2012 11:54:05 +0200

ucs-school-ldap-acls-master (7.0.4-1) unstable; urgency=low

  * Give DC Slaves write access to the members of the group Domain
    Computers (Bug #26504)

 -- Stefan Gohmann <gohmann@univention.de>  Mon, 30 Apr 2012 15:24:13 +0200

ucs-school-ldap-acls-master (7.0.3-1) unstable; urgency=low

  * The DC slaves need for the MS GPO synchronisation write access to
    cn=policies,cn=system (Bug #26926)

 -- Stefan Gohmann <gohmann@univention.de>  Mon, 30 Apr 2012 11:07:40 +0200

ucs-school-ldap-acls-master (7.0.2-3) unstable; urgency=low

  * fixed typo in LDAP ACL (Bug #25690)

 -- Sönke Schwardt-Krummrich <schwardt@univention.de>  Wed, 14 Mar 2012 17:13:23 +0100

ucs-school-ldap-acls-master (7.0.2-2) unstable; urgency=low

  * allow replication of Virtual Machine Manager container (Bug #25690)

 -- Sönke Schwardt-Krummrich <schwardt@univention.de>  Wed, 14 Mar 2012 16:47:13 +0100

ucs-school-ldap-acls-master (7.0.2-1) unstable; urgency=low

  * allow replication of Virtual Machine Manager container (Bug #25690)
  * allow DC slaves and member servers to replicate the OU domain controllers (Bug #25690)

 -- Sönke Schwardt-Krummrich <schwardt@univention.de>  Wed, 14 Mar 2012 13:30:40 +0100

ucs-school-ldap-acls-master (7.0.1-3) unstable; urgency=low

  * fix typo in LDAP ACL (65ucsschool) (Bug #26021)

 -- Sönke Schwardt-Krummrich <schwardt@univention.de>  Wed, 14 Mar 2012 12:43:40 +0100

ucs-school-ldap-acls-master (7.0.1-2) unstable; urgency=low

  * fix typo in LDAP ACL (65ucsschool) (Bug #26021)

 -- Sönke Schwardt-Krummrich <schwardt@univention.de>  Thu, 09 Feb 2012 16:33:40 +0100

ucs-school-ldap-acls-master (7.0.1-1) unstable; urgency=low

  * removed handling of ucsschoolRole attribute (Bug #26021)
  * added handling of new user container (Bug #26021)

 -- Sönke Schwardt-Krummrich <schwardt@univention.de>  Wed, 08 Feb 2012 14:12:14 +0100

ucs-school-ldap-acls-master (7.0.0-0) unstable; urgency=low

  * bumped version for UCS@school 3.0 (Bug #25690)

 -- Sönke Schwardt-Krummrich <schwardt@univention.de>  Tue, 10 Jan 2012 15:26:01 +0100

ucs-school-ldap-acls-master (6.0.4-1) unstable; urgency=low

  * adjusted memberserver ACL (Bug #21699)

 -- Sönke Schwardt <schwardt@univention.de>  Thu, 10 Mar 2011 17:03:49 +0100

ucs-school-ldap-acls-master (6.0.3-1) unstable; urgency=low

  * adjusted memberserver ACL (Bug #21699)

 -- Sönke Schwardt <schwardt@univention.de>  Thu, 10 Mar 2011 15:15:03 +0100

ucs-school-ldap-acls-master (6.0.2-1) unstable; urgency=low

  * permit changes to samba domain objects by domaincontroller slaves (Bug #17858)

 -- Sönke Schwardt <schwardt@univention.de>  Thu, 16 Sep 2010 14:59:29 +0200

ucs-school-ldap-acls-master (6.0.1-1) unstable; urgency=low

  * convert to GNU APGL V3 (Bug #19780)

 -- Janek Walkenhorst <walkenhorst@univention.de>  Wed, 15 Sep 2010 10:29:37 +0200

ucs-school-ldap-acls-master (6.0.0-1) unstable; urgency=low

  * bump version for UCS 2.4

 -- Andreas Büsching <buesching@univention.de>  Thu, 02 Sep 2010 10:50:11 +0200

ucs-school-ldap-acls-master (5.0.2-1) unstable; urgency=low

  * copyright update (Bug #17102)

 -- Sönke Schwardt <schwardt@univention.de>  Wed, 20 Jan 2010 15:54:35 +0200

ucs-school-ldap-acls-master (5.0.1-1) unstable; urgency=low

  * grant write access to attributes sambaPwdHistoryLength and
    sambaMaxPwdAge of samba domain object (Bug #15129)

 -- Sönke Schwardt <schwardt@univention.de>  Mon, 04 Jan 2010 14:46:22 +0100

ucs-school-ldap-acls-master (5.0.0-0) unstable; urgency=low

  * ported package to UCS 2.3 UCS@school

 -- Sönke Schwardt <schwardt@univention.de>  Mon, 04 Jan 2010 10:40:34 +0200

ucs-school-ldap-acls-master (4.0.5-1) unstable; urgency=low

  * give other a change to read and write ou's like cn=admin and members
    of Domain Admins. Bug #15326

 -- Stefan Gohmann <gohmann@univention.de>  Sat, 15 Aug 2009 20:27:02 +0200

ucs-school-ldap-acls-master (4.0.4-1) unstable; urgency=low

  * grant write access to all organisational units for group
    DC Backup Hosts (Bug: #15326)

 -- Sönke Schwardt <schwardt@univention.de>  Thu, 13 Aug 2009 18:47:16 +0200

ucs-school-ldap-acls-master (4.0.3-1) unstable; urgency=low

  * LDAP ACLs now use UCR variable to determine ouadmin group (Bug: #14958)
  * fixed typo in UCR variable registration

 -- Sönke Schwardt <schwardt@univention.de>  Wed, 08 Jul 2009 15:33:40 +0200

ucs-school-ldap-acls-master (4.0.2-1) unstable; urgency=low

  * moved ACL to top (Ticket#: 2009060410000107)
  * switched ucsschoolRole=administration to ucsschoolRole=staff

 -- Sönke Schwardt <schwardt@univention.de>  Wed, 24 Jun 2009 16:28:28 +0200

ucs-school-ldap-acls-master (4.0.1-2) unstable; urgency=low

  * fixed access to OU in district mode (Ticket#: 2009060410000107)

 -- Sönke Schwardt <schwardt@univention.de>  Wed, 24 Jun 2009 11:03:27 +0200

ucs-school-ldap-acls-master (4.0.1-1) unstable; urgency=low

  * fixed access to OU in district mode and performance updates (Ticket#: 2009060410000107)
    - use dn.subtree/dn.base instead of dn.regex if possible
    - do not use expand if there's nothing to expand
    - moved memberserver ACL to fix failed.ldif on slave join
    - grant access to OU in DISTRICT mode

 -- Sönke Schwardt <schwardt@univention.de>  Tue, 23 Jun 2009 16:38:12 +0200

ucs-school-ldap-acls-master (4.0.0-6) unstable; urgency=low

  * changed group container for ucs@school specific groups to ucsschool. Ticket #2009060410000116

 -- Jan Christoph Ebersbach <ebersbach@univention.de>  Fri, 19 Jun 2009 10:50:14 +0200

ucs-school-ldap-acls-master (4.0.0-5) unstable; urgency=low

  * changed ucsschool UCR variables to ucsschool/ldap/default/container/*. Ticket #2009060410000116

 -- Jan Christoph Ebersbach <ebersbach@univention.de>  Tue, 16 Jun 2009 14:54:40 +0200

ucs-school-ldap-acls-master (4.0.0-4) unstable; urgency=low

  * fixed misplaced parenthesis

 -- Sönke Schwardt <schwardt@univention.de>  Fri, 12 Jun 2009 10:17:39 +0200

ucs-school-ldap-acls-master (4.0.0-3) unstable; urgency=low

  * moved creation of ucsschool containers to ucs-school-import. Ticket #2009060410000116

 -- Jan Christoph Ebersbach <ebersbach@univention.de>  Mon,  8 Jun 2009 16:55:36 +0200

ucs-school-ldap-acls-master (4.0.0-2) unstable; urgency=low

  * moved extended attribute creation to ucs-school-import. Ticket #2009060410000116

 -- Jan Christoph Ebersbach <ebersbach@univention.de>  Mon,  8 Jun 2009 14:43:00 +0200

ucs-school-ldap-acls-master (4.0.0-1) unstable; urgency=low

  * update LDAP ACLs to a more generic approach

 -- Sönke Schwardt <schwardt@univention.de>  Thu, 04 Jun 2009 18:05:22 +0200

ucs-school-ldap-acls-master (3.0.200-3) unstable; urgency=low

  * fixed ACL for cn=samba

 -- Sönke Schwardt <schwardt@univention.de>  Mon, 20 Oct 2008 17:56:30 +0200

ucs-school-ldap-acls-master (3.0.200-2) unstable; urgency=low

  * fixed UCR info file
  * fixed typo in postinst

 -- Sönke Schwardt <schwardt@univention.de>  Mon, 20 Oct 2008 17:27:24 +0200

ucs-school-ldap-acls-master (3.0.200-1) unstable; urgency=low

  * bumped version for ucs@school

 -- Sönke Schwardt <schwardt@univention.de>  Mon, 20 Oct 2008 15:33:49 +0200

ucs-school-ldap-acls-master (3.0.1-1) unstable; urgency=low

  * fixed ldap acls
    - removed static ldap base DN
  	- allow slaved to replicate and modify sambaDomain object
    (Bugs #12380, #12382)

 -- Sönke Schwardt <schwardt@univention.de>  Mon, 20 Oct 2008 14:33:00 +0200

ucs-school-ldap-acls-master (3.0.0-1) unstable; urgency=low

  * package renamed to ucs-school-ldap-acls-master

 -- Sönke Schwardt <schwardt@univention.de>  Mon, 20 Oct 2008 13:37:33 +0200

ucs-school-ldap-acls-master (2.0.1-0) unstable; urgency=low

  * granted access to sambaBadPasswordCount to teachers and admin to be
    able to reset pupil passwords

 -- Sönke Schwardt <schwardt@univention.de>  Wed, 20 Aug 2008 16:31:42 +0200

ucs-school-ldap-acls-master (2.0.0-0) unstable; urgency=low

  * port to UCS 2.0

 -- Arvid Requate <requate@univention.de>  Mon, 14 Apr 2008 10:43:49 +0200

ucs-school-ldap-acls-master (1.2.20) unstable; urgency=low

  * fixed "room group acl"

 -- Sönke Schwardt <schwardt@univention.de>  Thu, 17 Jan 2008 16:06:10 +0100

ucs-school-ldap-acls-master (1.2.19) unstable; urgency=low

  * allow teachers and ouadmins to create and edit "room groups"

 -- Sönke Schwardt <schwardt@univention.de>  Tue, 08 Jan 2008 10:07:46 +0100

ucs-school-ldap-acls-master (1.2.18) unstable; urgency=low

  * allow dc slaves to modify class groups (permission is required for
    teacher assignment in UMC)

 -- Soenke Schwardt <schwardt@univention.de>  Mon, 05 Nov 2007 11:11:12 +0100

ucs-school-ldap-acls-master (1.2.17) unstable; urgency=low

  * added write access to sambaNextRid for slaves and memberservers

 -- Sönke Schwardt <schwardt@univention.de>  Fri, 10 Aug 2007 12:52:44 +0200

ucs-school-ldap-acls-master (1.2.16) unstable; urgency=low

  * slave may replicate the subtree cn=console,cn=univention

 -- Andreas Büsching <buesching@univention.de>  Fri, 22 Jun 2007 14:57:10 +0200

ucs-school-ldap-acls-master (1.2.15) unstable; urgency=low

  * fixed access to cn=univention for memberserver and dc slaves

 -- Sönke Schwardt <schwardt@univention.de>  Wed, 25 Apr 2007 16:50:39 +0200

ucs-school-ldap-acls-master (1.2.14) unstable; urgency=low

  * fixed typo

 -- Sönke Schwardt <schwardt@univention.de>  Wed, 25 Apr 2007 14:00:55 +0200

ucs-school-ldap-acls-master (1.2.13) unstable; urgency=low

  * relax ldap acl so memberserver and dc slaves are able do read/write
    cn=idmap,cn=univention

 -- Sönke Schwardt <schwardt@univention.de>  Wed, 25 Apr 2007 13:30:17 +0200

ucs-school-ldap-acls-master (1.2.12) unstable; urgency=low

  * added dependency

 -- Sönke Schwardt <schwardt@univention.de>  Wed, 18 Apr 2007 13:58:40 +0200

ucs-school-ldap-acls-master (1.2.11) unstable; urgency=low

  * removed obsolete DHCP ACL

 -- Sönke Schwardt <schwardt@univention.de>  Wed, 18 Apr 2007 13:44:16 +0200

ucs-school-ldap-acls-master (1.2.10) unstable; urgency=low

  * add custom attribute and LDAP-ACLs to allow a DC to offer services for two OUs

 -- Ingo Steuwer <steuwer@univention.de>  Wed, 18 Apr 2007 12:04:44 +0200

ucs-school-ldap-acls-master (1.2.9) unstable; urgency=low

  * added permission for slave dcs to modify attrs "objectClass" and
    "univentionPolicyReference" of dhcp objects

 -- Sönke Schwardt <schwardt@univention.de>  Mon, 16 Apr 2007 13:37:37 +0200

ucs-school-ldap-acls-master (1.2.8) unstable; urgency=low

  * added permission for slave dcs to read cn=nagios

 -- Sönke Schwardt <schwardt@univention.de>  Wed, 28 Mar 2007 17:13:25 +0200

ucs-school-ldap-acls-master (1.2.7) unstable; urgency=low

  * fixed wrong acls
  * added permission for slave dcs to read cn=custom attributes,cn=univention

 -- Sönke Schwardt <schwardt@univention.de>  Wed, 28 Mar 2007 17:12:37 +0200

ucs-school-ldap-acls-master (1.2.6) unstable; urgency=low

  * do not revert changes from 1.2.3 to 1.2.4

 -- Sönke Schwardt <schwardt@univention.de>  Mon,  5 Mar 2007 17:28:39 +0100

ucs-school-ldap-acls-master (1.2.5) unstable; urgency=low

  * access granted to sambaBadPasswordCount to users of group adminXXX

 -- Sönke Schwardt <schwardt@univention.de>  Fri, 16 Feb 2007 16:37:49 +0100

ucs-school-ldap-acls-master (1.2.4) unstable; urgency=low

  * give ou-users default-access to their ou (read of some attributes, change
    of own passwords)

 -- Ingo Steuwer <steuwer@anton.knut.univention.de>  Fri, 16 Jun 2006 16:31:28 +0200

ucs-school-ldap-acls-master (1.2.3) unstable; urgency=low

  * ouadmins are allowed to add new shares, not only to change them

 -- Ingo Steuwer <steuwer@anton.knut.univention.de>  Mon, 22 May 2006 13:11:19 +0200

ucs-school-ldap-acls-master (1.2.2) unstable; urgency=low

  * bugfix for join of ou-admins

 -- Ingo Steuwer <steuwer@anton.knut.univention.de>  Tue, 16 May 2006 13:40:00 +0200

ucs-school-ldap-acls-master (1.2.1) unstable; urgency=low

  * additional ACL-file to meet UCS 1.3-1 enhancements
  * restart slapd on installation

 -- Ingo Steuwer <steuwer@anton.knut.univention.de>  Tue, 16 May 2006 09:49:22 +0200

ucs-school-ldap-acls-master (1.2.0) unstable; urgency=low

  * allow ou-admins to join DC-Slave and Memberservers

 -- Ingo Steuwer <steuwer@univention.de>  Wed, 10 May 2006 14:01:25 +0200

ucs-school-ldap-acls-master (1.1.3) unstable; urgency=low

  * allow admin-internal attributes to be stored for adding groups

 -- Ingo Steuwer <steuwer@univention.de>  Thu,  4 May 2006 08:33:39 +0200

ucs-school-ldap-acls-master (1.1.2) unstable; urgency=low

  * change to OpenLDAP 2.2 compatible ACLs

 -- Ingo Steuwer <steuwer@univention.de>  Mon, 12 Dec 2005 13:47:49 +0100

ucs-school-ldap-acls-master (1.1.1) unstable; urgency=low

  * fixed missing sambaPWHistory

 -- Ingo Steuwer <steuwer@univention.de>  Thu, 21 Apr 2005 10:53:31 +0200

ucs-school-ldap-acls-master (1.1) unstable; urgency=low

  * integrated new attribute for UCS 1.2-4 (sambaPWHistory)
  * allow Servers to change their Password

 -- Ingo Steuwer <steuwer@univention.de>  Wed, 20 Apr 2005 16:35:29 +0200

ucs-school-ldap-acls-master (1.0.5) unstable; urgency=low

  * added write-access to SambaNTPassword for ouadmins

 -- Ingo Steuwer <steuwer@univention.de>  Wed,  6 Apr 2005 12:53:03 +0200

ucs-school-ldap-acls-master (1.0.4) unstable; urgency=low

  * define access to new temporary objects

 -- Ingo Steuwer <steuwer@univention.de>  Thu, 31 Mar 2005 07:59:26 +0200

ucs-school-ldap-acls-master (1.0.3) unstable; urgency=low

  * memberserver needed more read-access and some write-access

 -- Ingo Steuwer <steuwer@univention.de>  Tue, 15 Mar 2005 17:00:24 +0100

ucs-school-ldap-acls-master (1.0.2) unstable; urgency=low

  * added acces for Lehrer to all users in his ou (for changing passwords)
  * added more potential admins in an admin-container

 -- Ingo Steuwer <steuwer@univention.de>  Thu, 10 Feb 2005 10:27:27 +0100

ucs-school-ldap-acls-master (1.0.1) unstable; urgency=low

  * more access-rights to Teachers and local Admins for changing Passwords (old rights weren't enough)

 -- Ingo Steuwer <steuwer@univention.de>  Mon,  6 Dec 2004 10:53:24 +0100

ucs-school-ldap-acls-master (1.0.0-3) unstable; urgency=low

  * Slave-controller can read groups-container

 -- Ingo Steuwer <steuwer@univention.de>  Fri,  8 Oct 2004 08:42:24 +0200

ucs-school-ldap-acls-master (1.0.0-2) unstable; urgency=low

  * Use $ldap_base consequently

 -- Ingo Steuwer <steuwer@univention.de>  Wed, 14 Jul 2004 08:38:47 +0200

ucs-school-ldap-acls-master (1.0.0-1) unstable; urgency=low

  * Initial Release.

 -- univention GmbH Ingo Steuwer  <steuwer@univention.de>  Mon, 28 Jun 2004 11:49:54 +0200
